Jump to content

Search the Community

Showing results for tags 'Rootkit.0Access'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 24 results

  1. I just did a clean install of Windows 7 from the recovery partition on my laptop and immediately started having problems. I've run several scans with MalwareBytes and have received various results labeled either "rootkit.0access" or "trojan.zaccess". The infection is not removed on restart; I always come back with at least a couple of "trojan.zaccess" results. I see that there have been several threads on this particular problem recently and I will do my best to include all of the commonly requested logs here. dds.txt attach.txt RKreport0_S_08292013_224349.txt FRST.txt Addition.txt Thanks in advance for your help.
  2. Title says it all, Malwarebytes detects it and quarantines it but it gets detected from the same file location over and over, the longer i stay logged in the more it reports. - The file location is C:\Windows\Installer\{d9b2f573-3e7e-9fae-7702-a49a5ffccfa5}\U\000000cb.@ - This pops up at least every 3 minutes Here is the log of the quick scan I have just done www.malwarebytes.org Database version: v2013.07.06.03 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421Tyler :: LIVINGROOM [administrator] Protection: Enabled 06/07/2013 9:29:26 PMmbam-log-2013-07-06 (21-29-26).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 295560Time elapsed: 15 minute(s), 49 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) It doesn't detect anything during the scan but it detects all of these Malwarebytes Anti-Malware (PRO) 1.75.0.1300
  3. First off, thank you for helping all of us poor infected souls! It is truly appreciated. 11/28/2012 - Removed 171 malware instances, including, but not limited to, Exploit.Drop.GS, PUM.Disabled.SecurityCenter, PUM.Hijack.TaskManager, PUP.MyWebSearch, RootKit.0Access, Trojan.0Access via MBAM. Repaired and re-registered WMI due to "wmiprvse.exe error. The isntruction at "0x7c910f48" referenced memory at "0x00080179". The memory could not be "written"." <http://windowsxp.mvps.org/repairwmi.htm>. 1/7/2013 - Removed 61 malware files and 7 infected registry keys, including: PUP.FunMoods, PUP.MyWebSearch, RootKit.0Access, RootKit.Zaccess, Trojan.0Access, Trojan.Agent, Trojan.Dropper.BCMiner, Trojan.FakeAlert, Trojan.FakeMS.Ran, Trojan.Reveton via MBAM. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.07.11 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 Administrator :: BACKOFFICE [administrator] 1/7/2013 3:29:05 PM mbam-log-2013-01-07 (15-29-05).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 295573 Time elapsed: 42 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 7 HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 61 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004434.exe (PUP.FunMoods) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004430.dll (PUP.FunMoods) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004431.dll (PUP.FunMoods) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004429.dll (PUP.FunMoods) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Local Settings\temp\DM\hitman-pro_049\software\FunMoodsV2.2.exe (PUP.FunMoods) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004428.dll (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002166.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002167.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002184.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002185.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002186.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002183.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002174.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002175.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002176.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002177.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002178.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002179.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002180.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002168.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002169.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002170.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002171.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002172.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002173.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002188.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002161.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002162.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002163.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002164.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002165.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002157.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002181.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002182.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002160.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002158.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002159.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002189.exe (RootKit.0Access) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\U\80000032.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Local Settings\temp\CE17HVG4.exe (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\U\00000004.@.vir (Rootkit.Zaccess) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\n.vir (Trojan.0Access) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\U\80000000.@.vir (Trojan.0Access) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\ASSEMBLY\GAC\Desktop.ini.vir (Trojan.0access) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002191.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Local Settings\temp\DSAAVFT.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Local Settings\temp\~!#3EA.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002190.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$cb647808df4e439ef99fb493984ac6bb\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP47\A0007764.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002193.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002213.dll (Trojan.FakeMS.Ran) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\Will\Application Data\dllexp.dll.vir (Trojan.FakeMS.Ran) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Application Data\Sun\Java\Deployment\cache\6.0\60\6c95f73c-274c1398 (Trojan.FakeMS.Ran) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002156.exe (Trojan.FakeMS.Ran) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0002194.dll (Trojan.Reveton) -> Quarantined and deleted successfully. (end) DDS.txt Attach.txt
  4. Hi, Malwarebytes scanner keeps detecting a couple of trojans and they keep coming back. but i will start the story from the beginning a few days ago, I noticed that gmail/youtube logins always resulted in "Your browser's cookie functionality is turned off. Please turn it on." sounds very basic right? well cookies are on and deleting cookies/cache doesnt resolve it either. and i tried the same thing with internet explorer and same problem. cookies are on in IE as well. then I noticed that hotmail always redirects me back to the hotmail page when trying to log in. finally, google searches occasionally result in a redirect to ads websites that had nothing to do with my search. so i suspected malware. I ran the malwarebytes scanner with a quick and basic scan and both times, it detected these 3 files as C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{9c6bb179-a667-95f8-491a-d5dda47e1109}\U\80000032.@ (Trojan.Clicker) -> Quarantined and deleted successfully. i deleted them successfully as the log says but the problem still persists and it still picks up these 3 things after a quick and full scan. after the full scan however, everything seemed fine until i restarted the comp later that day and the problem was back. I appreciate any help thank you mbam-log-2013-01-07 (00-35-54).txt mbam-log-2013-01-07 (00-23-48).txt DDS.txt Attach.txt
  5. Hi, I seem to have gotten the Sirefef Trojan on two of my computers. One runs Vista Home Premium SP2 and the other Windows 7 SP1. I'm working on removing the virus on the Vista machine first. I have attached the two requested logs: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by X at 9:59:19 on 2012-10-06 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.767 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe C:\Program Files\Wondershare\1-Click PC Care\CareMon.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Toshiba\IVP\ISM\pinger.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc c:\Toshiba\IVP\swupdate\swupdtmr.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\Utilities\KeNotify.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.dvslesupport.org/dvsmain/SUBSITES/DLA/Index.htm uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll" uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe" mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [HWSetup] \HWSetup.exe hwSetUP mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [skytel] Skytel.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se\CameraMonitor.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Save Flash - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/210 IE: Save YouTube Video - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/217 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{368CE4FC-B43D-4BEF-BECE-0B5EF0B738CF} : DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35 TCP: Interfaces\{88BF2454-6484-4FC0-A841-8FEC0D2F321F} : DhcpNameServer = 192.168.2.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\x\appdata\roaming\mozilla\firefox\profiles\0ijcxunf.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.slickdeals.net/ FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll . ============= SERVICES / DRIVERS =============== . R?2 CareMon;CareMon;c:\program files\wondershare\1-click pc care\CareMon.exe [2011-12-29 146792] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-3-12 20352] R1 MpKslbc95ad28;MpKslbc95ad28;c:\programdata\microsoft\microsoft antimalware\definition updates\{4e410acf-098f-499e-85a1-5da8cd218436}\MpKslbc95ad28.sys [2012-10-6 29904] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2010-12-22 152064] R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2010-12-22 49152] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2010-12-22 247320] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-11 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-15 250288] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-1 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-11 136176] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-3-12 937984] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 114144] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-10-06 14:49:11 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4e410acf-098f-499e-85a1-5da8cd218436}\MpKslbc95ad28.sys 2012-10-05 01:21:02 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4e410acf-098f-499e-85a1-5da8cd218436}\mpengine.dll 2012-10-05 01:00:25 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-09-15 13:23:34 -------- d-----w- c:\users\x\appdata\roaming\Philipp Winterberg 2012-09-15 13:23:25 -------- d-----w- c:\program files\Free RAR Extract Frog . ==================== Find3M ==================== . 2012-09-21 10:28:27 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-21 10:28:26 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 03:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 9:59:41.44 =============== The second log: DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/12/2008 3:09:23 AM System Uptime: 10/6/2012 8:25:55 AM (1 hours ago) . Motherboard: TOSHIBA | | IALAA Processor: AMD Turion 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 148 GiB total, 39.531 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f} Description: Texas Instruments OHCI Compliant IEEE 1394 Host Controller Device ID: PCI\VEN_104C&DEV_883A&SUBSYS_00000000&REV_00\4&B216F0A&0&21A4 Manufacturer: Texas Instruments Name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller PNP Device ID: PCI\VEN_104C&DEV_883A&SUBSYS_00000000&REV_00\4&B216F0A&0&21A4 Service: ohci1394 . Class GUID: {a0a588a4-c46f-4b37-b7ea-c82fe89870c6} Description: SDA Standard Compliant SD Host Controller Device ID: PCI\VEN_104C&DEV_883C&SUBSYS_00000000&REV_00\4&B216F0A&0&23A4 Manufacturer: SDA Standard Compliant SD Host Controller Vendor Name: SDA Standard Compliant SD Host Controller PNP Device ID: PCI\VEN_104C&DEV_883C&SUBSYS_00000000&REV_00\4&B216F0A&0&23A4 Service: sdbus . ==== System Restore Points =================== . RP1146: 9/18/2012 10:16:18 PM - Scheduled Checkpoint RP1147: 9/20/2012 6:10:02 AM - Scheduled Checkpoint RP1148: 9/21/2012 5:13:26 AM - Windows Update RP1149: 9/23/2012 7:13:25 AM - Windows Update RP1150: 9/24/2012 5:20:30 AM - Windows Update RP1151: 9/26/2012 8:21:43 PM - Scheduled Checkpoint RP1152: 9/28/2012 8:03:28 PM - Windows Update RP1153: 9/29/2012 11:51:54 PM - Scheduled Checkpoint RP1154: 9/30/2012 9:39:18 PM - Scheduled Checkpoint RP1155: 10/2/2012 4:36:23 AM - Windows Update RP1156: 10/2/2012 8:56:45 PM - Scheduled Checkpoint RP1157: 10/4/2012 7:27:10 PM - Restore Operation RP1158: 10/4/2012 7:47:29 PM - Restore Operation RP1159: 10/4/2012 8:16:03 PM - Wondershare 1-Click PC Care's restore point RP1160: 10/4/2012 8:19:48 PM - Windows Update RP1161: 10/4/2012 8:42:26 PM - Windows Update . ==== Installed Programs ====================== . . Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 11 Plugin Adobe Flash Player 9 ActiveX Adobe Reader X (10.1.4) MUI ALPS Touch Pad Driver Apple Software Update Atheros Driver Installation Program Atheros Wi-Fi Protected Setup Library ATI Catalyst Install Manager Belkin Setup and Router Monitor Belkin USB Print and Storage Center Bluetooth Stack for Windows by Toshiba Canon DIGITAL CAMERA Solution Disk Software Guide Canon G.726 WMP-Decoder CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Personal Printing Guide Canon PowerShot G12 Camera User Guide Canon RAW Codec Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities CameraWindow Launcher Canon Utilities Digital Photo Professional 3.9 Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CD/DVD Drive Acoustic Silencer ConvertHelper 2.2 Curitel PC Card Software D3DX10 DivX Converter DivX Plus DirectShow Filters DivX Setup DivX Version Checker DVD MovieFactory for TOSHIBA Flash Saving Plugin Free RAR Extract Frog GearDrvs GIMP 2.6.8 Google Desktop Google Earth Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ImageMixer 3 SE IP Camera Java Auto Updater Java 6 Update 31 Junk Mail filter update Malwarebytes Anti-Malware version 1.65.0.1400 Memeo AutoBackup Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Ultimate 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft XML Parser Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton 360 OGA Notifier 2.0.0048.0 Picasa 2 QuickBooks Financial Center QuickTime Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Segoe UI Skins Skype Click to Call Skype™ 5.10 SoftOrbits Flash Drive Recovery 1.3 Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Flash Cards Support Utility TOSHIBA Games TOSHIBA Hardware Setup Toshiba Registration TOSHIBA SD Memory Utilities TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Utility Common Driver VC80CRTRedist - 8.0.50727.4053 VZAccess Manager Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Windows Media Player Firefox Plugin Wondershare 1-Click PC Care (Version 7.5.0) . ==== Event Viewer Messages From Past Week ======== . 10/6/2012 8:36:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1141.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10/6/2012 8:27:55 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 10/5/2012 8:18:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6 10/5/2012 8:18:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/5/2012 8:18:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/5/2012 8:17:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/5/2012 8:17:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/5/2012 4:40:17 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. 10/4/2012 8:26:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.137.1141.0). 10/4/2012 8:25:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1141.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070643 Error description: Fatal error during installation. 10/4/2012 8:25:15 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.0.8001.0 Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x80070002 Error description: The system cannot find the file specified. 10/4/2012 8:25:15 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.159.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80070002 Error description: The system cannot find the file specified. 10/4/2012 8:03:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 10/4/2012 8:03:54 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/4/2012 8:00:25 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.137.750.0;1.137.750.0 Engine version: 1.1.8800.0 10/4/2012 7:51:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.808.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10/4/2012 7:46:00 PM, Error: PlugPlayManager [10] - Error writing to server side install pipe 10/4/2012 7:43:02 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 10/4/2012 7:34:44 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.137.808.0;1.137.808.0 Engine version: 1.1.8800.0 10/2/2012 4:31:19 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.8 for the Network Card with network address 001F3A678164 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File =========================== Any suggestions on where to go from here will be appreciated. Thanks
  6. Good afternoon, Experts, I have a Dell Inspiron presenting with Trojan.Agent, Trojan:DOS/Alureon.A, Virus Win64/Sirefef.A, Rootkit.0Access, Trojan.0Access. DDS Log reads: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Gator at 13:42:15 on 2012-10-07 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2165 [GMT -6:00] . AV: Trend Micro Titanium *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902} AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Trend Micro Titanium *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Windows\system32\conhost.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Program Files (x86)\SFT\GuardedID\GIDD.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe C:\Windows\system32\taskhost.exe C:\Users\Gator\Downloads\mssstool64.exe c:\eff61330ee32dbb63e2a2bd8adee0833\x86\mssswizard.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - Babylon IE plugin BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Constant Guard Protection Suite: {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.829.1\NativeBHO.dll BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File uRun: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe -rem mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: mswsock.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{086CA57F-6084-4D45-850F-E90FB0A1C66A}\64F68764967323 : DhcpNameServer = 192.168.42.1 TCP: Interfaces\{086CA57F-6084-4D45-850F-E90FB0A1C66A}\9484164756D497E45696768626F62737 : DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{086CA57F-6084-4D45-850F-E90FB0A1C66A}\E4544574541425 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9AA43C48-8F1F-4CB2-BC7B-93A762801778} : DhcpNameServer = 192.168.1.1 Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - Babylon IE plugin BHO-X64: Babylon IE plugin - No File BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.829.1\NativeBHO.dll BHO-X64: Constant Guard Protection Suite - No File BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll BHO-X64: TmBpIeBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm . ============= SERVICES / DRIVERS =============== . R?2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-8-30 62064] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?] R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121003.001\IDSviA64.sys [2012-10-4 513184] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-20 89600] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-9-22 256336] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-20 689472] R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-20 2320920] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?] R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120] S1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-20 13336] S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccsvchst.exe [2012-8-22 138272] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-11 250288] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-10-07 19:04:35 -------- d-----w- C:\eff61330ee32dbb63e2a2bd8adee0833 2012-10-07 18:34:54 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{026D92DF-7568-441A-9DFE-CA2C2BA2BF0A}\offreg.dll 2012-10-07 17:57:40 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{026D92DF-7568-441A-9DFE-CA2C2BA2BF0A}\mpengine.dll 2012-10-07 17:53:11 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-07 17:52:54 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-07 17:35:47 20480 ----a-w- C:\Windows\svchost.exe 2012-10-07 05:07:28 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-07 04:57:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-07 04:40:23 -------- d-----w- C:\Users\Gator\AppData\Roaming\Sammsoft 2012-10-07 03:50:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-10-07 03:49:53 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-10-07 03:48:22 -------- d-----w- C:\86245c3c1d7d8a6507196f9dbed85d 2012-10-06 19:07:57 -------- d-----w- C:\Windows\pss 2012-10-06 16:28:19 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-10-04 17:19:13 -------- d-----w- C:\Users\Gator\AppData\Roaming\Malwarebytes 2012-10-04 17:17:48 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-04 17:17:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-10-04 16:33:56 -------- d-----w- C:\Program Files (x86)\ARO 2012 2012-10-02 16:47:18 3213824 ----a-w- C:\Windows\System32\msi.dll 2012-10-02 16:47:18 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-09-27 22:52:22 -------- d-----w- C:\ba1149940e065c09e57a28 2012-09-26 09:04:51 80896 ----a-w- C:\Windows\System32\imagehlp.dll 2012-09-26 09:04:51 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-09-26 09:04:51 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-09-26 09:04:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-09-26 09:04:50 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-09-26 09:04:50 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-09-26 09:04:50 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-09-24 23:36:06 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-09-24 23:36:06 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-09-24 23:00:28 -------- d-----w- C:\Users\Gator\AppData\Local\NPE 2012-09-24 22:46:29 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys . ==================== Find3M ==================== . 2012-10-07 17:33:27 328704 ----a-w- C:\Windows\System32\services.exe 2012-09-24 23:35:52 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-24 23:35:52 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-31 04:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-08-31 04:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-22 00:07:52 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys 2010-10-01 08:11:56 462112 ----a-w- C:\Program Files (x86)\Common Files\ZugoInstaller.exe . ============= FINISH: 13:45:00.89 =============== Attach Log reads: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 5/18/2011 12:04:26 AM System Uptime: 10/7/2012 11:36:34 AM (2 hours ago) . Motherboard: Dell Inc. | | 0WXY9J Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU 1 | 909/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 382.981 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: BHDrvx64 Device ID: ROOT\LEGACY_BHDRVX64\0000 Manufacturer: Name: BHDrvx64 PNP Device ID: ROOT\LEGACY_BHDRVX64\0000 Service: BHDrvx64 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Norton Security Suite Settings Manager Device ID: ROOT\LEGACY_CCSET_N360\0000 Manufacturer: Name: Norton Security Suite Settings Manager PNP Device ID: ROOT\LEGACY_CCSET_N360\0000 Service: ccSet_N360 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Symantec Iron Driver Device ID: ROOT\LEGACY_SYMIRON\0000 Manufacturer: Name: Symantec Iron Driver PNP Device ID: ROOT\LEGACY_SYMIRON\0000 Service: SymIRON . ==== System Restore Points =================== . RP86: 10/5/2012 6:24:52 PM - Removed TuneUp Utilities 2012 RP87: 10/5/2012 6:27:38 PM - Removed TuneUp Utilities Language Pack (en-US) RP88: 10/6/2012 9:25:31 AM - Restore Operation RP89: 10/6/2012 10:31:28 AM - Revo Uninstaller's restore point - Norton Security Suite RP90: 10/6/2012 10:37:04 AM - Revo Uninstaller's restore point - Norton Security Suite RP91: 10/6/2012 10:39:51 AM - Revo Uninstaller's restore point - Ask Toolbar RP92: 10/6/2012 10:42:18 AM - Revo Uninstaller's restore point - Bing Bar RP93: 10/6/2012 10:46:27 AM - Revo Uninstaller's restore point - XFINITY Toolbar RP94: 10/7/2012 11:43:57 AM - Revo Uninstaller's restore point - Java 6 Update 24 RP95: 10/7/2012 11:44:44 AM - Removed Java 6 Update 24 RP96: 10/7/2012 11:52:01 AM - Installed Java 7 Update 7 RP97: 10/7/2012 11:54:08 AM - Revo Uninstaller's restore point - XFINITY Toolbar . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 6.0 Adobe Photoshop Elements 8.0 Adobe Photoshop.com Inspiration Browser Adobe Reader 9.1 Advanced Audio FX Engine Any Video Converter 3.3.5 Apple Application Support Apple Software Update Best Buy pc app Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Constant Guard Protection Suite D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Getting Started Guide Dell MusicStage Dell PhotoStage Dell Product Registration Dell Stage Dell VideoStage Dell Webcam Central DirectX 9 Runtime eBay Free YouTube Downloader 3.2.79 FrostWire 4.21.7 FrostWire 5.3.8 GoToAssist 8.0.0.514 GuardedID IDT Audio Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Internet Explorer Java 7 Update 7 Java Auto Updater JetMP3 Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Messenger Companion Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PhotoShowExpress QuickTime Realtek USB 2.0 Card Reader Revo Uninstaller 1.94 Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Sonic CinePlayer Decoder Pack Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 10/7/2012 12:34:00 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Moose\Gator Error Code: 0x8007042c Error description: The dependency service or group failed to start. 10/7/2012 12:34:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Moose\Gator Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 10/7/2012 12:33:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1263.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 10/7/2012 12:01:39 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Moose\Gator Error Code: 0x8007042c Error description: The dependency service or group failed to start. 10/7/2012 12:01:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Moose\Gator Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 10/7/2012 11:57:28 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1245.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 10/7/2012 11:53:14 AM, Error: Service Control Manager [7031] - The CGPS Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 10/7/2012 11:40:04 AM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). 10/7/2012 11:37:54 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 10/7/2012 11:37:53 AM, Error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s). 10/7/2012 11:37:53 AM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 10/7/2012 11:37:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 SRTSP SymIRON 10/7/2012 11:37:39 AM, Error: Service Control Manager [7024] - The Norton Security Suite service terminated with service-specific error %%-1. 10/7/2012 11:37:39 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 10/7/2012 11:37:36 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 10/7/2012 11:37:33 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 10/7/2012 11:36:43 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver. 10/7/2012 11:36:43 AM, Error: SRTSP [4] - Error loading virus definitions. 10/7/2012 11:36:14 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 10/6/2012 9:54:15 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Moose\Gator Error Code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 9:54:15 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Moose\Gator Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 9:53:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1245.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 9:53:40 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 9:53:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 9:53:14 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Moose\Gator Error Code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 9:53:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Moose\Gator Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 9:53:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1245.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 10/6/2012 9:53:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1245.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 10/6/2012 9:53:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1245.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 10/6/2012 9:51:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 10/6/2012 9:50:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 10/6/2012 11:08:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1245.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 11:08:08 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 11:08:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 11:07:57 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Moose\Gator Error Code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 11:07:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Moose\Gator Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 10/6/2012 11:07:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1245.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 10/6/2012 11:07:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1245.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 10/6/2012 11:07:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1245.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 10/6/2012 11:05:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 10/6/2012 11:04:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 10/6/2012 1:10:05 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 10/6/2012 1:10:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 10/4/2012 11:42:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect. 10/4/2012 11:42:29 AM, Error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/4/2012 11:29:22 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003098cc3, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100412-60138-01. 10/4/2012 11:02:07 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 10/4/2012 10:25:51 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 10/4/2012 10:25:16 AM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied. 10/4/2012 10:24:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SRTSP 10/4/2012 10:23:12 AM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 10/4/2012 10:23:04 AM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 10/4/2012 10:22:55 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 10/4/2012 10:22:28 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033b38ca, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100412-58812-01. . ==== End Of File ===========================
  7. hello, i need help my computer has a virus and i need to fix it.The virus names were Trojan.Dropper.BCMiner,Rootkit.0Access,Rootkit.0Access.64. The help will be greatly appreciated so much.I ran malware and this is the results Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.08.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ky :: ANOTHAWORLD [administrator] 10/8/2012 3:27:02 PM mbam-log-2012-10-08 (15-27-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 307897 Time elapsed: 2 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{fb9a415d-8a39-a495-eecb-70163c6883ff}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully. (end) everytime i scan the virus still pops up
  8. McAffee reported an attack one of our laptops. I ran the McAffee virus scanner and it removed 2 trojans, but even after I closed it down I kept getting warning message from McAffee saying that there were virus detected in the c:/$recyclebin folder, but that nothing was required to be done, even though the warning messages kept coming. Firefox (the default browser) seems to be running fine however (i.e. no redirects/shutdowns etc). I downloaded MB_AM and ran a quick scan. It also said there were trojans, and said it had removed them. However on restarting the laptop the McAffee warnings were still coming up, and additionally MB_AM was reporting blocking 'outgoing' messages to a variety of IP addresses. I updated MB_AM (for some reason the version I downloaded was a week out of date) and re-ran it a few times. Initially I was having the same problem as with McAffee (it appeared to remove the Trojans but the warning messages kept appearing after restart). However it does now appear to have sorted the problem (warning messages have stopped), but I'm still a bit worried as it is a problem that keeps reoccuring I still think that there might still be something lurking on the hard drive. Can someone confirm whether I might still have an issue with this laptop, the details of the MB_AM logs and the output from the DDS program are shown below. Thanks in advance.. <-------FIRST RUN OF MALWARE_AM--------> Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.07.13 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Syrus :: SYRUS-MSI [administrator] Protection: Enabled 23/09/2012 11:54:12 mbam-log-2012-09-23 (11-54-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 189116 Time elapsed: 14 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-533349786-3935795275-1856981824-1000\$09e7d81ee082c3ccf1679bba57bd5a4e\n.) Good: (shell32.dll) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\$Recycle.Bin\S-1-5-21-533349786-3935795275-1856981824-1000\$09e7d81ee082c3ccf1679bba57bd5a4e\n (Trojan.0Access) -> Delete on reboot. (end) <-----------------SECOND RUN------------------------> Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.23.02 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Syrus :: SYRUS-MSI [administrator] Protection: Enabled 23/09/2012 12:51:15 mbam-log-2012-09-23 (12-51-15).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 341197 Time elapsed: 2 hour(s), 29 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 c:\$recycle.bin\s-1-5-21-533349786-3935795275-1856981824-1000\$09e7d81ee082c3ccf1679bba57bd5a4e\u\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully. C:\Users\Syrus\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully. (end) <---------------------THIRD RUN----------------------------> Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.23.02 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Syrus :: SYRUS-MSI [administrator] Protection: Enabled 23/09/2012 12:51:15 mbam-log-2012-09-23 (15-23-42).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 341197 Time elapsed: 2 hour(s), 29 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 c:\$recycle.bin\s-1-5-21-533349786-3935795275-1856981824-1000\$09e7d81ee082c3ccf1679bba57bd5a4e\u\80000032.@ (Trojan.0Access) -> No action taken. C:\Users\Syrus\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> No action taken. (end) <------------------FOURTH RUN-------------------------> Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.23.02 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Syrus :: SYRUS-MSI [administrator] Protection: Enabled 23/09/2012 15:45:59 mbam-log-2012-09-23 (15-45-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 190751 Time elapsed: 7 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) <----------------DDS File-----------------> . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Syrus at 17:03:27 on 2012-09-23 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3327.2374 [GMT 1:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\atieclxx.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\windows\system32\mfevtps.exe C:\Program Files\System Control Manager\MSIService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe C:\windows\system32\conhost.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k defragsvc C:\windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\windows\system32\wuauclt.exe C:\windows\system32\taskhost.exe C:\windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uDefault_Page_URL = hxxp://www.msi.com uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [ArcSoft] rundll32.exe c:\users\syrus\appdata\local\arcsoft\idjbgmfy.dll,DllGetClassObject mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A6F539D9-1C12-4D93-8E59-8CA02D96789B} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A6F539D9-1C12-4D93-8E59-8CA02D96789B}\2313D284F4C4C495D234F4552545 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A6F539D9-1C12-4D93-8E59-8CA02D96789B}\24554545542535D20534130313F5E4564777F627B6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{A6F539D9-1C12-4D93-8E59-8CA02D96789B}\74F62746F6E664275656D616E6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A6F539D9-1C12-4D93-8E59-8CA02D96789B}\E4544574541425 : DhcpNameServer = 192.168.0.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\syrus\appdata\roaming\mozilla\firefox\profiles\4kz1t41i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-10 343664] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-29 176128] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-23 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-23 676936] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-10-22 21256] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-10-22 146448] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-10-22 66896] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-10 70728] R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-10-30 160768] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-9-29 6472192] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-9-29 228352] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-23 22856] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-10 91672] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-10 43288] R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-8-20 604672] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-24 167936] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-7 250288] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-10-30 17920] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-10 55264] S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-10 65448] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-30 166912] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-12 1343400] . =============== Created Last 30 ================ . 2012-09-23 15:35:21 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b43d0455-ed89-464b-a6f2-b8e380d9d8b4}\offreg.dll 2012-09-23 10:52:34 -------- d-----w- c:\users\syrus\appdata\roaming\Malwarebytes 2012-09-23 10:52:06 -------- d-----w- c:\programdata\Malwarebytes 2012-09-23 10:51:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-23 10:51:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-22 23:59:10 -------- d-----w- C:\ArcSoft 2012-09-22 09:47:47 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b43d0455-ed89-464b-a6f2-b8e380d9d8b4}\mpengine.dll 2012-09-09 15:11:51 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll . ==================== Find3M ==================== . 2012-09-20 18:27:34 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-20 18:27:34 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 21:23:55 41472 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:23:55 102912 ----a-w- c:\windows\system32\browser.dll . ============= FINISH: 17:04:51.73 =============== <--------------------ATTACH-------------------------> . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 10/10/2010 16:47:32 System Uptime: 23/09/2012 16:30:55 (1 hours ago) . Motherboard: MSI | | MS-1684 Processor: AMD Athlon II Dual-Core M300 | CPU 1 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 173 GiB total, 100.487 GiB free. D: is FIXED (NTFS) - 115 GiB total, 109.503 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP266: 14/08/2012 21:53:01 - Windows Update RP267: 15/08/2012 18:46:33 - Windows Update RP268: 21/08/2012 20:57:22 - Windows Update RP269: 28/08/2012 08:58:06 - Windows Update RP270: 31/08/2012 19:01:30 - Windows Update RP271: 04/09/2012 19:22:25 - Windows Update RP272: 11/09/2012 23:49:03 - Windows Update RP273: 11/09/2012 23:54:17 - Windows Update RP274: 19/09/2012 00:21:08 - Windows Update RP275: 22/09/2012 10:42:10 - Windows Update RP276: 22/09/2012 14:22:07 - Windows Update RP277: 23/09/2012 16:14:35 - Removed Football Manager 2006 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.1 Apple Application Support Apple Mobile Device Support Apple Software Update Application Profiles ArcSoft Magic-i Visual Effects 2 ArcSoft Print Creations ArcSoft Print Creations - Album Page ArcSoft Print Creations - Brochures & Flyers ArcSoft Print Creations - Funhouse ArcSoft Print Creations - Funhouse II ArcSoft Print Creations - Greeting Card ArcSoft Print Creations - Photo Book ArcSoft Print Creations - Photo Calendar ArcSoft Print Creations - Photo Prints ArcSoft Print Creations - Poster Creator ArcSoft Print Creations - Scrapbook ArcSoft Print Creations - Slimline Card ArcSoft WebCam Companion 3 ATI Catalyst Install Manager Audacity 1.3.13 (Unicode) Bonjour BurnRecovery Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help English Choice Guard Civilization III Complete Edition Compatibility Pack for the 2007 Office system Grand Theft Auto iTunes Junk Mail filter update K-Lite Codec Pack 6.5.0 (Full) Malwarebytes Anti-Malware version 1.65.0.1400 McAfee Agent McAfee AntiSpyware Enterprise Module McAfee Security Scan Plus McAfee VirusScan Enterprise Micro Machines 2 - Turbo Tournament Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Excel MUI (Greek) 2007 Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office OneNote MUI (Greek) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint MUI (Greek) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Greek) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing (Greek) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Shared MUI (Greek) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (Dutch) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Office Word MUI (Greek) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSI Software Install MSVCRT QuickTime Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Shockwave System Control Manager Update for 2007 Microsoft Office System (KB967642) WCS2003 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WinRAR archiver WMV9/VC-1 Video Playback . ==== End Of File ===========================
  9. Greetings experts. I've gone through the removal of nearly the same Trojans and Rootkits as I'm finding on the latest system that I'm fixing, and I was very, very tempted to just go through my previous logs to fix this latest issue, but I also know that the fixes are done in a specific order with specific codes written for the machines being worked on, so I decided to go about this the safe way and not turn my friend's computer into a paper weight. So, I have run several Malwarebytes scans on this system (Dell Dimension C521 running Win 7 Pro - 32-bit), and I have been able to successfully remove all issues except for the Trojan.0access, Trojan.Dropper, Trojan.Small, Rootkit.0access and Rootkit.Zaccess. The deletion/quarantine shows as being successful in each log, but they're still there on the next run of Malwarebytes, so it looks like we need to go through the process again. I appreciate the guidance, as well as the reminder to not go about this on my own and assume I know what I'm doing since I've done this once before. Most recent Malwarebytes log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.20.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Angela :: ANGELA-PC [administrator] 9/20/2012 7:02:37 AM mbam-log-2012-09-20 (07-02-37).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 468662 Time elapsed: 1 hour(s), 58 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\80000000.@ (Trojan.Small) -> Quarantined and deleted successfully. (end)
  10. I have a computer infected with a browser/search redirect virus. A Malwarebytes scan detects it but appears unable to fully remove the infection. Every time on reboot the infection tries to reinstall itself, but Malwarebytes detects and asks to quarantine it (which I do). Upon rerunning the quick scan the same files are found, and the process repeats.... I can now browse the Internet normally, but based on the reboot/reappear pattern, the infection is not completely removed. I've seen other similar posts on this forum, but it seems from reading them that the best course of action is to post a new thread with the log files pasted in, so that is what I am doing here.
  11. I read the pinned article and attached are the results of the DDS. Please advise on next steps. Thanks, Fred Attach.txtDDS.txt
  12. I have a computer infected with a browser/search redirect virus. A Malwarebytes scan detects it but appears unable to fully remove the infection. Every time on reboot the infection tries to reinstall itself, but Malwarebytes detects and asks to quarantine it (which I do). Upon rerunning the quick scan the same files are found, and the process repeats.... I can now browse the Internet normally, but based on the reboot/reappear pattern, the infection is not completely removed. I've seen other similar posts on this forum, but it seems from reading them that the best course of action is to post a new thread with the log files pasted in, so that is what I am doing here. Thanks in advance for anyone who can help with this. I've already downloaded and run DDS. Here are the requested logs (MBAM / DDS / Attach): ***** MBAM log ***** Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.18.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 kmwordsmith :: ROHAN [administrator] Protection: Enabled 8/19/2012 2:40:02 PM mbam-log-2012-08-19 (14-40-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 198250 Time elapsed: 6 minute(s), 24 second(s) Memory Processes Detected: 1 C:\WINDOWS\svchost.exe (Trojan.Agent) -> 4644 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\WINDOWS\Installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\WINDOWS\Installer\{0f765e1d-3107-d985-aee4-a536c6c4a8a0}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) ****** DDS.txt ******************************************************************************** . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by kmwordsmith at 15:28:36 on 2012-08-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2499 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\Dwm.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\system32\conhost.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\splwow64.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll mWinlogon: Userinit=userinit.exe, BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: ShopAtHome.com Toolbar: {66516a07-f617-488a-90cf-4e690cfb3c5f} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll TB: ShopAtHome.com Toolbar: {311b58dc-a4dc-4b04-b1b5-60299ad3d803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll uRun: [screenpresso] "C:\Users\kmwordsmith\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [Google Update] "C:\Users\kmwordsmith\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\KMWORD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\kmwordsmith\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL LSP: mswsock.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://logicalimages.webex.com/client/T27LB/webex/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.254.254 TCP: Interfaces\{5543631B-9160-4BE9-925D-36734AE345F2} : DhcpNameServer = 192.168.254.254 TCP: Interfaces\{7F302492-41B6-4FBD-8780-5795A2FDC3EF} : DhcpNameServer = 192.168.254.254 BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll BHO-X64: Coupons.com - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: ShopAtHome.com Toolbar: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll BHO-X64: ShopAtHome.com Toolbar - No File BHO-X64: CDelHotkeys Object: {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100907182941.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll TB-X64: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll TB-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll TB-X64: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {9D19C405-BA93-461B-871F-97992CC45972} - No File mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-15 655944] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440] R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199032] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 244840] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 148520] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-28 1692480] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-7 355440] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-1 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-19 18:37:44 20480 ------w- C:\Windows\svchost.exe 2012-08-16 03:14:57 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\Malwarebytes 2012-08-16 03:14:50 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-16 03:14:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-16 03:14:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-16 02:56:29 -------- d-----w- C:\Program Files (x86)\PC Tools 2012-08-16 02:47:50 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2012-08-16 02:47:50 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2012-08-16 02:47:20 -------- d-----w- C:\ProgramData\PC Tools 2012-08-16 02:47:19 -------- d-----w- C:\Users\kmwordsmith\AppData\Roaming\TestApp 2012-07-24 19:47:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F337.tmp 2012-07-24 14:33:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F336.tmp . ==================== Find3M ==================== . 2012-08-15 13:46:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-15 13:46:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 15:29:33.35 =============== ********** Attach.txt ********************************************************** . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/4/2009 7:12:02 PM System Uptime: 8/19/2012 2:36:21 PM (1 hours ago) . Motherboard: Dell Inc. | | 0G848F Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 1197/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 218 GiB total, 164.079 GiB free. D: is CDROM () E: is FIXED (NTFS) - 190 GiB total, 105.716 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP186: 7/9/2012 11:11:13 AM - Scheduled Checkpoint RP187: 7/11/2012 11:56:50 PM - Windows Update RP188: 7/19/2012 12:53:10 PM - Scheduled Checkpoint RP189: 7/27/2012 8:20:17 AM - Scheduled Checkpoint RP190: 8/3/2012 8:41:58 AM - Scheduled Checkpoint RP191: 8/10/2012 10:44:01 AM - Scheduled Checkpoint RP192: 8/17/2012 11:19:58 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe Acrobat Connect Add-in Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Contribute CS3 Adobe Default Language CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 ActiveX Adobe Help Viewer CS3 Adobe PDF Library Files Adobe Reader X (10.1.3) Adobe Setup Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Advanced Audio FX Engine Apple Application Support Apple Software Update Bing Bar BlackBerry Desktop Software 5.0.1 BlackBerry® Media Sync Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Coupon Printer for Windows Coupons.com Toolbar Delicious Add-on for Internet Explorer Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Getting Started Guide Dell Webcam Central Dropbox Facebook Plug-In FileZilla Client 3.3.0.1 Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.514 Java Auto Updater Java 6 Update 29 Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.62.0.1300 McAfee Security Scan Plus McAfee SecurityCenter Microsoft Choice Guard Microsoft Office File Validation Add-In Microsoft Office Small Business Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT Notepad++ PDFCreator PowerDVD DX QualXServ Service Agreement QuickTime Roxio Burn Roxio Update Manager Screenpresso Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) ShopAtHome.com Toolbar Spelling Dictionaries Support For Adobe Reader 9 Spotify TweetDeck Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) WebEx Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 8/19/2012 2:39:26 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. 8/19/2012 2:37:33 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/19/2012 2:37:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 8/19/2012 2:36:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/19/2012 10:50:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. 8/19/2012 10:49:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 8/19/2012 10:49:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 8/19/2012 1:51:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030fd4aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081912-23119-01. 8/19/2012 1:49:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030be405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081912-22464-01. 8/18/2012 1:38:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Rohan\kmwordsmith SID (S-1-5-21-2178287959-2484263321-3651141593-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/18/2012 1:38:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Rohan\kmwordsmith SID (S-1-5-21-2178287959-2484263321-3651141593-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/16/2012 9:13:46 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 8/16/2012 12:55:40 PM, Error: PCTCore [280] - 8/16/2012 1:19:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service. 8/16/2012 1:18:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 8/14/2012 1:28:11 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address A4-5C-27-6F-B8-12. Network operations on this system may be disrupted as a result. . ==== End Of File ===========================
  13. Yet another topic with this same problem. I've just recently bought Malwarebytes PRO to scan this PC because it has been giving us lots of issues. It was able to delete over 160 infections that this PC had save for these buggers. I've tried and tried to get them removed but have not been successful. After coming here and seeing all these topics regarding these, I dont feel so terrible about my computer being infected with it, but now my problems is that I do not have the slightest clue on what to do next. I'm not computer sabby at all. Any help would be appreaciated!
  14. Post Merged We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped. Please be patient, someone will assist you as soon as possible. Hello, I've got this nasty Rootkit and Trojan on my computer that MalwareBytes cannot get rid of, and ever since my Malwarebytes detected it, I've been hearing this noise from my speakers that sounds like someone rustling around with a mic. The thing is, my PC does not have a mic plugged in to it so it's really freaking me out. Dunno if it's related to these two things but either way I'd really like to get rid of them. Please help!? Here's the MBAM log along with the DDS logs: Also, I am unable to run Rogue Killer. I've tried three times. Twice I got a blue screen of death, and the third time, just as it was about to finish the Scan, it "Stopped working unexpectedly" and force closed. Please help, this is extremely aggravating . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Kandice at 17:26:30 on 2012-08-17 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1919.925 [GMT -7:00] . AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\AirPort\APAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Kandice\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Users\Kandice\AppData\Local\Soft32\Soft32 Updater\Soft32 Updater.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120515F6FD4721BCE920F80623E344&tbp=homepage uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [AdobeBridge] uRun: [Facebook Update] "c:\users\kandice\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [soft32 Updater.exe] c:\users\kandice\appdata\local\soft32\soft32 updater\Soft32 Updater.exe /SILENT mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjU1NDExMTAxLUZMMTArMS1UVUcrMy1ERFQrMzY1Ny1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzEtRjEwTTEyVEErMS1WSVAxMisxLVRMKzEtRjEwTTEyUisx"&"prod=90"&"ver=10.0.1424 mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) LSP: mswsock.dll Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{5ABC3ABC-3CF7-49CF-8E24-F4867B867FD5} : DhcpNameServer = 209.18.47.61 209.18.47.62 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kandice\appdata\roaming\mozilla\firefox\profiles\6n7x2el9.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q= FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\kandice\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll . ============= SERVICES / DRIVERS =============== . R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928] R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-6 655944] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-6 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-17 40776] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250056] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-18 1343400] . =============== Created Last 30 ================ . 2012-08-18 00:14:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-10 02:10:07 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-08 02:09:03 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a9131960-9fff-4927-9c77-7902715cc7cd}\offreg.dll 2012-08-07 22:58:17 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a9131960-9fff-4927-9c77-7902715cc7cd}\mpengine.dll 2012-08-07 00:55:36 -------- d-----w- c:\users\kandice\appdata\roaming\Malwarebytes 2012-08-07 00:55:31 -------- d-----w- c:\programdata\Malwarebytes 2012-08-07 00:55:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-07 00:55:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2012-08-15 04:09:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-15 04:09:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-12 02:44:03 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-06-06 05:09:46 1389568 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 04:51:16 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:51:16 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:50:00 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:48:35 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: ST380811 rev.3.AD -> Harddisk0\DR0 -> . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85E0E4B1]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85e1593c]; MOV EAX, [0x85e15ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x82A5B458] -> \Device\Harddisk0\DR0[0x85BA5030] 3 CLASSPNP[0x887A859E] -> ntkrnlpa!IofCallDriver[0x82A5B458] -> [0x84BC8700] 5 ACPI[0x832163B2] -> ntkrnlpa!IofCallDriver[0x82A5B458] -> \00000059[0x854F5890] \Driver\nvstor[0x85D4C4B8] -> IRP_MJ_CREATE -> 0x85E0E4B1 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } detected disk devices: \Device\00000059 -> \??\SCSI#Disk&Ven_ST380811&Prod_0AS#4&a64abbf&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 17:28:02.97 =============== mbam-log-2012-08-17 (17-25-53).txt DDS.txt Attach.txt
  15. I've been malwared. Must've been one of the many harmless websites I tend to visit when the wife and kids are out. The redirects and pop-ups have tapered off since I first experienced the virus 2 weeks ago. I just got back from vacation and booted up again for the first time since. Currently experiencing virtually no symptoms (other than URL's loading slower than usual), but I know there's an evil lurking in the shadows, waiting to do me in. Oh wise and knowledgeable forum member(s), please bestow upon me your generosity and wisdom! My mbam log here: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Owner :: SZOCSDESKTOP [administrator] Protection: Enabled 11/08/2012 6:40:21 PM mbam-log-2012-08-11 (21-05-25).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 486423 Time elapsed: 1 hour(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Windows\Installer\{320906d0-ef4a-4e35-13da-74f22bc5fb45}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken. C:\Windows\Installer\{320906d0-ef4a-4e35-13da-74f22bc5fb45}\U\000000cb.@ (Rootkit.0Access) -> No action taken. C:\Windows\Installer\{320906d0-ef4a-4e35-13da-74f22bc5fb45}\U\80000032.@ (Rootkit.0Access) -> No action taken. (end)
  16. Hello All, I'm trying to clean out a friends laptop. After running MBAM four times, I'm still not able to successfully rid the topics mentioned in the post title. Searching these threads, I found someone who had a similar situation. I followed that post up to the point where the instructions were specific to the users machine. It involved running FRST64 from a command prompt. So anyways, attached are lots of logs that should do the heavy explaining! Let me know if I need to post more info... Attach.txt DDS.txt FRST.txt mbam-log-2012-08-08 (18-02-32).txt mbam-log-2012-08-08 (19-05-36).txt mbam-log-2012-08-08 (20-17-46).txt mbam-log-2012-08-08 (20-23-10).txt Search.txt
  17. Hello, MBAM has exposed Trojan.Dropper.BCMiner and Rootkit.0Access on my laptop and is unable to remove them after successive scans and reboots. Here are logs for MBAM, OTL and RKreport. Thank you for your help, Pete. ------------------------------------------------------------------------------------------------ Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.06.02 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Pete :: NITRO [administrator] 8/6/2012 12:16:10 AM mbam-log-2012-08-06 (00-36-19).txt Scan type: Full scan (C:\|S:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 66934 Time elapsed: 19 minute(s), 56 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken. C:\Windows\Installer\{d0fe2505-d94c-f72d-324d-fef06d47d0c3}\U\00000004.@ (Rootkit.Zaccess) -> No action taken. C:\Windows\Installer\{d0fe2505-d94c-f72d-324d-fef06d47d0c3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken. C:\Windows\Installer\{d0fe2505-d94c-f72d-324d-fef06d47d0c3}\U\000000cb.@ (Rootkit.0Access) -> No action taken. C:\Windows\Installer\{d0fe2505-d94c-f72d-324d-fef06d47d0c3}\U\80000000.@ (Rootkit.0Access) -> No action taken. C:\Windows\Installer\{d0fe2505-d94c-f72d-324d-fef06d47d0c3}\U\80000032.@ (Rootkit.0Access) -> No action taken. (end) Attach.txt DDS.txt Extras.Txt OTL.Txt RKreport1.txt
  18. Hi, I'm infected with two kind of Malwares: Trojan.Dropper.BCMiner and Rootkit.0Access I found out that there were some infections because Internet Explorer didn't start anymore! After using Malware Anti-Malware Internet Explorer did work again, only Malwarebytes keeps on finding the Trojan.Dropper.BCMiner infection! Question, how can I remove the BCMiner infection? Should I be worried about the Rootkit.0Access? I have no idea how to forward from this point on, that is the reason I post here, I really hope you can help me?? [/size][/font][/color][color=#222222][font=Calibri][size=2] Malwarebytes Anti-Malware 1.62.0.1300[/size][/font][/color][color=#222222][font=Calibri][size=2] [url="http://www.malwarebytes.org/"]www.malwarebytes.org[/url][/size][/font][/color][color=#222222][font=Calibri][size=2] Databaseversie: v2012.07.26.14[/size][/font][/color][color=#222222][font=Calibri][size=2] Windows 7 Service Pack 1 x64 NTFS[/size][/font][/color][color=#222222][font=Calibri][size=2] Internet Explorer 9.0.8112.16421[/size][/font][/color][color=#222222][font=Calibri][size=2] Charl :: I7 [administrator][/size][/font][/color][color=#222222][font=Calibri][size=2] 26-7-2012 20:35:22[/size][/font][/color][color=#222222][font=Calibri][size=2] mbam-log-2012-07-26 (20-37-23).txt[/size][/font][/color][color=#222222][font=Calibri][size=2] Scantype: Snelle scan[/size][/font][/color][color=#222222][font=Calibri][size=2] Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM[/size][/font][/color][color=#222222][font=Calibri][size=2] Uitgeschakelde scanopties: P2P[/size][/font][/color][color=#222222][font=Calibri][size=2] Objecten gescand: 253177[/size][/font][/color][color=#222222][font=Calibri][size=2] Verstreken tijd: 1 minuut/minuten, 2 seconde(n)[/size][/font][/color][color=#222222][font=Calibri][size=2] Geheugenprocessen gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2] (Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2] Geheugenmodulen gedetecteerd: 1[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\Users\Charl\AppData\Roaming\mceli.dll (Trojan.Agent) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] Registersleutels gedetecteerd: 1[/size][/font][/color][color=#222222][font=Calibri][size=2] HKCR\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} (Trojan.FakeMS) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] Registerwaarden gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2] (Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2] Registerdata gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2] (Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2] Mappen gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2] (Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2] Bestanden gedetecteerd: 8[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\Users\Charl\AppData\Roaming\mceli.dll (Trojan.Agent) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\ProgramData\Windows\msseedir.dll (Trojan.FakeMS) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\Users\Charl\AppData\Local\Temp\SonicWALL\Cache\NESetupM.exe (Rogue.Installer) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\Windows\Installer\{c78efb76-7bad-b77c-1131-310fbb0fa300}\n (Rootkit.0Access) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\Windows\Installer\{c78efb76-7bad-b77c-1131-310fbb0fa300}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\ProgramData\Windows\drss.dat (Malware.Trace) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\ProgramData\Windows\xessmsxe.dat (Malware.Trace) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] (einde)[/size][/font][/color][color=#222222][font=Calibri][size=2] Second scan: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.29.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Charl :: I7 [administrator] 29-7-2012 21:52:44 mbam-log-2012-07-29 (21-52-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 254598 Time elapsed: 1 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{c78efb76-7bad-b77c-1131-310fbb0fa300}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end) DDS scan result: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Charl at 21:57:33 on 2012-07-29 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8089.5223 [GMT 2:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k ftpsvc C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\NetLimiter 3\nlsvc.exe C:\Windows\SysWOW64\nlssrv32.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe D:\Program_Files (x86)\Zune\ZuneLauncher.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe D:\Program_Files (x86)\Steam\Steam.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Users\Charl\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Users\Charl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\No-IP\DUC30.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Windows\SysWOW64\mdm.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Windows\notepad.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\No-IP\DUC30.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE \\?\C:\Windows\system32\wbem\WMIADAP.EXE "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.google.nl/ uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - d:\Program_Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll uRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Steam] "D:\Program_Files (x86)\Steam\steam.exe" -silent uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" uRun: [SkyDrive] "C:\Users\Charl\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun uRun: [Spotify Web Helper] "C:\Users\Charl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\Charl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NO-IPD~1.LNK - C:\Program Files (x86)\No-IP\DUC30.exe StartupFolder: C:\Users\Charl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://ssl2.uitkomst.nl/NELX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab TCP: DhcpNameServer = 172.16.0.10 195.241.77.55 195.241.77.58 TCP: Interfaces\{3879A0CF-5B62-438C-9DDF-56BBD13EF8BD} : DhcpNameServer = 172.16.0.10 195.241.77.55 195.241.77.58 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {3049C3E9-B461-4BC5-8870-4C09146192CA} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} {9030D464-4C02-4ABF-8ECC-5164760863C6} {9FDDE16B-836F-4806-AB1F-1455CBEFF289} {AE7CD045-E861-484f-8273-0445EE161910} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {DBC80044-A445-435b-BC74-9C25C1C588A9} {DDA57003-0068-4ed2-9D32-4D1EC707D94D} {F4971EE7-DAA0-4053-9964-665D8EE6A077} {47833539-D0C5-4125-9FA8-0819E2EAAC93} EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [(standaard)] mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ============= SERVICES / DRIVERS =============== . R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2011-9-20 29568] R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2010-8-30 88200] R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144] R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-2 915584] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-9-18 586880] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2011-10-11 74592] R2 ftpsvc;Microsoft FTP-service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-14 20992] R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?] R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-6 655944] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-31 66560] R2 NoIPDUCService3;No-IP DUC Service;C:\Program Files (x86)\No-IP\DUC30.exe -service --> C:\Program Files (x86)\No-IP\DUC30.exe -service [?] R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592] R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2012-6-28 2169056] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\system32\DRIVERS\CamDrL64.sys --> C:\Windows\system32\DRIVERS\CamDrL64.sys [?] R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?] R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?] R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2011-10-11 102752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?] S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgx64gps.sys --> C:\Windows\system32\DRIVERS\lgx64gps.sys [?] S3 VSPerfDrv100;Performance Tools Driver 10.0;D:\Program_Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440] S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;D:\Program_Files (x86)\Zune\WMZuneComm.exe [2011-8-5 306400] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-29 18:41:33 -------- d-----w- C:\TDSSStarter 2012-07-29 10:34:51 -------- d-----w- C:\Users\Charl\AppData\Local\{BB4234D1-C36F-4341-BB52-EAA5ABB13416} 2012-07-29 10:34:41 -------- d-----w- C:\Users\Charl\AppData\Local\{8C544BE1-01D7-47EA-B53C-06DCE68F36AE} 2012-07-28 10:13:54 -------- d-----w- C:\Users\Charl\AppData\Local\{360FCF4E-B031-4C80-B873-511147AB6F3E} 2012-07-28 10:13:44 -------- d-----w- C:\Users\Charl\AppData\Local\{2880DB89-88A6-4569-A264-05748756D9C9} 2012-07-27 22:13:20 -------- d-----w- C:\Users\Charl\AppData\Local\{809B5FD7-7BAB-4793-BB2F-F59A50C69984} 2012-07-27 22:13:11 -------- d-----w- C:\Users\Charl\AppData\Local\{A4A376E2-8305-4120-8A36-874AFD70C93D} 2012-07-27 10:12:59 -------- d-----w- C:\Users\Charl\AppData\Local\{B7EB355C-AE43-44BB-AB4D-E708C6B7222D} 2012-07-27 10:12:50 -------- d-----w- C:\Users\Charl\AppData\Local\{EA88CCDA-8E77-4061-AFB8-8F4BB47DD424} 2012-07-26 22:12:26 -------- d-----w- C:\Users\Charl\AppData\Local\{AFCAE0CF-8EAC-4CD8-82B3-8400C16A0C37} 2012-07-26 22:12:17 -------- d-----w- C:\Users\Charl\AppData\Local\{7EE33153-9667-4EAB-AF62-587BDC609FED} 2012-07-26 18:52:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-26 18:30:04 -------- d-----w- C:\Users\Charl\AppData\Roaming\xsecva 2012-07-26 18:05:40 -------- d-----w- C:\ProgramData\Windows 2012-07-26 10:11:53 -------- d-----w- C:\Users\Charl\AppData\Local\{0E0BF657-34FF-4027-9FD3-D5E050F5003C} 2012-07-26 10:11:44 -------- d-----w- C:\Users\Charl\AppData\Local\{099B1222-672E-4892-8DAD-01D3B8C7EDF4} 2012-07-26 09:13:33 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56D5334D-B9A8-4B76-9FDF-C56061115D11}\mpengine.dll 2012-07-25 22:11:19 -------- d-----w- C:\Users\Charl\AppData\Local\{DC1BB44B-1CF5-443C-B69B-0CFBC2A486AE} 2012-07-25 10:10:58 -------- d-----w- C:\Users\Charl\AppData\Local\{F87C1C42-22F4-4B6D-9C6C-5DDB9C8B9440} 2012-07-25 10:10:48 -------- d-----w- C:\Users\Charl\AppData\Local\{1488AFB1-C621-4A10-B312-2871C59181E3} 2012-07-25 08:12:45 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-24 22:10:24 -------- d-----w- C:\Users\Charl\AppData\Local\{C8F85AA5-726C-4713-873A-0B49D9B04EF1} 2012-07-24 22:10:14 -------- d-----w- C:\Users\Charl\AppData\Local\{80C90CD6-B2B3-45C4-B657-0E263890D55A} 2012-07-24 10:10:03 -------- d-----w- C:\Users\Charl\AppData\Local\{CD991D6F-2A04-4A29-8DCF-688DAA7CBCC9} 2012-07-24 10:09:53 -------- d-----w- C:\Users\Charl\AppData\Local\{114036CC-A886-4567-89FA-9AE1005845B8} 2012-07-23 22:09:29 -------- d-----w- C:\Users\Charl\AppData\Local\{DBB74D24-8CF7-438C-B28E-E6876760B615} 2012-07-23 22:09:18 -------- d-----w- C:\Users\Charl\AppData\Local\{E2631F7E-C4A3-496B-BDBD-4BDEEDBDEF5C} 2012-07-23 10:09:07 -------- d-----w- C:\Users\Charl\AppData\Local\{2185122B-F3AF-4FC4-8BBE-35A6F92C2CEF} 2012-07-23 10:08:58 -------- d-----w- C:\Users\Charl\AppData\Local\{3C757E2A-8DDC-4ED5-A321-EE16716DB721} 2012-07-22 19:21:53 -------- d-----w- C:\Users\Charl\AppData\Local\{1267BA62-4F63-495E-9E2B-E48B3681D8CF} 2012-07-22 19:21:43 -------- d-----w- C:\Users\Charl\AppData\Local\{BFAEC9E3-F2F9-46EF-A248-2AA19EB54B84} 2012-07-22 07:21:32 -------- d-----w- C:\Users\Charl\AppData\Local\{BE902197-096F-4733-82BB-54C4CABDCC3B} 2012-07-22 07:21:22 -------- d-----w- C:\Users\Charl\AppData\Local\{3C673283-C080-4AB5-B89E-647AEC2C023D} 2012-07-21 13:03:32 -------- d-----w- C:\Users\Charl\AppData\Local\{C346C9D2-4B04-4DD5-BEFC-BEDC6D6757CF} 2012-07-21 13:03:22 -------- d-----w- C:\Users\Charl\AppData\Local\{B2985F47-715A-4E7F-B579-C9D74DC5E7DE} 2012-07-18 12:55:36 -------- d-----w- C:\Users\Charl\AppData\Local\{B96EC8F7-4374-4794-AA48-E457C89B9B37} 2012-07-18 12:55:26 -------- d-----w- C:\Users\Charl\AppData\Local\{66423FF5-8859-474A-B92E-6198D773DD1A} 2012-07-17 13:27:35 -------- d-----w- C:\Users\Charl\AppData\Local\{806354A0-F71C-4966-BFE2-45225827D5BB} 2012-07-16 10:33:15 -------- d-----w- C:\Users\Charl\AppData\Local\{FE34762A-3966-4FED-9221-8AC80BECDB87} 2012-07-16 10:33:06 -------- d-----w- C:\Users\Charl\AppData\Local\{13609A86-D797-4ECE-AEA0-374CA0D52A24} 2012-07-15 04:15:11 -------- d-----w- C:\Users\Charl\AppData\Local\{317E7485-9BAA-4E08-A2DA-636113C141FE} 2012-07-15 04:15:01 -------- d-----w- C:\Users\Charl\AppData\Local\{FF246F1B-FECF-49D6-B12C-5858CC4744DD} 2012-07-14 10:27:35 -------- d-----w- C:\Users\Charl\AppData\Local\{3D75122C-2BC1-4693-B717-F70992F21CDB} 2012-07-14 10:27:25 -------- d-----w- C:\Users\Charl\AppData\Local\{640480E6-7951-4B14-A1F4-7D512D2B2D2A} 2012-07-13 21:23:23 -------- d-----w- C:\Users\Charl\AppData\Local\{08C146C7-786A-489E-AAD1-33AC126B5EB1} 2012-07-13 09:23:02 -------- d-----w- C:\Users\Charl\AppData\Local\{28830C1A-961F-4E72-AA4C-39ACB3BAE5C3} 2012-07-13 09:22:52 -------- d-----w- C:\Users\Charl\AppData\Local\{FB6E8105-FC3E-4CE9-ACAD-2EF1C8AD2F89} 2012-07-12 21:22:28 -------- d-----w- C:\Users\Charl\AppData\Local\{B8FC7D6A-10CD-4F3F-8BE9-FE3DE256643F} 2012-07-12 09:22:07 -------- d-----w- C:\Users\Charl\AppData\Local\{2C6D7EED-ADD7-4197-ADB9-C2584FFB3C8F} 2012-07-12 09:21:57 -------- d-----w- C:\Users\Charl\AppData\Local\{31743456-6941-45E5-AEC4-06364DFCE2BA} 2012-07-11 21:36:38 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 10:49:31 -------- d-----w- C:\Users\Charl\AppData\Local\{789551FB-8206-4CF4-8EF1-D82AB89B6575} 2012-07-11 10:49:20 -------- d-----w- C:\Users\Charl\AppData\Local\{CA5AD31A-F8A4-4C7E-B55E-C00E3C1E39B2} 2012-07-11 10:11:01 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 10:11:01 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-11 10:11:01 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 10:11:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 10:11:01 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 10:11:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-10 22:48:56 -------- d-----w- C:\Users\Charl\AppData\Local\{427DBDBF-4070-4B74-8F68-67D95FC95BA4} 2012-07-10 22:48:46 -------- d-----w- C:\Users\Charl\AppData\Local\{6375B89B-D791-457F-9DAE-0004BB1831C6} 2012-07-10 10:48:35 -------- d-----w- C:\Users\Charl\AppData\Local\{D3231C3E-968E-4D31-8D77-B11E5B5837AB} 2012-07-10 10:48:25 -------- d-----w- C:\Users\Charl\AppData\Local\{0EF418F8-153C-4F4F-A3BE-0A9FBF72CCB2} 2012-07-09 22:48:01 -------- d-----w- C:\Users\Charl\AppData\Local\{4B395D58-D578-40CB-9BF9-70C55B1FAF9E} 2012-07-09 22:47:51 -------- d-----w- C:\Users\Charl\AppData\Local\{4948BFD5-B8E8-413E-AC79-05E98FB0F9BA} 2012-07-09 10:47:40 -------- d-----w- C:\Users\Charl\AppData\Local\{A26608A1-6C19-49A4-8A54-459A3073FA98} 2012-07-09 10:47:30 -------- d-----w- C:\Users\Charl\AppData\Local\{A6CFD477-9EB8-4125-B909-44E15EA546A4} 2012-07-08 22:47:10 -------- d-----w- C:\Users\Charl\AppData\Local\{3460C609-7DB4-4846-B82A-F00C7BF014A4} 2012-07-08 22:47:00 -------- d-----w- C:\Users\Charl\AppData\Local\{D9B9B86F-2ED6-4DEF-B4CA-E6761F90C63C} 2012-07-08 10:46:48 -------- d-----w- C:\Users\Charl\AppData\Local\{4C56AC06-1A97-4976-81F0-2F39D553AD87} 2012-07-08 10:46:38 -------- d-----w- C:\Users\Charl\AppData\Local\{1E0C333B-6C2A-4422-AD54-B6561ABD5B10} 2012-07-07 12:21:49 -------- d-----w- C:\Users\Charl\AppData\Local\{CD189737-33B0-4069-A00B-39967245DDE0} 2012-07-07 12:21:39 -------- d-----w- C:\Users\Charl\AppData\Local\{A0AFBA76-3EE8-428D-8C14-50E3AABCB172} 2012-07-06 22:26:05 -------- d-----w- C:\Users\Charl\AppData\Local\{08141B20-FD22-4EC2-BB77-4E3C8BB326B7} 2012-07-06 22:25:54 -------- d-----w- C:\Users\Charl\AppData\Local\{553CD04E-5C2D-4536-8008-92A33389E290} 2012-07-06 10:25:43 -------- d-----w- C:\Users\Charl\AppData\Local\{6D70629E-DCEB-472B-967B-BAB07C5AB7E5} 2012-07-06 10:25:33 -------- d-----w- C:\Users\Charl\AppData\Local\{D0018BD2-5036-4FFB-99B9-7B60F5BD1492} 2012-07-05 22:25:09 -------- d-----w- C:\Users\Charl\AppData\Local\{782B520C-5CFD-4329-BF78-23ACF65291F6} 2012-07-05 10:24:48 -------- d-----w- C:\Users\Charl\AppData\Local\{881FE83B-F30E-499F-9C4E-DAEBDBC22211} 2012-07-05 10:24:38 -------- d-----w- C:\Users\Charl\AppData\Local\{0115ED8F-2BB1-489E-959C-19315F55F654} 2012-07-04 22:24:14 -------- d-----w- C:\Users\Charl\AppData\Local\{54B77F8D-157E-44FE-A684-CB8FB43E9CFF} 2012-07-04 22:24:04 -------- d-----w- C:\Users\Charl\AppData\Local\{084EBAEE-DB6B-4967-8F3E-6431DF0EC185} 2012-07-04 10:23:52 -------- d-----w- C:\Users\Charl\AppData\Local\{54FFACFA-3246-46FC-B089-A1A3C1A389BC} 2012-07-04 10:23:43 -------- d-----w- C:\Users\Charl\AppData\Local\{B0461553-2E31-4B44-9A31-615CF2567EAC} 2012-07-04 00:04:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-04 00:04:25 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-03 22:23:18 -------- d-----w- C:\Users\Charl\AppData\Local\{037E4043-7F9F-4B35-BE36-BFA1C1F5002F} 2012-07-03 22:23:08 -------- d-----w- C:\Users\Charl\AppData\Local\{0FAA343F-890B-4C76-9D40-720B43D70FAD} 2012-07-03 10:22:57 -------- d-----w- C:\Users\Charl\AppData\Local\{BDF5A052-6647-43F5-8840-F597516FC977} 2012-07-03 10:22:47 -------- d-----w- C:\Users\Charl\AppData\Local\{F2D53231-D63B-4EB3-B6AE-FBAB79C41D0C} 2012-07-02 22:22:22 -------- d-----w- C:\Users\Charl\AppData\Local\{AD126AE2-1D78-4B71-8E82-C51E140C2A89} 2012-07-02 22:22:12 -------- d-----w- C:\Users\Charl\AppData\Local\{0AF42034-2BCD-49C3-A212-1C3EF99EA7C9} 2012-07-02 21:32:53 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-07-02 20:39:31 -------- d-----w- C:\Users\Charl\AppData\Local\PunkBuster 2012-07-02 20:39:31 -------- d-----w- C:\Users\Charl\AppData\Local\CrashRpt 2012-07-02 20:38:16 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-07-02 20:38:16 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-07-02 20:38:16 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls 2012-07-02 20:38:15 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-07-02 10:22:01 -------- d-----w- C:\Users\Charl\AppData\Local\{9DFD863D-FE7C-48F8-8BDC-13E76F22DF22} 2012-07-02 10:21:51 -------- d-----w- C:\Users\Charl\AppData\Local\{2BE54875-5EA2-41E5-890A-5CFF618D75B0} 2012-07-01 22:21:30 -------- d-----w- C:\Users\Charl\AppData\Local\{DFA4121A-A474-4433-A906-4B8A9D7A0E04} 2012-07-01 22:21:20 -------- d-----w- C:\Users\Charl\AppData\Local\{2DB41D81-8D83-40BB-83ED-EE90FD751663} 2012-07-01 10:21:09 -------- d-----w- C:\Users\Charl\AppData\Local\{7D6A70E3-40FF-49C9-9F0F-1247C97E6BC0} 2012-07-01 10:20:59 -------- d-----w- C:\Users\Charl\AppData\Local\{5B44A6F9-94FD-4061-9C6F-4FEB7ED132C0} 2012-06-30 21:35:43 -------- d-----w- C:\Users\Charl\AppData\Local\{40FC26F8-5610-4E01-8990-83B26A103A6D} 2012-06-30 21:35:33 -------- d-----w- C:\Users\Charl\AppData\Local\{AC77BD86-A9AF-4B84-B67C-8B0EB5CC1CBF} 2012-06-30 09:35:22 -------- d-----w- C:\Users\Charl\AppData\Local\{4AE49593-5442-4539-B85D-33CC2A5C77A6} 2012-06-30 09:35:11 -------- d-----w- C:\Users\Charl\AppData\Local\{1B7E3D8B-2CAB-48A5-8635-EBCA1140C8B2} 2012-06-29 21:32:26 -------- d-----w- C:\Users\Charl\AppData\Local\{0608F0EA-F1F7-46AC-A633-45D4A69F5EC3} 2012-06-29 21:32:16 -------- d-----w- C:\Users\Charl\AppData\Local\{A52BB15E-5FE6-4F50-9BFE-84654DAD9A19} . ==================== Find3M ==================== . 2012-07-27 21:02:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-27 21:02:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 11:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-14 08:56:23 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-04 22:28:01 4046560 ----a-w- C:\Windows\PE_Rom.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-29 12:15:30 4608 ----a-w- C:\Windows\System32\drivers\vncmirror.sys 2012-05-29 12:15:30 26112 ----a-w- C:\Windows\System32\vncmirror.dll 2012-05-28 12:59:34 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-28 12:59:34 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll . ============= FINISH: 21:57:42,45 =============== Thanks in advance!!
  19. I'm constantly getting popups and google redirects. Malwarebytes keeps detecting the same 4 infections: 1 Trojan.Sirefef, 2 Rootkit.0Access, and 1 Trojan.Dropper.BCMiner. After I click remove, restart the the computer and scan again, they keep coming back. Dont know what else to do. Ive attached hosts.txt, the Malwarebytes log, and the ntbtlog.txt. Please help!!!! hosts.txt mbam-log-2012-07-13 (05-31-00).txt ntbtlog.txt
  20. Hi, it seemsl ike I'm infected by this rootkit, that's what Anti Malware says. It seems like it's not able to delete it. My Windows Update and Security essentials is already blocoked. Here is my ODS Log files...hope you guys canl help me. Extras.Txt OTL.Txt
  21. Clicked on bad Google result website today - no live protection running. Malwarebytes found and removed Trojan.Dropper.PE4. Ran SuperAntispyware and Spybot - no scan hits. Installed Microsoft Security Essentials - no scan hits. Now, "Due to an unidentified problem, Windows cannot display firewall settings". View settings in Windows Explorer and Control Panel have changed. Ran Malwarebytes again - this time found and removed Trojan.ZAccess and Rootkit.0Access. Thank you in advance. dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Ed Lang at 23:33:05 on 2012-07-04 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.526 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\ed lang\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [nwiz] nwiz.exe /install mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: intuit.com\ttlc DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{264DDFCB-BA6F-47E7-9C4E-0AF636FFAE68} : DhcpNameServer = 192.168.10.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] UnknownUnknown sqfirwgc;sqfirwgc; [x] . =============== Created Last 30 ================ . 2012-07-04 23:48:24 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{52bf68b2-bc89-4a42-89c3-c2519f802afb}\mpengine.dll 2012-07-04 23:42:48 -------- d-----w- c:\program files\Microsoft Security Client . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 23:34:35.65 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 12/30/2009 5:46:14 PM System Uptime: 7/4/2012 10:14:46 PM (1 hours ago) . Motherboard: Dell Computer Corp. | | 0J0592 Processor: Intel® Pentium® 4 CPU 2.53GHz | Microprocessor | 2524/533mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 56 GiB total, 28.704 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP703: 4/6/2012 10:10:51 AM - System Checkpoint RP704: 4/7/2012 1:04:48 PM - System Checkpoint RP705: 4/8/2012 2:17:03 PM - System Checkpoint RP706: 4/9/2012 3:37:12 PM - System Checkpoint RP707: 4/11/2012 12:04:55 AM - System Checkpoint RP708: 4/12/2012 10:51:43 AM - System Checkpoint RP709: 4/12/2012 11:22:31 PM - Software Distribution Service 3.0 RP710: 4/13/2012 12:18:03 AM - Installed TurboTax 2011 wrapper RP711: 4/15/2012 12:08:38 PM - System Checkpoint RP712: 4/16/2012 4:37:07 PM - System Checkpoint RP713: 4/18/2012 1:01:33 AM - System Checkpoint RP714: 4/19/2012 10:24:27 AM - System Checkpoint RP715: 4/20/2012 10:27:12 AM - System Checkpoint RP716: 4/21/2012 12:07:18 PM - System Checkpoint RP717: 4/22/2012 12:44:50 PM - System Checkpoint RP718: 4/23/2012 1:08:05 PM - System Checkpoint RP719: 4/24/2012 2:29:35 PM - System Checkpoint RP720: 4/25/2012 6:31:32 PM - System Checkpoint RP721: 4/26/2012 11:43:42 PM - System Checkpoint RP722: 4/27/2012 11:49:27 PM - System Checkpoint RP723: 4/29/2012 2:39:45 PM - System Checkpoint RP724: 4/30/2012 3:29:43 PM - System Checkpoint RP725: 5/1/2012 10:12:34 PM - System Checkpoint RP726: 5/2/2012 10:53:08 PM - System Checkpoint RP727: 5/4/2012 4:19:02 PM - System Checkpoint RP728: 5/6/2012 1:42:44 PM - System Checkpoint RP729: 5/7/2012 2:28:13 PM - System Checkpoint RP730: 5/9/2012 12:54:10 AM - System Checkpoint RP731: 5/10/2012 10:49:43 AM - System Checkpoint RP732: 5/11/2012 12:25:45 PM - System Checkpoint RP733: 5/12/2012 12:57:56 PM - System Checkpoint RP734: 5/13/2012 5:00:06 PM - System Checkpoint RP735: 5/14/2012 5:02:52 PM - System Checkpoint RP736: 5/15/2012 8:30:36 PM - System Checkpoint RP737: 5/16/2012 8:37:07 PM - System Checkpoint RP738: 5/17/2012 11:28:12 PM - System Checkpoint RP739: 5/19/2012 12:21:19 AM - System Checkpoint RP740: 5/20/2012 12:35:46 AM - System Checkpoint RP741: 5/21/2012 3:03:47 PM - System Checkpoint RP742: 5/22/2012 5:15:52 PM - System Checkpoint RP743: 5/23/2012 8:43:29 PM - System Checkpoint RP744: 5/24/2012 9:05:28 PM - System Checkpoint RP745: 5/25/2012 9:07:22 PM - System Checkpoint RP746: 5/27/2012 12:21:48 PM - System Checkpoint RP747: 5/28/2012 10:44:01 PM - System Checkpoint RP748: 5/29/2012 11:23:15 PM - System Checkpoint RP749: 5/31/2012 1:37:44 PM - System Checkpoint RP750: 6/1/2012 9:43:53 PM - System Checkpoint RP751: 6/2/2012 9:55:01 PM - System Checkpoint RP752: 6/3/2012 10:34:20 PM - System Checkpoint RP753: 6/4/2012 12:53:26 PM - Software Distribution Service 3.0 RP754: 6/5/2012 4:55:00 PM - System Checkpoint RP755: 6/27/2012 7:40:01 PM - System Checkpoint RP756: 6/29/2012 9:28:56 AM - System Checkpoint RP757: 6/30/2012 10:14:33 AM - System Checkpoint RP758: 7/1/2012 10:26:53 AM - System Checkpoint RP759: 7/2/2012 11:24:22 AM - System Checkpoint RP760: 7/3/2012 1:17:28 PM - System Checkpoint RP761: 7/4/2012 1:26:25 PM - System Checkpoint . ==== Installed Programs ====================== . . 3ivx MPEG-4 5.0.3 (remove only) 7-Zip 9.20 Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.4.3 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoBase 3 ArcSoft PhotoStudio 5 Avidemux 2.5 (32-bit) BCM V.92 56K Modem Bonjour Brother 1440 Brownie Canon CanoScan Toolbox 4.0 CanoScan LiDE20,30 Manual Coupon Printer for Windows Dell ResourceCD DING! FileZilla Client 3.3.3 FlipShare Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® PRO Ethernet Adapter and Software iSEEK AnswerWorks English Runtime iTunes Java Auto Updater Java™ 6 Update 24 Logitech® Camera Driver Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 97, Professional Edition Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Display Driver NVIDIA Windows 2000/XP Display Drivers OmniPage SE QuickTime Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 8 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Segoe UI Skype Click to Call Skype™ 5.5 SoundMAX Spybot - Search & Destroy SUPERAntiSpyware TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper UMPlayer 0.98 [P3] Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Internet Explorer 8 Multilingual User Interface (MUI) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows XP Service Pack 3 WyldFyre 7 Installed in: C:\PROGRAM FILES\WYLDFYRE\WYLDFYRE 7 Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 7/4/2012 7:44:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 7/4/2012 11:33:08 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0. 7/4/2012 10:15:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde 7/1/2012 9:22:25 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/27/2012 5:55:20 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. . ==== End Of File ===========================
  22. I ran malwarebytes scan about a week ago and thought I deleted it. Scanned again today and it was still there. I only really noticed it today because random music suddenly started playing on my computer. Multiple times even when I had no programs open. How can I get rid of it without having to reformat my whole system? here is a log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.27.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Amitabh :: AMITABH-PC [administrator] 6/28/2012 10:08:12 PM mbam-log-2012-06-28 (22-08-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 314127 Time elapsed: 11 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{40cdcb9d-7b7f-904e-16b0-6d17c386ccc6}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end)
  23. This is a continuation of http://forums.malwarebytes.org/index.php?showtopic=110776&hl=&fromsearch=1 which was mistakenly "taken over" by yours truly as a newbie to the forum. For clarity's sake, we continue the removal process here. I'm in the process of removing five trojans from a friend's computer: Trojan.Sirefef, Trojan.Small, Trojan.LameShield, Trojan.Dropper and Trojan.Zaccess, as well as Rootkit.0Access. I've determined from my forum searches that brought me to the aforementioned forum (to which I inadvertently responded to the very helpful gringo_pr's instructions) that the Trojan.Sirefef, Trojan.Small and Rootkit.0Access are responsible for causing her system to reboot continuously, only staying up for 1-2 minutes at the most before an alert message advising that Windows has encountered a critical error and will reboot in one minute appears. Continuing The latest FRST log is as follows: Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 06-06-2012 04 Ran by SYSTEM at 07-06-2012 15:50:49 Running from E:\ Windows Vista ™ Home Basic Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet002 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-31] (IDT, Inc.) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-02-26] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-02-26] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-02-26] (Intel Corporation) HKLM\...\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation) HKLM\...\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [657920 2009-11-02] (Dell Inc.) HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-01-05] (Wave Systems Corp.) HKLM\...\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation) HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-04-04] (Malwarebytes Corporation) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKU\Crys\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation) HKU\Crys\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.) HKU\Crys\...\Policies\system: [LogonHoursAction] 2 HKU\Crys\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Guest\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.) HKU\Michael\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.) HKU\Michael\...\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent [x] HKU\Michael\...\Policies\system: [LogonHoursAction] 2 HKU\Michael\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222 Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\All Users\Start Menu\Programs\Startup\TdmNotify.lnk ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) Startup: C:\Users\Michael\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ================================ Services (Whitelisted) ================== 3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257696 2012-05-04] (Adobe Systems Incorporated) 2 alssvc; "C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe" [382232 2008-06-03] (Dell Inc.) 2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-15] (AuthenTec, Inc.) 2 buttonsvc32; "C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe" [278304 2009-11-20] (Dell Inc.) 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation) 3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2010-12-27] (Acresso Software Inc.) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation) 4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation) 4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 2 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [993848 2011-04-18] (Secunia) 2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [399416 2011-04-18] (Secunia) 3 SecureStorageService; "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [1032192 2009-11-18] (Wave Systems Corp.) 2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3063968 2012-04-09] (Skype Technologies S.A.) 2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-04-05] (Skype Technologies) 2 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe /identity QUICKASSIST [1213728 2008-01-08] (SupportSoft, Inc.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe [221266 2009-07-31] (IDT, Inc.) 3 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.) 2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] () 2 TdmService; "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe" [1148264 2009-11-24] (Wave Systems Corp.) 2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" [110592 2009-11-13] (WDC) 2 WDSmartWareBackgroundService; "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" [20480 2009-06-16] (Memeo) 2 dcpsysmgrsvc; "c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe" [x] 2 EvtEng; c:\Program Files\Intel\WiFi\bin\EvtEng.exe [x] 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] 2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x] 4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x] 3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x] 2 RegSrvc; c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [x] 4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x] 4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x] 2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x] ========================== Drivers (Whitelisted) ============= 3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [217136 2009-11-24] (Alps Electric Co., Ltd.) 3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [112128 2009-02-26] (Intel® Corporation) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation) 3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-07] (Malwarebytes Corporation) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 1 MpKsl77c026b2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DDCD221-1D60-492B-91EB-92D7C46B40B6}\MpKsl77c026b2.sys [29904 2012-06-05] (Microsoft Corporation) 3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation) 0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) 3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) 4 rimspci; C:\Windows\system32\drivers\rimspe86.sys [45056 2009-04-03] (REDC) 4 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [48640 2009-04-03] (REDC) 4 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38400 2009-04-03] (REDC) 4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation) 2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [211328 2010-01-05] (Wave Systems Corp.) 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NvtSp50; C:\Windows\System32\Drivers\NvtSp50.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-07 11:37 - 2012-06-07 11:38 - 00000000 ____D C:\FRST 2012-06-07 11:35 - 2012-06-07 11:35 - 00000000 __SHD C:\Config.Msi 2012-06-05 09:35 - 2012-06-07 13:38 - 3174215680 __ASH C:\hiberfil.sys 2012-06-05 09:10 - 2012-06-07 07:46 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2012-06-03 09:28 - 2012-06-03 09:28 - 00002154 ____A C:\Windows\epplauncher.mif 2012-06-03 09:27 - 2012-06-03 09:28 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-03 09:27 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-06-02 16:31 - 2012-06-05 09:19 - 00000000 ____D C:\Users\Crys\AppData\Local\LogMeIn Rescue Applet 2012-06-02 10:44 - 2012-06-02 10:44 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-05-26 09:20 - 2012-05-28 16:05 - 00010578 ____A C:\Users\Crys\Documents\Nutrition.xlsx 2012-05-26 09:16 - 2012-05-26 09:16 - 00000000 ____D C:\Users\Crys\Desktop\MMA 2012-05-11 17:21 - 2012-03-30 04:39 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-05-11 17:21 - 2012-03-29 05:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-05-11 17:21 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-05-11 17:21 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2012-05-11 17:21 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2012-05-11 17:21 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2012-05-11 17:21 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2012-05-11 17:21 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-05-11 17:20 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-05-11 17:20 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-11 17:20 - 2012-04-02 05:36 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ============ 3 Months Modified Files and Folders =============== 2012-06-07 13:39 - 2006-11-02 04:58 - 0032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-07 13:39 - 2006-11-02 04:58 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-07 13:38 - 2012-06-05 09:35 - 3174215680 __ASH C:\hiberfil.sys 2012-06-07 13:38 - 2006-11-02 04:45 - 0003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-07 13:38 - 2006-11-02 04:45 - 0003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-07 11:52 - 2009-04-11 05:18 - 0279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-06-07 11:51 - 2010-09-20 14:50 - 0902938 ____A C:\Windows\ntbtlog.txt 2012-06-07 11:51 - 2010-08-14 12:20 - 0000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-06-07 11:51 - 2010-04-12 19:43 - 0000000 ____A C:\Users\Crys\AppData\Local\WavXMapDrive.bat 2012-06-07 11:43 - 2012-05-05 13:11 - 0000000 ____D C:\Users\All Users\boost_interprocess 2012-06-07 11:38 - 2012-06-07 11:37 - 0000000 ____D C:\FRST 2012-06-07 11:35 - 2012-06-07 11:35 - 0000000 __SHD C:\Config.Msi 2012-06-07 11:34 - 2010-08-14 12:20 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-06-07 07:46 - 2012-06-05 09:10 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2012-06-07 07:46 - 2012-03-29 07:24 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-06-05 09:33 - 2010-04-06 19:25 - 1944952 ____A C:\Windows\WindowsUpdate.log 2012-06-05 09:19 - 2012-06-02 16:31 - 0000000 ____D C:\Users\Crys\AppData\Local\LogMeIn Rescue Applet 2012-06-05 09:17 - 2008-01-20 19:02 - 0055636 ____A C:\Windows\PFRO.log 2012-06-03 09:28 - 2012-06-03 09:28 - 0002154 ____A C:\Windows\epplauncher.mif 2012-06-03 09:28 - 2012-06-03 09:27 - 0000000 ____D C:\Program Files\Microsoft Security Client 2012-06-03 09:28 - 2006-11-02 02:33 - 0866950 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-03 09:21 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\registration 2012-06-03 09:19 - 2010-04-12 20:10 - 0000000 ____D C:\Users\All Users\Symantec 2012-06-02 16:54 - 2010-12-31 14:22 - 0000000 ____D C:\Windows\symbols 2012-06-02 16:27 - 2010-08-14 12:17 - 0000000 ____D C:\Users\Crys\AppData\Roaming\Skype 2012-06-02 10:44 - 2012-06-02 10:44 - 0000000 __SHD C:\Windows\System32\%APPDATA% 2012-05-28 16:05 - 2012-05-26 09:20 - 0010578 ____A C:\Users\Crys\Documents\Nutrition.xlsx 2012-05-26 09:16 - 2012-05-26 09:16 - 0000000 ____D C:\Users\Crys\Desktop\MMA 2012-05-23 04:54 - 2010-04-07 01:01 - 0000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-16 06:05 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET 2012-05-13 12:42 - 2006-11-02 04:44 - 2303584 ____A C:\Windows\System32\FNTCACHE.DAT 2012-05-12 12:33 - 2010-05-25 08:02 - 0000000 ____D C:\Users\All Users\Microsoft Help 2012-05-12 12:29 - 2006-11-02 02:24 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-05-12 12:03 - 2006-11-02 04:35 - 0000000 ____D C:\Windows\System32\XPSViewer 2012-05-07 05:16 - 2012-05-07 05:16 - 0000000 ____D C:\Users\Crys\AppData\Roaming\Foxit Software 2012-05-07 05:13 - 2010-04-12 20:15 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-05-07 05:12 - 2012-05-07 05:12 - 0000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-05-05 13:11 - 2012-05-05 13:10 - 0000000 ___RD C:\Program Files\Skype 2012-05-05 13:11 - 2010-08-14 12:14 - 0000000 ____D C:\Users\All Users\Skype 2012-05-05 13:10 - 2012-05-05 13:10 - 0001878 ____A C:\Users\Public\Desktop\Skype.lnk 2012-05-05 13:10 - 2012-05-05 13:10 - 0000000 ____D C:\Program Files\Common Files\Skype 2012-05-04 16:46 - 2012-03-29 07:24 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-05-04 16:46 - 2011-05-15 11:55 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-04-29 06:37 - 2006-11-02 04:49 - 0147796 ____A C:\Windows\setupact.log 2012-04-20 07:51 - 2012-04-20 07:39 - 0034901 ____A C:\Users\Crys\Desktop\lyrics.docx 2012-04-04 13:56 - 2010-04-12 20:15 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-03 00:16 - 2012-05-11 17:20 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-04-03 00:16 - 2012-05-11 17:20 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-04-02 05:36 - 2012-05-11 17:20 - 2044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-03-30 11:57 - 2012-03-30 11:57 - 0001666 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-03-30 11:57 - 2012-03-09 12:53 - 0000000 ____D C:\Program Files\iTunes 2012-03-30 11:56 - 2012-03-30 11:56 - 0000000 ____D C:\Program Files\iPod 2012-03-30 11:56 - 2010-06-01 13:54 - 0000000 ____D C:\Program Files\Common Files\Apple 2012-03-30 04:39 - 2012-05-11 17:21 - 0914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-29 09:21 - 2012-03-29 09:21 - 313700803 ____A C:\Windows\MEMORY.DMP 2012-03-29 09:21 - 2012-03-29 09:21 - 0144744 ____A C:\Windows\Minidump\Mini032912-01.dmp 2012-03-29 09:21 - 2012-03-29 09:21 - 0000000 ____D C:\Windows\Minidump 2012-03-29 05:39 - 2012-05-11 17:21 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-03-28 06:07 - 2011-04-13 15:53 - 0000861 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-03-20 18:44 - 2012-03-20 18:44 - 0171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys 2012-03-20 18:44 - 2012-03-20 18:44 - 0074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys 2012-03-20 15:28 - 2012-05-11 17:21 - 0053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-03-15 09:25 - 2012-01-22 06:32 - 0008518 ____A C:\Users\Crys\Documents\Car Loan.xlsx ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-04-11 05:18] - [2012-06-07 11:52] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 3026.43 MB Available physical RAM: 2715.68 MB Total Pagefile: 2925.83 MB Available Pagefile: 2793.29 MB Total Virtual: 2047.88 MB Available Virtual: 1980.93 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:102.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32 4 Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.69 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 0 B Disk 1 Online 3827 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 32 KB Partition 2 Primary 15 GB 40 MB Partition 3 Primary 218 GB 15 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 218 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3827 MB 16 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FAT32 Removable 3827 MB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-03 09:49 ======================= End Of Log ==========================
  24. Hello All, I am looking for some help. Just got back from vacation, did not update virus definitions and jumped on the internet. Got a bogus virus warning pop up, started the task manager and killed everything without clicking the screen. Later I noticed that Microsoft Security Essentials was not running and I was not able to turn it back on. Ran Malwarebytes and found that I had trojan.small, trojan.sirefef and rootkit.0access. I followed the prompts to remove them and restart the computer. Ran Malwarebytes again and found the same three problems. I spent most the day researching the culprits and landed here. I ran TDSSKiller and was only notified of none unsigned files which were considered suspicious but action was not recommended. Farbar Recovery Scan Tool and mbam logs pasted below. Thanks in advance for any and all help. Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 17-06-2012 02 Ran by SYSTEM at 17-06-2012 18:51:23 Running from F:\ Windows Vista Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-27] (Synaptics Incorporated) HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [hpqSRMon] [x] HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard) HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [] [x] HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard) HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13601312 2009-06-24] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-06-24] (NVIDIA Corporation) HKLM\...\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" [660136 2010-02-04] () HKLM\...\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" [16040 2010-02-04] () HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.) HKLM\...\Run: [TurboKey] C:\Program Files\Race The World \turbokey.exe [81920 2009-12-18] () HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [FPPhotoMiddleWare] C:\Program Files\Fisher-Price\Kid-Tough Digital Studio Software\Util\Kid-Tough Digital Studio Software Middleware.exe [62872 2011-05-24] (Fisher-Price) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Jack\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Jack\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.) HKU\Jack\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.) HKU\Jack\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.) HKU\Jack\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\Jennifer\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company) HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Jennifer\AppData\Local\Temp\E_S5AF.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION) HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S8159.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION) HKU\Jennifer\...\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe [1779040 2010-06-01] (Adobe Systems Incorporated) HKU\Jennifer\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.) HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard) HKU\Jack\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Jack\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.) HKU\Jack\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.) HKU\Jack\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.) HKU\Jack\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\Jennifer\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company) HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Jennifer\AppData\Local\Temp\E_S5AF.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION) HKU\Jennifer\...\Run: [EPSON Stylus Photo RX595 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_S8159.tmp" /EF "HKCU" [182272 2007-03-30] (SEIKO EPSON CORPORATION) HKU\Jennifer\...\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe [1779040 2010-06-01] (Adobe Systems Incorporated) HKU\Jennifer\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-05-24] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Documents and Settings\Jack\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\Jack\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) ================================ Services (Whitelisted) ================== 2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) 2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) 2 BBSvc; C:\Program Files\Microsoft\BingBar\7.1.364.0\BBSvc.exe [193816 2012-02-20] (Microsoft Corporation.) 3 BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.exe [240408 2012-02-20] (Microsoft Corporation.) 3 Com4Qlb; "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) 3 DFSR; C:\Windows\System32\DFSR.exe [2092544 2009-04-10] (Microsoft Corporation) 2 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation) 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation) 3 hkmsvc; C:\Windows\System32\kmsvc.dll [68096 2008-01-20] (Microsoft Corporation) 2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) 2 LeapFrog Connect Device Service; "C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe" [4916568 2010-11-19] (LeapFrog Enterprises, Inc.) 2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [94208 2009-04-28] (Lexmark International, Inc.) 2 lxdn_device; C:\Windows\system32\lxdncoms.exe -service [594600 2007-12-05] ( ) 2 McciCMService; "C:\Program Files\Common Files\Motive\McciCMService.exe" [303104 2009-08-12] (Motive Communications, Inc.) 2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-12-19] () 2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-12-19] () 2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] () 2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x] ========================== Drivers (Whitelisted) ============= 3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) 3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2009-07-30] (LeapFrog) 3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) 3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.) 3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.) 3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [985600 2007-11-01] (Conexant Systems, Inc.) 4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH) 2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-18] (Conexant) 3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [12032 2007-02-16] (NVIDIA Corporation) 3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2008-01-20] (Microsoft Corporation) 3 SaiK0D14; C:\Windows\System32\DRIVERS\SaiK0D14.sys [130568 2009-09-07] (Saitek) 3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2009-09-07] (Saitek) 3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2009-09-07] (Saitek) 3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.) 3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.) 3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.) 3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect) 3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19336 2008-01-24] (Logitech Inc.) 3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [28168 2008-01-24] (Logitech Inc.) 3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14728 2008-01-24] (Logitech Inc.) 3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [48904 2008-01-24] (Logitech Inc.) 1 eabfiltr; [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-17 12:31 - 2012-06-17 12:31 - 00000000 ____D C:\FRST 2012-06-17 12:28 - 2012-06-17 12:31 - 00874644 ____A C:\Users\Jack\Downloads\FRST.exe 2012-06-17 12:28 - 2012-06-17 12:31 - 00874644 ____A C:\Documents and Settings\Jack\Downloads\FRST.exe 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-17 12:11 - 2012-06-17 12:33 - 00007957 ____A C:\Windows\WindowsUpdate.log 2012-06-17 12:08 - 2012-06-17 12:08 - 3152863232 __ASH C:\hiberfil.sys 2012-06-17 12:08 - 2012-06-17 12:08 - 00318344 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-17 12:08 - 2012-06-17 12:08 - 00000948 ____A C:\Windows\PFRO.log 2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Users\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt 2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Documents and Settings\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt 2012-06-17 10:50 - 2012-06-17 12:06 - 00002322 ____A C:\Windows\ntbtlog.txt 2012-06-17 10:44 - 2012-06-17 10:45 - 00125318 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_14.44.04_log.txt 2012-06-17 09:09 - 2012-06-17 09:11 - 00127064 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_13.09.44_log.txt 2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Users\All Users\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Documents and Settings\All Users\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\DriverCure 2012-06-17 06:32 - 2012-06-17 06:32 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys 2012-06-16 19:47 - 2012-06-16 19:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-06-16 19:47 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-16 11:40 - 2012-06-16 11:40 - 00000000 ____D C:\Program Files\Auslogics 2012-06-16 11:32 - 2012-06-16 11:32 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-16 04:12 - 2012-06-16 04:12 - 00000000 ____D C:\Program Files\Dropbox 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2012-06-16 03:57 - 2012-06-16 03:57 - 00000000 ____D C:\Program Files\iPod 2012-06-15 23:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-15 23:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-15 23:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-15 23:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-15 23:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-15 23:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-15 23:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-15 23:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-15 23:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-15 23:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-15 23:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-15 23:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-15 23:01 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-15 23:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos.htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (2).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (1).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos.htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (2).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (1).htm 2012-06-15 17:41 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-06-15 17:41 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-06-15 17:41 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-06-15 17:41 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-06-15 17:40 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-15 11:15 - 2012-06-17 09:08 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Jack\Desktop\TDSSKiller.exe 2012-06-15 11:15 - 2012-06-17 09:08 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Jack\Desktop\TDSSKiller.exe 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\My Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\My Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\Documents\Lead Letter.docx 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\Application Data\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\Application Data\SPL146.tmp 2012-05-19 04:18 - 2012-05-19 04:19 - 00000000 ____D C:\Program Files\QuickTime 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\Public\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk ============ 3 Months Modified Files and Folders =============== 2012-06-17 12:33 - 2012-06-17 12:11 - 00007957 ____A C:\Windows\WindowsUpdate.log 2012-06-17 12:31 - 2012-06-17 12:31 - 00000000 ____D C:\FRST 2012-06-17 12:31 - 2012-06-17 12:28 - 00874644 ____A C:\Users\Jack\Downloads\FRST.exe 2012-06-17 12:31 - 2012-06-17 12:28 - 00874644 ____A C:\Documents and Settings\Jack\Downloads\FRST.exe 2012-06-17 12:30 - 2006-11-02 02:33 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-17 12:25 - 2012-01-14 17:52 - 00000000 ___RD C:\Users\Jack\Dropbox 2012-06-17 12:25 - 2012-01-14 17:52 - 00000000 ___RD C:\Documents and Settings\Jack\Dropbox 2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Users\Jack\Application Data\Dropbox 2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Dropbox 2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\Dropbox 2012-06-17 12:25 - 2012-01-14 17:48 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\Dropbox 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-17 12:12 - 2012-06-17 12:12 - 00080384 ____A C:\Documents and Settings\Jack\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-17 12:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows 2012-06-17 12:10 - 2010-02-05 04:27 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-06-17 12:08 - 2012-06-17 12:08 - 3152863232 __ASH C:\hiberfil.sys 2012-06-17 12:08 - 2012-06-17 12:08 - 00318344 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-17 12:08 - 2012-06-17 12:08 - 00000948 ____A C:\Windows\PFRO.log 2012-06-17 12:08 - 2008-04-27 11:38 - 3466776576 __ASH C:\pagefile.sys 2012-06-17 12:08 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-17 12:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-17 12:08 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Users\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt 2012-06-17 12:06 - 2012-06-17 12:06 - 00002648 ____A C:\Documents and Settings\Jack\Desktop\mbam-log-2012-06-17 (14-48-53).txt 2012-06-17 12:06 - 2012-06-17 10:50 - 00002322 ____A C:\Windows\ntbtlog.txt 2012-06-17 10:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles 2012-06-17 10:45 - 2012-06-17 10:44 - 00125318 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_14.44.04_log.txt 2012-06-17 09:11 - 2012-06-17 09:09 - 00127064 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_13.09.44_log.txt 2012-06-17 09:08 - 2012-06-15 11:15 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Jack\Desktop\TDSSKiller.exe 2012-06-17 09:08 - 2012-06-15 11:15 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Jack\Desktop\TDSSKiller.exe 2012-06-17 09:08 - 2010-12-31 21:14 - 00002254 ____A C:\Users\Jack\Desktop\eula.txt 2012-06-17 09:08 - 2010-12-31 21:14 - 00002254 ____A C:\Documents and Settings\Jack\Desktop\eula.txt 2012-06-17 08:47 - 2010-02-05 04:27 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-06-17 08:37 - 2012-04-03 18:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-06-17 07:34 - 2008-06-23 00:31 - 00000000 __SHD C:\System Volume Information 2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Users\All Users\SpeedyPC Software 2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software 2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\All Users\SpeedyPC Software 2012-06-17 07:31 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software 2012-06-17 07:31 - 2006-11-02 03:18 - 00000000 ___RD C:\Program Files 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\Application Data\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\DriverCure 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\SpeedyPC Software 2012-06-17 07:25 - 2012-06-17 07:25 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\DriverCure 2012-06-17 07:25 - 2006-11-02 03:18 - 00000000 ___HD C:\ProgramData 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\nvModes.dat 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\nvModes.001 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\Application Data\nvModes.dat 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Users\All Users\Application Data\nvModes.001 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\nvModes.dat 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\nvModes.001 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\Application Data\nvModes.dat 2012-06-17 07:19 - 2009-02-15 09:39 - 00048224 ____A C:\Documents and Settings\All Users\Application Data\nvModes.001 2012-06-17 06:32 - 2012-06-17 06:32 - 00335504 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys 2012-06-17 05:51 - 2008-04-27 11:43 - 00000012 ____A C:\Windows\bthservsdp.dat 2012-06-17 05:51 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\Local Settings\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\Local Settings\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-17 03:41 - 2012-01-11 02:50 - 00000000 __SHD C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} 2012-06-16 19:47 - 2012-06-16 19:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-06-16 19:47 - 2011-02-20 13:06 - 00000000 ____D C:\Users\Jack\Desktop\digitalmaintenance 2012-06-16 19:47 - 2011-02-20 13:06 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\digitalmaintenance 2012-06-16 19:46 - 2011-02-12 14:51 - 00001945 ____A C:\Windows\epplauncher.mif 2012-06-16 19:37 - 2009-06-04 06:17 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-06-16 19:25 - 2008-06-22 16:51 - 00000000 ____D C:\users\Jack 2012-06-16 18:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent 2012-06-16 18:05 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\LiveKernelReports 2012-06-16 11:40 - 2012-06-16 11:40 - 00000000 ____D C:\Program Files\Auslogics 2012-06-16 11:34 - 2012-04-03 18:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-06-16 11:34 - 2011-05-18 04:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-06-16 11:32 - 2012-06-16 11:32 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-16 05:24 - 2011-10-18 17:36 - 00000000 ____D C:\Users\Jack\Desktop\freemusic 2012-06-16 05:24 - 2011-10-18 17:36 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\freemusic 2012-06-16 04:12 - 2012-06-16 04:12 - 00000000 ____D C:\Program Files\Dropbox 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk 2012-06-16 03:58 - 2012-06-16 03:58 - 00001664 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2012-06-16 03:58 - 2010-09-10 13:38 - 00000000 ____D C:\Program Files\iTunes 2012-06-16 03:57 - 2012-06-16 03:57 - 00000000 ____D C:\Program Files\iPod 2012-06-16 03:57 - 2008-12-25 07:02 - 00000000 ____D C:\Program Files\Common Files\Apple 2012-06-16 03:48 - 2012-01-14 17:52 - 00000916 ____A C:\Users\Jack\Desktop\Dropbox.lnk 2012-06-16 03:48 - 2012-01-14 17:52 - 00000916 ____A C:\Documents and Settings\Jack\Desktop\Dropbox.lnk 2012-06-15 23:47 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache 2012-06-15 23:39 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2012-06-15 23:05 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Users\All Users\Lx_cats 2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Users\All Users\Application Data\Lx_cats 2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Documents and Settings\All Users\Lx_cats 2012-06-15 19:14 - 2008-07-04 05:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lx_cats 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos.htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (2).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Users\Jennifer\Downloads\Family Photos (1).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos.htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (2).htm 2012-06-15 19:09 - 2012-06-15 19:09 - 00000522 ____A C:\Documents and Settings\Jennifer\Downloads\Family Photos (1).htm 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-06-15 17:32 - 2012-06-15 17:32 - 00080384 ____A C:\Documents and Settings\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-05 10:06 - 2009-01-06 11:10 - 00000052 ____A C:\Windows\System32\DOErrors.log 2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Users\Jennifer\My Documents\Book Party Letter.docx 2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Users\Jennifer\Documents\Book Party Letter.docx 2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Documents and Settings\Jennifer\My Documents\Book Party Letter.docx 2012-06-04 10:20 - 2012-02-08 11:22 - 00012488 ____A C:\Documents and Settings\Jennifer\Documents\Book Party Letter.docx 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 18:45 - 2008-07-08 10:40 - 00024064 ____A C:\Documents and Settings\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 13:24 - 2006-11-02 03:18 - 00000000 ___SD C:\Windows\Downloaded Program Files 2012-05-24 11:15 - 2010-01-07 15:07 - 00000000 ____D C:\Program Files\CCleaner 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\My Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Users\Jennifer\Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\My Documents\Lead Letter.docx 2012-05-23 19:28 - 2012-05-23 19:28 - 00010860 ____A C:\Documents and Settings\Jennifer\Documents\Lead Letter.docx 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Users\All Users\Application Data\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\SPL146.tmp 2012-05-21 17:56 - 2012-05-21 17:56 - 02000660 ____A C:\Documents and Settings\All Users\Application Data\SPL146.tmp 2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Users\Public\Desktop\Safari.lnk 2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Users\All Users\Desktop\Safari.lnk 2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Documents and Settings\Public\Desktop\Safari.lnk 2012-05-19 04:20 - 2009-03-20 15:01 - 00001854 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk 2012-05-19 04:20 - 2009-03-20 15:00 - 00000000 ____D C:\Program Files\Safari 2012-05-19 04:19 - 2012-05-19 04:18 - 00000000 ____D C:\Program Files\QuickTime 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\Public\Desktop\QuickTime Player.lnk 2012-05-19 04:18 - 2012-05-19 04:18 - 00001726 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2012-05-17 15:11 - 2012-06-15 23:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-05-17 14:48 - 2012-06-15 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-17 14:45 - 2012-06-15 23:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-05-17 14:36 - 2012-06-15 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-05-17 14:35 - 2012-06-15 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-05-17 14:35 - 2012-06-15 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-17 14:33 - 2012-06-15 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-05-17 14:31 - 2012-06-15 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-17 14:29 - 2012-06-15 23:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-05-17 14:29 - 2012-06-15 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-05-17 14:27 - 2012-06-15 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-17 14:25 - 2012-06-15 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-05-17 14:24 - 2012-06-15 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-05-17 14:20 - 2012-06-15 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-05-15 11:51 - 2012-06-15 17:40 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Users\Jennifer\Application Data\wklnhst.dat 2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Users\Jennifer\AppData\Roaming\wklnhst.dat 2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Documents and Settings\Jennifer\Application Data\wklnhst.dat 2012-05-14 18:46 - 2008-07-10 09:40 - 00001654 ____A C:\Documents and Settings\Jennifer\AppData\Roaming\wklnhst.dat 2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Users\Jennifer\My Documents\New Folder 2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Users\Jennifer\Documents\New Folder 2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Documents and Settings\Jennifer\My Documents\New Folder 2012-05-09 16:31 - 2012-05-09 16:31 - 00000000 ____D C:\Documents and Settings\Jennifer\Documents\New Folder 2012-05-08 23:34 - 2009-12-23 22:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-08 23:33 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal 2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help 2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Microsoft Help 2012-05-08 23:17 - 2008-03-10 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2012-05-08 23:00 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer 2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Users\Jennifer\My Documents\Hostess Letter.docx 2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Users\Jennifer\Documents\Hostess Letter.docx 2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Documents and Settings\Jennifer\My Documents\Hostess Letter.docx 2012-05-07 18:54 - 2011-09-07 19:13 - 00013092 ____A C:\Documents and Settings\Jennifer\Documents\Hostess Letter.docx 2012-05-04 18:57 - 2012-05-04 18:57 - 04126880 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe 2012-05-01 06:03 - 2012-06-15 17:41 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-28 06:41 - 2012-04-28 06:41 - 00011513 ____A C:\Users\Jack\Desktop\.40spreadsheet.xlsx 2012-04-28 06:41 - 2012-04-28 06:41 - 00011513 ____A C:\Documents and Settings\Jack\Desktop\.40spreadsheet.xlsx 2012-04-23 08:00 - 2012-06-15 17:41 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 08:00 - 2012-06-15 17:41 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 08:00 - 2012-06-15 17:41 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Users\Jennifer\My Documents\New Recruit Letter.docx 2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Users\Jennifer\Documents\New Recruit Letter.docx 2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Documents and Settings\Jennifer\My Documents\New Recruit Letter.docx 2012-04-21 18:01 - 2012-04-08 18:40 - 00088447 ____A C:\Documents and Settings\Jennifer\Documents\New Recruit Letter.docx 2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Users\Jennifer\My Documents\Jackson PFAPA Chart.xlr 2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Users\Jennifer\Documents\Jackson PFAPA Chart.xlr 2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Documents and Settings\Jennifer\My Documents\Jackson PFAPA Chart.xlr 2012-04-18 17:59 - 2011-12-09 16:25 - 00031232 ____A C:\Documents and Settings\Jennifer\Documents\Jackson PFAPA Chart.xlr 2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx 2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts 2012-04-18 16:05 - 2012-04-18 16:05 - 00168825 ____A C:\Users\Jack\Downloads\photo.JPG 2012-04-18 16:05 - 2012-04-18 16:05 - 00168825 ____A C:\Documents and Settings\Jack\Downloads\photo.JPG 2012-04-18 03:54 - 2012-04-18 03:54 - 00792391 ____A C:\Users\Jack\Desktop\countydetectivescontract11to13.pdf 2012-04-18 03:54 - 2012-04-18 03:54 - 00792391 ____A C:\Documents and Settings\Jack\Desktop\countydetectivescontract11to13.pdf 2012-04-18 03:52 - 2012-03-21 08:52 - 00011880 ____A C:\Users\Jack\Desktop\BCDAO.docx 2012-04-18 03:52 - 2012-03-21 08:52 - 00011880 ____A C:\Documents and Settings\Jack\Desktop\BCDAO.docx 2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Users\Jennifer\My Documents\Thirty One Fashion Show.docx 2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Users\Jennifer\Documents\Thirty One Fashion Show.docx 2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Documents and Settings\Jennifer\My Documents\Thirty One Fashion Show.docx 2012-04-13 12:17 - 2012-04-13 12:17 - 00014102 ____A C:\Documents and Settings\Jennifer\Documents\Thirty One Fashion Show.docx 2012-04-07 18:51 - 2012-04-03 21:04 - 00015299 ____A C:\Users\Jack\Desktop\Jack Slattery.docx 2012-04-07 18:51 - 2012-04-03 21:04 - 00015299 ____A C:\Documents and Settings\Jack\Desktop\Jack Slattery.docx 2012-04-04 11:56 - 2012-06-16 19:47 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-03 00:16 - 2012-05-08 22:24 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-04-03 00:16 - 2012-05-08 22:24 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Users\Jack\Application Data\PrimoPDF 2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Users\Jack\AppData\Roaming\PrimoPDF 2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Documents and Settings\Jack\Application Data\PrimoPDF 2012-03-31 14:46 - 2011-06-04 10:12 - 00000000 ____D C:\Documents and Settings\Jack\AppData\Roaming\PrimoPDF 2012-03-31 12:44 - 2011-12-08 11:38 - 00000000 ____D C:\Users\Jack\Desktop\ebay pictures 2012-03-31 12:44 - 2011-12-08 11:38 - 00000000 ____D C:\Documents and Settings\Jack\Desktop\ebay pictures 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 09:09 - 2008-08-03 21:30 - 00016384 ____A C:\Documents and Settings\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-30 04:39 - 2012-05-08 22:25 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-29 05:39 - 2012-05-08 22:25 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Users\All Users\ThumbnailCache4R 2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Users\All Users\Application Data\ThumbnailCache4R 2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Documents and Settings\All Users\ThumbnailCache4R 2012-03-22 10:11 - 2012-03-22 10:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R 2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Users\Jennifer\My Documents\Come Celebrate Cinc.docx 2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Users\Jennifer\Documents\Come Celebrate Cinc.docx 2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Documents and Settings\Jennifer\My Documents\Come Celebrate Cinc.docx 2012-03-21 18:52 - 2012-03-21 18:52 - 00013296 ____A C:\Documents and Settings\Jennifer\Documents\Come Celebrate Cinc.docx 2012-03-20 15:28 - 2012-05-08 22:25 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys ZeroAccess: C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@ C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@ ZeroAccess: C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Documents and Settings\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U ZeroAccess: C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Documents and Settings\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U ZeroAccess: C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Users\Jack\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U ZeroAccess: C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Users\Jack\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-06-04 06:17] - [2012-06-16 19:37] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 17% Total physical RAM: 3006.31 MB Available physical RAM: 2472.23 MB Total Pagefile: 2727.86 MB Available Pagefile: 2551.38 MB Total Virtual: 2047.88 MB Available Virtual: 1989.43 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:137.28 GB) (Free:4.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.77 GB) (Free:1.99 GB) NTFS 4 Drive f: () (Removable) (Total:30.21 GB) (Free:30.17 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 1528 KB Disk 1 Online 30 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 137 GB 32 KB Partition 2 Primary 12 GB 137 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 137 GB Healthy ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D HP_RECOVERY NTFS Partition 12 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 30 GB 32 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 30 GB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-17 12:23 ======================= End Of Log ========================== Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.17.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Jack :: SLATTERYLAPTOP [administrator] 6/17/2012 7:43:11 PM mbam-log-2012-06-17 (19-43-11).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 470819 Time elapsed: 2 hour(s), 5 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.