Jump to content

Search the Community

Showing results for tags 'trojan.zaccess'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 9 results

  1. A few days ago, I had a pop-up window come up that said something like “Payload successfully test.” Norton would not start, so I took the computer to a computer repair place. Once there Norton would start. They recommended Malwarebytes and Ccleaner. Norton found nothing. Malwarebytes found the trojans listed below. I did not see anything in Ccleaner that looks for malware. Trojan.Zaccess HKLM\Software\wow6432node\classes\clsid\{42AEDC87-2188-41FG-B9A3-0C966FEABEC1} Trojan.Zaccess HKU\S-1-5-21-1349598460-4293937954-2297559270-1000_Classes\clsid\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\inprocserver32| Trojan.Zaccess HKU\S-1-5-21-1349598460-4293937954-2297559270-1000_Classes\clsid\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} PUM.Hijack.StartMenu HKU\S-1-5-21-1349598460-4293937954-2297559270-1000\Software\Microsoft\Windows\Currentversion\Explorer\Advanced|Start_ShowSearch Trojan.Zaccess HKLM\Software\Classes\WOW6432NODE\clsid\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} Trojan.Zaccess HKU\S-1-5-21-1349598460-4293937954-2297559270-1000_Classes\clsid\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\Inprocserver32 I then installed Microsoft Security Essential. It found Trojan:Win32/Sirefef!cfg. I have since ran Malwarebytes, MSE, and Malwarebytes Anti-Root kit multiple times. I have also ran Norton, Microsoft Safety Scanner, and Geek Squad's scanner (Webroot Secure Anywhere) once each. None have found anything. The computer acts normally. Should I do anything else to make sure the malware is gone? Thanks
  2. Excuse my English. Ive read the forums about this virus and it makes me worried. Especially since I cannot dwonload any .exe file from the www. The pc says that the files contains a virus (even antivirus software). I tried an online virus scan (bitdefender) who didnt find a virus. If I run MWB: the same Trojan is found ans cannot be removed. If I try to remove it, the system automaticaaly restarts the programm to scan again and again and again.... Pffff who knows the answer to this problem??? YS Wim MBAM-log-2013-09-02 (20-49-35).txt
  3. Hi There, I have a user who was recently infected with a large number of viruses, most of which I could handle except for 1. After everything this Trojan.Zaccess virus remains? I have used MBAM, MBAR, Forefront, Rkill, Sophos, Ultimate boot CD, Rougekiller, TDSSkiller, AdwCleaner, ProcessExplorer, regdelnull and FRST. None have worked. As I have disconnected this machine from the network I was hoping someone with experience with this type of virus could help step me through a manual removal. Any and all help is welcome and would be greatly appreciated, if you require any information just let me know! Thank you, Ryan.
  4. I just did a clean install of Windows 7 from the recovery partition on my laptop and immediately started having problems. I've run several scans with MalwareBytes and have received various results labeled either "rootkit.0access" or "trojan.zaccess". The infection is not removed on restart; I always come back with at least a couple of "trojan.zaccess" results. I see that there have been several threads on this particular problem recently and I will do my best to include all of the commonly requested logs here. dds.txt attach.txt RKreport0_S_08292013_224349.txt FRST.txt Addition.txt Thanks in advance for your help.
  5. Malwarebytes gives me 2 of the Trojan.Zaccess infections (registry value and key). They can't be removed for some reason. Attached the dds and attach.txt files. attach.txtdds.txt
  6. Thanks in advance. Am being humbled by zaccess. Have pre-emptively requested win7 install disks from Dell ( had tracking number in 3 hrs, 'course would've been happier with disks in box ) and started backing up all data, but don't really want to start over. mbam finds: Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Trojan.Zaccess) -> Data: -> Quarantined and deleted successfully. But it comes right back. RogueKiller v8.6.6 X64 fails with [0xc0000034] trying to delete keys: [RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Mary\AppData\Local\Google\Desktop\Install\{de8a9a68-6d2e-b38c-2b83-ce619613ff63}\???\???\???๛\{de8a9a68-6d2e-b38c-2b83-ce619613ff63}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error [RUN][ZeroAccess] HKUS\S-1-5-21-533849793-3111552998-1685056747-1000\[...]\Run : Google Update ("C:\Users\Mary\AppData\Local\Google\Desktop\Install\{de8a9a68-6d2e-b38c-2b83-ce619613ff63}\???\???\???๛\{de8a9a68-6d2e-b38c-2b83-ce619613ff63}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error dds.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2 Run by Mary at 16:27:12 on 2013-08-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1726 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\PROGRA~1\McAfee\MSC\McAPExe.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Users\Mary\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Garmin\TrainingCenter\gStart.exe C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskeng.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll mWinlogon: Userinit = userinit.exe, BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [googletalk] C:\Users\Mary\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [gStart] C:\Garmin\TrainingCenter\gStart.exe uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe StartupFolder: C:\Users\Mary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BELKIN~1.LNK - C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{06F21099-84B9-461F-9BD3-92874DC06196} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{06F21099-84B9-461F-9BD3-92874DC06196}\84F6D656 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{C41DA6E7-2B6E-4881-ABEF-294DC70CA591} : DHCPNameServer = 75.75.75.75 75.75.76.76 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\jjcg7inv.default\ FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll FF - plugin: C:\Users\Mary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\jjcg7inv.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\jjcg7inv.default\extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-08-01 23:55; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor . ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-12-26 772944] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-4-3 342416] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-30 55856] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-30 203776] R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-8-1 221296] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-8-24 120592] R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-8-1 221296] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-8-1 221296] R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-8-1 221296] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-8-1 221296] R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-8-1 1017016] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2013-8-1 218760] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-8-1 182752] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-30 689472] R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2007-10-3 78952] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-4-20 92592] R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2011-7-30 1101600] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-4-3 70112] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-30 320040] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-4-3 309968] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-4-3 516608] R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-2-18 337120] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-8-1 197264] S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-13 44480] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216] S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-2-18 95856] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-3-18 25072] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-31 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-31 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-08-26 20:11:28 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-26 12:46:13 -------- d-----w- C:\Users\Mary\AppData\Local\{F3490FD7-438A-4F43-9B1D-E9B4242B4599} 2013-08-26 00:45:48 -------- d-----w- C:\Users\Mary\AppData\Local\{2F50A2C6-E9C2-4A3D-BD26-4931FB7DED5A} 2013-08-25 17:24:16 -------- d-----w- C:\Program Files (x86)\stinger 2013-08-25 12:57:53 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys 2013-08-25 12:45:25 -------- d-----w- C:\Users\Mary\AppData\Local\{5ABDA21B-0923-4AA7-B866-5A2A301027E7} 2013-08-25 00:40:58 -------- d-----w- C:\Program Files\iPod 2013-08-25 00:40:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-25 00:40:51 -------- d-----w- C:\Program Files\iTunes 2013-08-25 00:27:36 -------- d-----w- C:\Users\Mary\AppData\Local\{BA68B3A3-3F18-46B4-95DD-97830A062F67} 2013-08-24 20:28:44 -------- d-----w- C:\Users\Mary\AppData\Local\{AFB020FD-1D22-4BF6-8DA0-D8F6E3E7855D} 2013-08-24 08:28:18 -------- d-----w- C:\Users\Mary\AppData\Local\{276DA7FF-4CDE-4428-84BC-014CBB7811D9} 2013-08-23 20:28:07 -------- d-----w- C:\Users\Mary\AppData\Local\{1523D0C8-3B49-4CAE-B923-0A1A8E49CD2A} 2013-08-22 22:57:55 -------- d-----w- C:\Users\Mary\AppData\Local\{0D75E1F3-8A42-47B7-B7F4-130C47728B92} 2013-08-22 01:11:44 -------- d-----w- C:\Users\Mary\AppData\Local\{D1FF8090-C5EA-4358-B6FE-496FAA44842D} 2013-08-20 22:21:08 -------- d-----w- C:\Users\Mary\AppData\Local\{1369FFD1-0449-4A77-AD21-6CAF8A550A0D} 2013-08-19 23:39:58 -------- d-----w- C:\Users\Mary\AppData\Local\{29F595D7-FFE1-4447-B4D3-EF66DF055393} 2013-08-18 23:21:54 -------- d-----w- C:\Users\Mary\AppData\Local\{67866234-8DA6-402A-A746-6017F9A8C04D} 2013-08-17 10:40:07 -------- d-----w- C:\Users\Mary\AppData\Local\{2C5BD34B-B447-4015-B0E4-239ACA300FBF} 2013-08-16 22:39:55 -------- d-----w- C:\Users\Mary\AppData\Local\{4A772E7F-9181-46E9-9591-D501429EB85A} 2013-08-16 10:39:31 -------- d-----w- C:\Users\Mary\AppData\Local\{CA20C74F-0DF7-43B6-A6EB-62C169F3CC8F} 2013-08-15 22:39:20 -------- d-----w- C:\Users\Mary\AppData\Local\{33F74B76-53AA-4CEE-BA22-25275BA667EE} 2013-08-15 10:38:57 -------- d-----w- C:\Users\Mary\AppData\Local\{0D65B658-8F4C-4026-848D-C0ABCAD72377} 2013-08-15 07:01:48 -------- d-----w- C:\Windows\System32\MRT 2013-08-15 07:01:40 -------- d-----w- C:\8d978519985f056930df0364bccb 2013-08-15 02:30:55 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-08-15 02:30:55 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-08-15 02:30:54 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-08-15 02:30:54 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-08-15 02:30:54 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-08-15 02:30:54 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-08-15 02:30:53 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-08-15 02:30:53 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-08-15 02:30:10 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-08-15 02:30:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-08-14 22:38:33 -------- d-----w- C:\Users\Mary\AppData\Local\{3BC16868-3D6E-4842-BA63-D8AC3847A740} 2013-08-14 10:38:10 -------- d-----w- C:\Users\Mary\AppData\Local\{EF19346A-32A2-431A-9499-054FE0135865} 2013-08-13 22:37:58 -------- d-----w- C:\Users\Mary\AppData\Local\{18EB5E82-6AF9-4AEC-9069-55E59884B524} 2013-08-13 10:37:35 -------- d-----w- C:\Users\Mary\AppData\Local\{437C29AB-A94F-481A-9E8D-3993282823CB} 2013-08-12 22:37:22 -------- d-----w- C:\Users\Mary\AppData\Local\{49E7D91A-D5FE-42AD-9682-9E3E7B3BD53D} 2013-08-12 00:03:35 -------- d-----w- C:\Users\Mary\AppData\Local\{744C013A-B045-4A65-AB7B-516CC38D822B} 2013-08-11 12:03:24 -------- d-----w- C:\Users\Mary\AppData\Local\{BFB51042-6F28-40DA-84C8-465EAF55F5F6} 2013-08-11 00:03:00 -------- d-----w- C:\Users\Mary\AppData\Local\{58B68BA3-1B06-46AA-8149-4FA6BD17A716} 2013-08-10 12:02:49 -------- d-----w- C:\Users\Mary\AppData\Local\{9AB692DB-5F4A-4DB1-B2FF-21D4BC4AE9A1} 2013-08-09 23:11:12 -------- d-----w- C:\Users\Mary\AppData\Local\{F105C54E-CD6E-4C90-B317-3746773A385B} 2013-08-09 11:10:47 -------- d-----w- C:\Users\Mary\AppData\Local\{5C52D20F-C30C-4D48-AA63-47AFD52AB772} 2013-08-08 23:10:36 -------- d-----w- C:\Users\Mary\AppData\Local\{F47F69A7-623C-4988-84AF-2EFB897CD0F3} 2013-08-07 23:59:19 -------- d-----w- C:\Users\Mary\AppData\Local\{688DE1D3-5E40-435E-B64E-7FC27F4BC248} 2013-08-07 10:46:44 -------- d-----w- C:\Users\Mary\AppData\Local\{97E0C4D2-9009-48DA-8D03-0CF5B27CACEC} 2013-08-06 22:46:34 -------- d-----w- C:\Users\Mary\AppData\Local\{43CE817D-494E-45DD-814A-C6205EE36B25} 2013-08-06 10:11:20 -------- d-----w- C:\Users\Mary\AppData\Local\{CE463F15-6B80-41D2-B7B7-ABC14B0159EA} 2013-08-05 22:11:09 -------- d-----w- C:\Users\Mary\AppData\Local\{3E821056-86C0-49DB-8598-BDD2ACAE05EB} 2013-08-05 10:08:22 -------- d-----w- C:\Users\Mary\AppData\Local\{BBF80BDD-2459-4D14-BEF0-4BFC800166D7} 2013-08-04 22:08:10 -------- d-----w- C:\Users\Mary\AppData\Local\{E009F493-8601-42AF-8E48-F14921A7CAA7} 2013-08-02 11:26:50 -------- d-----w- C:\Users\Mary\AppData\Local\{1ED6FC48-63DC-40BC-BBDB-A7DCEF86AD42} 2013-08-02 05:01:23 -------- d-----w- C:\Program Files\HitmanPro 2013-08-02 05:00:41 -------- d-----w- C:\ProgramData\HitmanPro 2013-08-02 04:11:12 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll 2013-08-02 04:11:12 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll 2013-08-02 04:11:12 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll 2013-08-02 04:11:12 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll 2013-08-02 04:11:12 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll 2013-08-02 04:04:42 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-02 03:51:50 197264 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys 2013-08-02 03:51:09 -------- d-----w- C:\Program Files (x86)\McAfee.com 2013-08-02 03:49:57 -------- d-----w- C:\Program Files\McAfee.com 2013-08-02 03:49:57 -------- d-----w- C:\Program Files\McAfee 2013-08-02 03:44:07 182752 ----a-w- C:\Windows\System32\mfevtps.exe 2013-08-02 00:22:24 -------- d-----w- C:\mfe 2013-08-01 23:15:00 -------- d-----w- C:\Program Files\stinger 2013-08-01 11:31:08 -------- d-----w- C:\Users\Mary\AppData\Local\{697DF7B7-5699-473B-A7E7-5F2E2EE19CDC} 2013-07-31 23:30:57 -------- d-----w- C:\Users\Mary\AppData\Local\{A4A72CE0-8485-43B3-94A8-82AE68BBC8A7} 2013-07-31 01:33:16 -------- d-----w- C:\Users\Mary\AppData\Local\{3B433F84-906C-4CAD-BF3C-78D147E0AA68} 2013-07-29 22:32:54 -------- d-----w- C:\Users\Mary\AppData\Local\{36B5B97C-E55B-43DE-9AD3-8EA8E4955D8C} 2013-07-29 10:32:30 -------- d-----w- C:\Users\Mary\AppData\Local\{6D3A18DE-2BC6-49F4-8C2B-9FE002AB9A82} 2013-07-28 22:32:19 -------- d-----w- C:\Users\Mary\AppData\Local\{94E236F2-7028-4F0A-8CC1-95015707C9A3} 2013-07-28 10:32:08 -------- d-----w- C:\Users\Mary\AppData\Local\{4A3379E6-3CF0-4CFB-AFFA-1DF0AC280EF8} 2013-07-27 22:31:57 -------- d-----w- C:\Users\Mary\AppData\Local\{967B64F0-27A9-4F77-8091-D95D76260548} . ==================== Find3M ==================== . 2013-08-21 13:02:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-21 13:02:25 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-08-02 04:04:35 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-08-02 04:04:35 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-07-31 20:21:18 0 ----a-w- C:\Windows\System32\OxpsConverter.exe 2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-25 07:03:47 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll . ============= FINISH: 16:31:00.96 =============== attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/30/2011 2:44:31 PM System Uptime: 8/26/2013 4:02:23 PM (0 hours ago) . Motherboard: Dell Inc. | | 04GJJT Processor: AMD Athlon II X2 245 Processor | CPU 1 | 2900/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 453 GiB total, 211.232 GiB free. D: is CDROM () E: is FIXED (NTFS) - 228 GiB total, 78.883 GiB free. F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (FAT32) - 698 GiB total, 127.486 GiB free. K: is FIXED (NTFS) - 1863 GiB total, 1703.708 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP212: 8/11/2013 3:00:18 AM - Windows Backup RP213: 8/15/2013 3:00:21 AM - Windows Update RP214: 8/18/2013 3:00:11 AM - Windows Backup RP215: 8/25/2013 3:00:08 AM - Windows Backup RP216: 8/26/2013 1:26:51 PM - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar Ask Toolbar Updater Belkin Network USB Hub Control Center Best Buy pc app Bing Bar Bing Bar Platform Bing Rewards Client Installer Bonjour Canon MP Navigator EX 2.0 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Edoc Viewer Dell Getting Started Guide Dell MusicStage Dell PhotoStage Dell Stage Dell Support Center Dell VideoStage DirectX 9 Runtime Garmin ANT Agent Garmin Communicator Plugin Garmin Communicator Plugin x64 Garmin Training Center Garmin Training Center v5 Garmin USB Drivers Google Chrome Google Talk (remove only) Google Toolbar for Internet Explorer Google Update Helper iCloud iTunes Java 7 Update 25 Java Auto Updater Java 6 Update 24 (64-bit) Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 McAfee Security Scan Plus McAfee SecurityCenter McAfee Virtual Technician Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft IntelliType Pro 8.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 23.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PhotoShowExpress QuickTime RBVirtualFolder64Inst Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shared C Run-time for x64 Shutterfly Express Uploader Skins Skype Toolbars Skype™ 5.10 Sonic CinePlayer Decoder Pack TomTom HOME 2.8.4.2596 TomTom HOME Visual Studio Merge Modules Type to Learn 4 1.21 Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VoiceOver Kit Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 8/26/2013 4:11:17 PM, Error: mbamchameleon [61440] - 8/26/2013 4:03:19 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 8/25/2013 2:12:33 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 8/25/2013 1:24:48 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
  7. I'm new to the forums so plz pardon my newbieness I have been trying to get rid of Trojan.Zaccess with Malwarebytes Anti-Malware and Malwarebytes anti-rootkit beta. the anti-rootkit beta does is not able to scan it but anti-malware is. I've been trying to remove it several times but after the reboot it's still there! I don't rlly see anything wrong with my laptop, but still am suspicious about it. plz help Vendor: Trojan.Zaccess Category: Registry Value Item: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update Other: Value: Rim|Google Update MALWAREBYTES ANTI-MALWARE LOGS: MBAM-log Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.23.04 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16660Fox Face :: TINAPHU-MSI [administrator] 8/25/2013 10:40:54 AMMBAM-log-2013-08-25 (11-09-14).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 244050Time elapsed: 12 minute(s), 50 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Trojan.Zaccess) -> Data: -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  8. Clicked on bad Google result website today - no live protection running. Malwarebytes found and removed Trojan.Dropper.PE4. Ran SuperAntispyware and Spybot - no scan hits. Installed Microsoft Security Essentials - no scan hits. Now, "Due to an unidentified problem, Windows cannot display firewall settings". View settings in Windows Explorer and Control Panel have changed. Ran Malwarebytes again - this time found and removed Trojan.ZAccess and Rootkit.0Access. Thank you in advance. dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Ed Lang at 23:33:05 on 2012-07-04 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.526 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\ed lang\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [nwiz] nwiz.exe /install mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: intuit.com\ttlc DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{264DDFCB-BA6F-47E7-9C4E-0AF636FFAE68} : DhcpNameServer = 192.168.10.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] UnknownUnknown sqfirwgc;sqfirwgc; [x] . =============== Created Last 30 ================ . 2012-07-04 23:48:24 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{52bf68b2-bc89-4a42-89c3-c2519f802afb}\mpengine.dll 2012-07-04 23:42:48 -------- d-----w- c:\program files\Microsoft Security Client . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 23:34:35.65 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 12/30/2009 5:46:14 PM System Uptime: 7/4/2012 10:14:46 PM (1 hours ago) . Motherboard: Dell Computer Corp. | | 0J0592 Processor: Intel® Pentium® 4 CPU 2.53GHz | Microprocessor | 2524/533mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 56 GiB total, 28.704 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP703: 4/6/2012 10:10:51 AM - System Checkpoint RP704: 4/7/2012 1:04:48 PM - System Checkpoint RP705: 4/8/2012 2:17:03 PM - System Checkpoint RP706: 4/9/2012 3:37:12 PM - System Checkpoint RP707: 4/11/2012 12:04:55 AM - System Checkpoint RP708: 4/12/2012 10:51:43 AM - System Checkpoint RP709: 4/12/2012 11:22:31 PM - Software Distribution Service 3.0 RP710: 4/13/2012 12:18:03 AM - Installed TurboTax 2011 wrapper RP711: 4/15/2012 12:08:38 PM - System Checkpoint RP712: 4/16/2012 4:37:07 PM - System Checkpoint RP713: 4/18/2012 1:01:33 AM - System Checkpoint RP714: 4/19/2012 10:24:27 AM - System Checkpoint RP715: 4/20/2012 10:27:12 AM - System Checkpoint RP716: 4/21/2012 12:07:18 PM - System Checkpoint RP717: 4/22/2012 12:44:50 PM - System Checkpoint RP718: 4/23/2012 1:08:05 PM - System Checkpoint RP719: 4/24/2012 2:29:35 PM - System Checkpoint RP720: 4/25/2012 6:31:32 PM - System Checkpoint RP721: 4/26/2012 11:43:42 PM - System Checkpoint RP722: 4/27/2012 11:49:27 PM - System Checkpoint RP723: 4/29/2012 2:39:45 PM - System Checkpoint RP724: 4/30/2012 3:29:43 PM - System Checkpoint RP725: 5/1/2012 10:12:34 PM - System Checkpoint RP726: 5/2/2012 10:53:08 PM - System Checkpoint RP727: 5/4/2012 4:19:02 PM - System Checkpoint RP728: 5/6/2012 1:42:44 PM - System Checkpoint RP729: 5/7/2012 2:28:13 PM - System Checkpoint RP730: 5/9/2012 12:54:10 AM - System Checkpoint RP731: 5/10/2012 10:49:43 AM - System Checkpoint RP732: 5/11/2012 12:25:45 PM - System Checkpoint RP733: 5/12/2012 12:57:56 PM - System Checkpoint RP734: 5/13/2012 5:00:06 PM - System Checkpoint RP735: 5/14/2012 5:02:52 PM - System Checkpoint RP736: 5/15/2012 8:30:36 PM - System Checkpoint RP737: 5/16/2012 8:37:07 PM - System Checkpoint RP738: 5/17/2012 11:28:12 PM - System Checkpoint RP739: 5/19/2012 12:21:19 AM - System Checkpoint RP740: 5/20/2012 12:35:46 AM - System Checkpoint RP741: 5/21/2012 3:03:47 PM - System Checkpoint RP742: 5/22/2012 5:15:52 PM - System Checkpoint RP743: 5/23/2012 8:43:29 PM - System Checkpoint RP744: 5/24/2012 9:05:28 PM - System Checkpoint RP745: 5/25/2012 9:07:22 PM - System Checkpoint RP746: 5/27/2012 12:21:48 PM - System Checkpoint RP747: 5/28/2012 10:44:01 PM - System Checkpoint RP748: 5/29/2012 11:23:15 PM - System Checkpoint RP749: 5/31/2012 1:37:44 PM - System Checkpoint RP750: 6/1/2012 9:43:53 PM - System Checkpoint RP751: 6/2/2012 9:55:01 PM - System Checkpoint RP752: 6/3/2012 10:34:20 PM - System Checkpoint RP753: 6/4/2012 12:53:26 PM - Software Distribution Service 3.0 RP754: 6/5/2012 4:55:00 PM - System Checkpoint RP755: 6/27/2012 7:40:01 PM - System Checkpoint RP756: 6/29/2012 9:28:56 AM - System Checkpoint RP757: 6/30/2012 10:14:33 AM - System Checkpoint RP758: 7/1/2012 10:26:53 AM - System Checkpoint RP759: 7/2/2012 11:24:22 AM - System Checkpoint RP760: 7/3/2012 1:17:28 PM - System Checkpoint RP761: 7/4/2012 1:26:25 PM - System Checkpoint . ==== Installed Programs ====================== . . 3ivx MPEG-4 5.0.3 (remove only) 7-Zip 9.20 Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.4.3 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoBase 3 ArcSoft PhotoStudio 5 Avidemux 2.5 (32-bit) BCM V.92 56K Modem Bonjour Brother 1440 Brownie Canon CanoScan Toolbox 4.0 CanoScan LiDE20,30 Manual Coupon Printer for Windows Dell ResourceCD DING! FileZilla Client 3.3.3 FlipShare Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® PRO Ethernet Adapter and Software iSEEK AnswerWorks English Runtime iTunes Java Auto Updater Java™ 6 Update 24 Logitech® Camera Driver Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 97, Professional Edition Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Display Driver NVIDIA Windows 2000/XP Display Drivers OmniPage SE QuickTime Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 8 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Segoe UI Skype Click to Call Skype™ 5.5 SoundMAX Spybot - Search & Destroy SUPERAntiSpyware TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper UMPlayer 0.98 [P3] Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Internet Explorer 8 Multilingual User Interface (MUI) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows XP Service Pack 3 WyldFyre 7 Installed in: C:\PROGRAM FILES\WYLDFYRE\WYLDFYRE 7 Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 7/4/2012 7:44:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 7/4/2012 11:33:08 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0. 7/4/2012 10:15:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde 7/1/2012 9:22:25 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/27/2012 5:55:20 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. . ==== End Of File ===========================
  9. This is a continuation of http://forums.malwarebytes.org/index.php?showtopic=110776&hl=&fromsearch=1 which was mistakenly "taken over" by yours truly as a newbie to the forum. For clarity's sake, we continue the removal process here. I'm in the process of removing five trojans from a friend's computer: Trojan.Sirefef, Trojan.Small, Trojan.LameShield, Trojan.Dropper and Trojan.Zaccess, as well as Rootkit.0Access. I've determined from my forum searches that brought me to the aforementioned forum (to which I inadvertently responded to the very helpful gringo_pr's instructions) that the Trojan.Sirefef, Trojan.Small and Rootkit.0Access are responsible for causing her system to reboot continuously, only staying up for 1-2 minutes at the most before an alert message advising that Windows has encountered a critical error and will reboot in one minute appears. Continuing The latest FRST log is as follows: Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 06-06-2012 04 Ran by SYSTEM at 07-06-2012 15:50:49 Running from E:\ Windows Vista ™ Home Basic Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet002 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-31] (IDT, Inc.) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-02-26] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-02-26] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-02-26] (Intel Corporation) HKLM\...\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation) HKLM\...\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [657920 2009-11-02] (Dell Inc.) HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-01-05] (Wave Systems Corp.) HKLM\...\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation) HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-04-04] (Malwarebytes Corporation) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKU\Crys\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation) HKU\Crys\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.) HKU\Crys\...\Policies\system: [LogonHoursAction] 2 HKU\Crys\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Guest\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.) HKU\Michael\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.) HKU\Michael\...\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent [x] HKU\Michael\...\Policies\system: [LogonHoursAction] 2 HKU\Michael\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222 Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\All Users\Start Menu\Programs\Startup\TdmNotify.lnk ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) Startup: C:\Users\Michael\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ================================ Services (Whitelisted) ================== 3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257696 2012-05-04] (Adobe Systems Incorporated) 2 alssvc; "C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe" [382232 2008-06-03] (Dell Inc.) 2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-15] (AuthenTec, Inc.) 2 buttonsvc32; "C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe" [278304 2009-11-20] (Dell Inc.) 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation) 3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2010-12-27] (Acresso Software Inc.) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation) 4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation) 4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 2 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [993848 2011-04-18] (Secunia) 2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [399416 2011-04-18] (Secunia) 3 SecureStorageService; "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [1032192 2009-11-18] (Wave Systems Corp.) 2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3063968 2012-04-09] (Skype Technologies S.A.) 2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-04-05] (Skype Technologies) 2 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe /identity QUICKASSIST [1213728 2008-01-08] (SupportSoft, Inc.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe [221266 2009-07-31] (IDT, Inc.) 3 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.) 2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] () 2 TdmService; "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe" [1148264 2009-11-24] (Wave Systems Corp.) 2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" [110592 2009-11-13] (WDC) 2 WDSmartWareBackgroundService; "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" [20480 2009-06-16] (Memeo) 2 dcpsysmgrsvc; "c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe" [x] 2 EvtEng; c:\Program Files\Intel\WiFi\bin\EvtEng.exe [x] 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] 2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x] 4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x] 3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x] 2 RegSrvc; c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [x] 4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x] 4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x] 2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x] ========================== Drivers (Whitelisted) ============= 3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [217136 2009-11-24] (Alps Electric Co., Ltd.) 3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [112128 2009-02-26] (Intel® Corporation) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation) 3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-07] (Malwarebytes Corporation) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 1 MpKsl77c026b2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DDCD221-1D60-492B-91EB-92D7C46B40B6}\MpKsl77c026b2.sys [29904 2012-06-05] (Microsoft Corporation) 3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation) 0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) 3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) 4 rimspci; C:\Windows\system32\drivers\rimspe86.sys [45056 2009-04-03] (REDC) 4 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [48640 2009-04-03] (REDC) 4 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38400 2009-04-03] (REDC) 4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation) 2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [211328 2010-01-05] (Wave Systems Corp.) 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NvtSp50; C:\Windows\System32\Drivers\NvtSp50.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-07 11:37 - 2012-06-07 11:38 - 00000000 ____D C:\FRST 2012-06-07 11:35 - 2012-06-07 11:35 - 00000000 __SHD C:\Config.Msi 2012-06-05 09:35 - 2012-06-07 13:38 - 3174215680 __ASH C:\hiberfil.sys 2012-06-05 09:10 - 2012-06-07 07:46 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2012-06-03 09:28 - 2012-06-03 09:28 - 00002154 ____A C:\Windows\epplauncher.mif 2012-06-03 09:27 - 2012-06-03 09:28 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-03 09:27 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-06-02 16:31 - 2012-06-05 09:19 - 00000000 ____D C:\Users\Crys\AppData\Local\LogMeIn Rescue Applet 2012-06-02 10:44 - 2012-06-02 10:44 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-05-26 09:20 - 2012-05-28 16:05 - 00010578 ____A C:\Users\Crys\Documents\Nutrition.xlsx 2012-05-26 09:16 - 2012-05-26 09:16 - 00000000 ____D C:\Users\Crys\Desktop\MMA 2012-05-11 17:21 - 2012-03-30 04:39 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-05-11 17:21 - 2012-03-29 05:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-05-11 17:21 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-05-11 17:21 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2012-05-11 17:21 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2012-05-11 17:21 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2012-05-11 17:21 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2012-05-11 17:21 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-05-11 17:20 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-05-11 17:20 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-11 17:20 - 2012-04-02 05:36 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ============ 3 Months Modified Files and Folders =============== 2012-06-07 13:39 - 2006-11-02 04:58 - 0032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-07 13:39 - 2006-11-02 04:58 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-07 13:38 - 2012-06-05 09:35 - 3174215680 __ASH C:\hiberfil.sys 2012-06-07 13:38 - 2006-11-02 04:45 - 0003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-07 13:38 - 2006-11-02 04:45 - 0003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-07 11:52 - 2009-04-11 05:18 - 0279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-06-07 11:51 - 2010-09-20 14:50 - 0902938 ____A C:\Windows\ntbtlog.txt 2012-06-07 11:51 - 2010-08-14 12:20 - 0000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-06-07 11:51 - 2010-04-12 19:43 - 0000000 ____A C:\Users\Crys\AppData\Local\WavXMapDrive.bat 2012-06-07 11:43 - 2012-05-05 13:11 - 0000000 ____D C:\Users\All Users\boost_interprocess 2012-06-07 11:38 - 2012-06-07 11:37 - 0000000 ____D C:\FRST 2012-06-07 11:35 - 2012-06-07 11:35 - 0000000 __SHD C:\Config.Msi 2012-06-07 11:34 - 2010-08-14 12:20 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-06-07 07:46 - 2012-06-05 09:10 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2012-06-07 07:46 - 2012-03-29 07:24 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-06-05 09:33 - 2010-04-06 19:25 - 1944952 ____A C:\Windows\WindowsUpdate.log 2012-06-05 09:19 - 2012-06-02 16:31 - 0000000 ____D C:\Users\Crys\AppData\Local\LogMeIn Rescue Applet 2012-06-05 09:17 - 2008-01-20 19:02 - 0055636 ____A C:\Windows\PFRO.log 2012-06-03 09:28 - 2012-06-03 09:28 - 0002154 ____A C:\Windows\epplauncher.mif 2012-06-03 09:28 - 2012-06-03 09:27 - 0000000 ____D C:\Program Files\Microsoft Security Client 2012-06-03 09:28 - 2006-11-02 02:33 - 0866950 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-03 09:21 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\registration 2012-06-03 09:19 - 2010-04-12 20:10 - 0000000 ____D C:\Users\All Users\Symantec 2012-06-02 16:54 - 2010-12-31 14:22 - 0000000 ____D C:\Windows\symbols 2012-06-02 16:27 - 2010-08-14 12:17 - 0000000 ____D C:\Users\Crys\AppData\Roaming\Skype 2012-06-02 10:44 - 2012-06-02 10:44 - 0000000 __SHD C:\Windows\System32\%APPDATA% 2012-05-28 16:05 - 2012-05-26 09:20 - 0010578 ____A C:\Users\Crys\Documents\Nutrition.xlsx 2012-05-26 09:16 - 2012-05-26 09:16 - 0000000 ____D C:\Users\Crys\Desktop\MMA 2012-05-23 04:54 - 2010-04-07 01:01 - 0000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-16 06:05 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET 2012-05-13 12:42 - 2006-11-02 04:44 - 2303584 ____A C:\Windows\System32\FNTCACHE.DAT 2012-05-12 12:33 - 2010-05-25 08:02 - 0000000 ____D C:\Users\All Users\Microsoft Help 2012-05-12 12:29 - 2006-11-02 02:24 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-05-12 12:03 - 2006-11-02 04:35 - 0000000 ____D C:\Windows\System32\XPSViewer 2012-05-07 05:16 - 2012-05-07 05:16 - 0000000 ____D C:\Users\Crys\AppData\Roaming\Foxit Software 2012-05-07 05:13 - 2010-04-12 20:15 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-05-07 05:12 - 2012-05-07 05:12 - 0000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-05-05 13:11 - 2012-05-05 13:10 - 0000000 ___RD C:\Program Files\Skype 2012-05-05 13:11 - 2010-08-14 12:14 - 0000000 ____D C:\Users\All Users\Skype 2012-05-05 13:10 - 2012-05-05 13:10 - 0001878 ____A C:\Users\Public\Desktop\Skype.lnk 2012-05-05 13:10 - 2012-05-05 13:10 - 0000000 ____D C:\Program Files\Common Files\Skype 2012-05-04 16:46 - 2012-03-29 07:24 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-05-04 16:46 - 2011-05-15 11:55 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-04-29 06:37 - 2006-11-02 04:49 - 0147796 ____A C:\Windows\setupact.log 2012-04-20 07:51 - 2012-04-20 07:39 - 0034901 ____A C:\Users\Crys\Desktop\lyrics.docx 2012-04-04 13:56 - 2010-04-12 20:15 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-03 00:16 - 2012-05-11 17:20 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-04-03 00:16 - 2012-05-11 17:20 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-04-02 05:36 - 2012-05-11 17:20 - 2044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-03-30 11:57 - 2012-03-30 11:57 - 0001666 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-03-30 11:57 - 2012-03-09 12:53 - 0000000 ____D C:\Program Files\iTunes 2012-03-30 11:56 - 2012-03-30 11:56 - 0000000 ____D C:\Program Files\iPod 2012-03-30 11:56 - 2010-06-01 13:54 - 0000000 ____D C:\Program Files\Common Files\Apple 2012-03-30 04:39 - 2012-05-11 17:21 - 0914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-29 09:21 - 2012-03-29 09:21 - 313700803 ____A C:\Windows\MEMORY.DMP 2012-03-29 09:21 - 2012-03-29 09:21 - 0144744 ____A C:\Windows\Minidump\Mini032912-01.dmp 2012-03-29 09:21 - 2012-03-29 09:21 - 0000000 ____D C:\Windows\Minidump 2012-03-29 05:39 - 2012-05-11 17:21 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-03-28 06:07 - 2011-04-13 15:53 - 0000861 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-03-20 18:44 - 2012-03-20 18:44 - 0171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys 2012-03-20 18:44 - 2012-03-20 18:44 - 0074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys 2012-03-20 15:28 - 2012-05-11 17:21 - 0053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-03-15 09:25 - 2012-01-22 06:32 - 0008518 ____A C:\Users\Crys\Documents\Car Loan.xlsx ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-04-11 05:18] - [2012-06-07 11:52] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 3026.43 MB Available physical RAM: 2715.68 MB Total Pagefile: 2925.83 MB Available Pagefile: 2793.29 MB Total Virtual: 2047.88 MB Available Virtual: 1980.93 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:102.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32 4 Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.69 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 0 B Disk 1 Online 3827 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 32 KB Partition 2 Primary 15 GB 40 MB Partition 3 Primary 218 GB 15 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 218 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3827 MB 16 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FAT32 Removable 3827 MB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-03 09:49 ======================= End Of Log ==========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.