Jump to content
Sign in to follow this  
thanksinadvance

Help me remove trojan.dropper.bcminer on Win 7 x64

Recommended Posts

Attached are the logs for RKiller and then the Farbar x64 tool

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Al [Admin rights]

Mode: Scan -- Date: 07/13/2012 15:04:04

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{b954169c-eadd-b369-a749-4e15d32da830}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{b954169c-eadd-b369-a749-4e15d32da830}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{b954169c-eadd-b369-a749-4e15d32da830}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\al\appdata\local\{b954169c-eadd-b369-a749-4e15d32da830}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\al\appdata\local\{b954169c-eadd-b369-a749-4e15d32da830}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\al\appdata\local\{b954169c-eadd-b369-a749-4e15d32da830}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++

--- User ---

[MBR] acf4d5646dcc1decb7ef8b8f2d12ba76

[bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10642 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21876736 | Size: 943186 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

-----------------------------------------------------

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012

Ran by SYSTEM at 13-07-2012 15:26:57

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)

HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)

HKLM-x32\...\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-03-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar [439616 2011-04-28] (Panda Security, S.L.)

HKLM-x32\...\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [217256 2012-03-19] (Panda Security)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [938680 2012-04-17] (iolo technologies, LLC)

HKU\Al\...\Run: [start WingMan Profiler] [x]

HKU\Al\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKU\Al\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\Al\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk

ShortcutTarget: WD Backup Monitor.lnk -> C:\Program Files (x86)\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2010-07-17] (Creative Labs)

2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1047336 2012-04-17] (iolo technologies, LLC)

2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140608 2011-04-28] (Panda Security, S.L.)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-06-30] ()

Thanks in advance for the help!

Share this post


Link to post
Share on other sites

The Farbar log was truncated. Here is it in its entirety.

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012

Ran by SYSTEM at 13-07-2012 15:26:57

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)

HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)

HKLM-x32\...\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-03-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar [439616 2011-04-28] (Panda Security, S.L.)

HKLM-x32\...\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [217256 2012-03-19] (Panda Security)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [938680 2012-04-17] (iolo technologies, LLC)

HKU\Al\...\Run: [start WingMan Profiler] [x]

HKU\Al\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKU\Al\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\Al\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk

ShortcutTarget: WD Backup Monitor.lnk -> C:\Program Files (x86)\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2010-07-17] (Creative Labs)

2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1047336 2012-04-17] (iolo technologies, LLC)

2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140608 2011-04-28] (Panda Security, S.L.)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-06-30] ()

========================== Drivers (Whitelisted) =============

1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)

2 PSINAflt; C:\Windows\System32\Drivers\PSINAflt.sys [161032 2012-01-05] (Panda Security, S.L.)

2 PSINFile; C:\Windows\System32\Drivers\PSINFile.sys [114760 2011-04-28] (Panda Security, S.L.)

1 PSINKNC; C:\Windows\System32\Drivers\PSINKNC.sys [149768 2011-11-23] (Panda Security, S.L.)

2 PSINProc; C:\Windows\System32\Drivers\PSINProc.sys [121928 2011-04-28] (Panda Security, S.L.)

2 PSINProt; C:\Windows\System32\Drivers\PSINProt.sys [128264 2011-11-30] (Panda Security, S.L.)

1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

1 FileDisk; [x]

3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-13 17:08 - 2012-07-13 17:08 - 01434551 ____A (Farbar) C:\Users\Al\Downloads\FRST64.exe

2012-07-13 17:04 - 2012-07-13 17:04 - 00002174 ____A C:\Users\Al\Desktop\RKreport[1].txt

2012-07-13 17:03 - 2012-07-13 17:04 - 00000000 ____D C:\Users\Al\Desktop\RK_Quarantine

2012-07-13 17:02 - 2012-07-13 17:02 - 01558528 ____A C:\Users\Al\Downloads\RogueKiller.exe

2012-07-13 15:26 - 2012-07-13 15:26 - 00000000 ____D C:\FRST

2012-07-12 15:13 - 2012-07-12 15:13 - 00002277 ____A C:\Users\Al\Desktop\System Mechanic Professional.lnk

2012-07-12 15:12 - 2012-07-12 15:12 - 00000000 ____D C:\Program Files (x86)\iolo

2012-07-12 15:12 - 2012-04-17 12:11 - 00049152 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe

2012-07-12 15:12 - 2012-04-17 12:11 - 00017920 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe

2012-07-12 15:12 - 2012-04-17 11:37 - 02154032 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll

2012-07-12 15:12 - 2012-04-17 11:37 - 02095816 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll

2012-07-12 15:12 - 2012-04-17 10:25 - 00069000 ____A (Microsoft Corporation) C:\Windows\System32\offreg.dll

2012-07-12 15:12 - 2012-04-17 10:25 - 00056200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll

2012-07-12 15:11 - 2012-04-17 13:02 - 89419176 ____A (iolo technologies, LLC ) C:\Users\Al\Desktop\SystemMechanicPro.exe

2012-07-12 15:10 - 2012-07-12 15:10 - 00000000 ____D C:\iolo

2012-07-12 15:09 - 2012-07-12 15:17 - 00000000 ____D C:\Users\All Users\iolo

2012-07-12 15:09 - 2012-07-12 15:17 - 00000000 ____D C:\Users\All Users\Application Data\iolo

2012-07-12 15:09 - 2012-07-12 15:17 - 00000000 ____D C:\Users\Al\Application Data\iolo

2012-07-12 15:09 - 2012-07-12 15:17 - 00000000 ____D C:\Users\Al\AppData\Roaming\iolo

2012-07-11 13:32 - 2012-07-11 21:27 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-11 13:23 - 2012-07-11 13:23 - 00000000 ____D C:\Windows\Sun

2012-07-11 05:03 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 05:01 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-11 05:01 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-11 05:01 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-11 05:01 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-11 05:01 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-11 05:01 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-11 05:01 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-11 05:01 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-11 05:01 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-11 05:01 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-11 05:01 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-11 05:01 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-11 05:01 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-11 05:01 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-11 05:01 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-11 05:01 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-11 05:01 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-11 05:01 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-11 05:01 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-11 05:01 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-11 05:01 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-11 05:01 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-11 05:01 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-11 05:01 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-11 05:01 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-11 05:01 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-11 05:01 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-11 05:01 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-10 23:59 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-10 23:59 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-10 23:59 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-10 23:59 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-10 23:59 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-10 23:59 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-10 23:59 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-10 23:59 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-10 23:59 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-10 23:59 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-10 23:59 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-10 23:59 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-10 23:59 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-10 23:59 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-10 23:59 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-10 23:59 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-10 23:59 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-10 23:59 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-10 23:59 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-06-18 23:07 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-18 23:07 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-18 23:07 - 2012-06-02 17:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-18 23:07 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-18 23:07 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-18 23:07 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-18 23:07 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-18 23:07 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-18 23:07 - 2012-06-02 17:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-16 14:23 - 2012-06-16 14:23 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-16 14:23 - 2012-06-16 14:23 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-06-16 14:23 - 2012-06-16 14:23 - 00000000 ____D C:\Program Files\iTunes

2012-06-16 14:23 - 2012-06-16 14:23 - 00000000 ____D C:\Program Files\iPod

2012-06-16 14:23 - 2012-06-16 14:23 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-06-13 23:05 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-06-13 23:05 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-06-13 23:05 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-06-13 23:05 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-06-13 23:05 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-06-13 23:05 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-06-13 23:05 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-06-13 23:05 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-06-13 23:05 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-06-13 23:05 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-06-13 23:05 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-06-13 23:05 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-06-13 23:05 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-06-13 23:05 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-06-13 23:05 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll

2012-06-13 23:05 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

============ 3 Months Modified Files ========================

2012-07-13 17:23 - 2009-07-14 00:10 - 01476963 ____A C:\Windows\WindowsUpdate.log

2012-07-13 17:22 - 2012-07-13 17:22 - 00000000 ____A C:\Users\Al\Desktop\New Text Document.txt

2012-07-13 17:10 - 2012-04-17 17:16 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job

2012-07-13 17:09 - 2009-07-14 00:13 - 00743860 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-13 17:08 - 2012-07-13 17:08 - 01434551 ____A (Farbar) C:\Users\Al\Downloads\FRST64.exe

2012-07-13 17:04 - 2012-07-13 17:04 - 00002174 ____A C:\Users\Al\Desktop\RKreport[1].txt

2012-07-13 17:02 - 2012-07-13 17:02 - 01558528 ____A C:\Users\Al\Downloads\RogueKiller.exe

2012-07-13 17:02 - 2010-09-08 15:07 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-13 16:59 - 2012-04-09 13:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-13 16:54 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-13 16:54 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-13 16:46 - 2011-12-31 16:32 - 00026690 ____A C:\Windows\SysWOW64\temp.txt

2012-07-13 16:46 - 2010-09-08 15:07 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-13 16:46 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-13 16:46 - 2009-07-13 23:51 - 00048940 ____A C:\Windows\setupact.log

2012-07-12 15:21 - 2010-06-18 11:07 - 00098306 ____A C:\Windows\PFRO.log

2012-07-12 15:13 - 2012-07-12 15:13 - 00002277 ____A C:\Users\Al\Desktop\System Mechanic Professional.lnk

2012-07-12 13:59 - 2012-04-09 13:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-12 13:59 - 2011-10-21 11:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-12 13:40 - 2012-06-04 11:23 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-12 13:40 - 2012-06-04 11:23 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-11 20:55 - 2010-07-03 13:39 - 00103272 ____A C:\Users\Al\GoToAssistDownloadHelper.exe

2012-07-11 18:15 - 2012-04-17 17:16 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2012-07-11 05:21 - 2009-07-13 23:45 - 00494264 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 05:03 - 2009-07-13 21:34 - 00000478 ____A C:\Windows\win.ini

2012-07-11 05:01 - 2010-06-29 22:11 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-03 15:46 - 2012-01-08 20:07 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-16 14:23 - 2012-06-16 14:23 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-16 14:23 - 2012-06-16 14:23 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-06-11 22:08 - 2012-07-11 05:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-09 00:43 - 2012-07-10 23:59 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 23:41 - 2012-07-10 23:59 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-06 01:06 - 2012-07-10 23:59 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-06 01:06 - 2012-07-10 23:59 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-06 01:02 - 2012-07-10 23:59 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-06 00:05 - 2012-07-10 23:59 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-06 00:05 - 2012-07-10 23:59 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-06 00:03 - 2012-07-10 23:59 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 17:19 - 2012-06-18 23:07 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 17:19 - 2012-06-18 23:07 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 17:19 - 2012-06-18 23:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 17:19 - 2012-06-18 23:07 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 17:19 - 2012-06-18 23:07 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 17:19 - 2012-06-18 23:07 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 17:15 - 2012-06-18 23:07 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 17:15 - 2012-06-18 23:07 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 17:15 - 2012-06-18 23:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 07:49 - 2012-07-11 05:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 07:17 - 2012-07-11 05:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 07:12 - 2012-07-11 05:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 07:05 - 2012-07-11 05:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 07:05 - 2012-07-11 05:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 07:04 - 2012-07-11 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 07:04 - 2012-07-11 05:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 07:03 - 2012-07-11 05:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 07:01 - 2012-07-11 05:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 07:00 - 2012-07-11 05:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 06:59 - 2012-07-11 05:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 06:57 - 2012-07-11 05:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 06:57 - 2012-07-11 05:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 06:54 - 2012-07-11 05:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 04:07 - 2012-07-11 05:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 03:43 - 2012-07-11 05:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 03:33 - 2012-07-11 05:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 03:26 - 2012-07-11 05:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 03:25 - 2012-07-11 05:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 03:25 - 2012-07-11 05:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 03:23 - 2012-07-11 05:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 03:21 - 2012-07-11 05:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 03:20 - 2012-07-11 05:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 03:19 - 2012-07-11 05:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 03:19 - 2012-07-11 05:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 03:17 - 2012-07-11 05:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 03:16 - 2012-07-11 05:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 03:14 - 2012-07-11 05:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-02 00:50 - 2012-07-10 23:59 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-02 00:48 - 2012-07-10 23:59 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-02 00:48 - 2012-07-10 23:59 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 00:45 - 2012-07-10 23:59 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-02 00:44 - 2012-07-10 23:59 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 23:40 - 2012-07-10 23:59 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 23:40 - 2012-07-10 23:59 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 23:39 - 2012-07-10 23:59 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 23:34 - 2012-07-10 23:59 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-05 12:43 - 2012-05-05 12:43 - 00000056 ___AH C:\Windows\SysWOW64\ezsidmv.dat

2012-05-04 06:06 - 2012-06-13 23:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 05:03 - 2012-06-13 23:05 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 05:03 - 2012-06-13 23:05 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-01 00:40 - 2012-06-13 23:05 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-27 22:55 - 2012-06-13 23:05 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-26 00:41 - 2012-06-13 23:05 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-26 00:41 - 2012-06-13 23:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-26 00:34 - 2012-06-13 23:05 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-24 00:37 - 2012-06-13 23:05 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-24 00:37 - 2012-06-13 23:05 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-24 00:37 - 2012-06-13 23:05 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-23 23:36 - 2012-06-13 23:05 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-23 23:36 - 2012-06-13 23:05 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-23 23:36 - 2012-06-13 23:05 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-04-23 12:15 - 2012-04-23 12:15 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg

2012-04-17 13:02 - 2012-07-12 15:11 - 89419176 ____A (iolo technologies, LLC ) C:\Users\Al\Desktop\SystemMechanicPro.exe

2012-04-17 12:11 - 2012-07-12 15:12 - 00049152 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe

2012-04-17 12:11 - 2012-07-12 15:12 - 00017920 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe

2012-04-17 11:37 - 2012-07-12 15:12 - 02154032 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll

2012-04-17 11:37 - 2012-07-12 15:12 - 02095816 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll

2012-04-17 10:25 - 2012-07-12 15:12 - 00069000 ____A (Microsoft Corporation) C:\Windows\System32\offreg.dll

2012-04-17 10:25 - 2012-07-12 15:12 - 00056200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll

ZeroAccess:

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\00000004.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\1afb2d56

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\201d3dde

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000004.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000008.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\000000cb.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000000.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000032.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000064.@

ZeroAccess:

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\@

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\L

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%

Total physical RAM: 12278.97 MB

Available physical RAM: 11287.27 MB

Total Pagefile: 12277.12 MB

Available Pagefile: 11279.32 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:921.08 GB) (Free:739.75 GB) NTFS

3 Drive e: (Crysis 2) (CDROM) (Total:7.59 GB) (Free:0 GB) CDFS

4 Drive f: (RECOVERY) (Fixed) (Total:10.39 GB) (Free:4.56 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive g: () (Removable) (Total:1.91 GB) (Free:0.54 GB) FAT

11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 1959 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Disk 6 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 10 GB 40 MB

Partition 3 Primary 921 GB 10 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 10 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 F RECOVERY NTFS Partition 10 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C OS NTFS Partition 921 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1959 MB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT Removable 1959 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 02:30

======================= End Of Log ==========================

Share this post


Link to post
Share on other sites

Farbar Recovery Scan Tool Version: 11-07-2012

Ran by SYSTEM at 2012-07-13 16:07:02

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Share this post


Link to post
Share on other sites

Reading from the other thread i see i have the same exact problem so I am trying to run what I think you will ask me to run in advance. I hope no offense is taken.

Ran this script below in fixlist.txt

-----------------------------------------------------

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\00000004.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\1afb2d56

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\201d3dde

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000004.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000008.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\000000cb.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000000.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000032.@

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000064.@

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\@

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\L

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\U

C:\Windows\assembly\GAC_32\Desktop.ini

C:\Windows\assembly\GAC_64\Desktop.ini

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\system32\services.exe

-----------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012

Ran by SYSTEM at 2012-07-13 16:33:38 Run:1

Running from G:\

==============================================

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830} moved successfully.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\@ not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\00000004.@ not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\1afb2d56 not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\201d3dde not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000004.@ not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000008.@ not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\000000cb.@ not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000000.@ not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000032.@ not found.

C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000064.@ not found.

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830} moved successfully.

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\@ not found.

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\L not found.

C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\U not found.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\system32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\system32\services.exe

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

ComboFix 12-07-13.03 - Al 07/13/2012 16:47:44.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10622 [GMT -7:00]

Running from: c:\users\Al\Desktop\ComboFix.exe

AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll

c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll

c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll

c:\users\Al\GoToAssistDownloadHelper.exe

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\tmp4A78.tmp

c:\windows\SysWow64\tmp4B24.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

.

.

2012-07-13 23:54 . 2012-07-13 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-13 20:26 . 2012-07-13 20:26 -------- d-----w- C:\FRST

2012-07-12 20:12 . 2012-04-17 16:37 2154032 ----a-w- c:\windows\system32\Incinerator64.dll

2012-07-12 20:12 . 2012-04-17 16:37 2095816 ----a-w- c:\windows\SysWow64\Incinerator32.dll

2012-07-12 20:12 . 2012-07-12 20:12 -------- d-----w- c:\program files (x86)\iolo

2012-07-12 20:12 . 2012-04-17 17:11 49152 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-07-12 20:12 . 2012-04-17 17:11 17920 ----a-w- c:\windows\system32\smrgdf.exe

2012-07-12 20:12 . 2012-04-17 15:25 69000 ----a-w- c:\windows\system32\offreg.dll

2012-07-12 20:12 . 2012-04-17 15:25 56200 ----a-w- c:\windows\SysWow64\offreg.dll

2012-07-12 20:10 . 2012-07-12 20:10 -------- d-----w- C:\iolo

2012-07-12 20:09 . 2012-07-12 20:17 -------- d-----w- c:\users\Al\AppData\Roaming\iolo

2012-07-12 20:09 . 2012-07-12 20:17 -------- d-----w- c:\programdata\iolo

2012-07-11 18:32 . 2012-07-12 02:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-11 18:23 . 2012-07-11 18:23 -------- d-----w- c:\windows\Sun

2012-07-11 10:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 04:59 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-10 07:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CBB2B04-000D-43B5-83A4-DADC66096250}\mpengine.dll

2012-06-19 04:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 04:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 04:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 04:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 04:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 04:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 04:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 04:07 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 04:07 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-16 19:23 . 2012-06-16 19:23 -------- d-----w- c:\program files\iPod

2012-06-16 19:23 . 2012-06-16 19:23 -------- d-----w- c:\program files\iTunes

2012-06-16 19:23 . 2012-06-16 19:23 -------- d-----w- c:\program files (x86)\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 18:59 . 2012-04-09 18:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 18:59 . 2011-10-21 16:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 20:46 . 2012-01-09 01:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]

2011-06-24 17:37 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696]

.

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]

"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]

"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]

.

c:\users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WD Backup Monitor.lnk - c:\program files (x86)\My Book\WD Backup\uBBMonitor.exe [2010-8-7 98304]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-30 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-30 79360]

R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-07-17 79360]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 23464]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 149768]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 161032]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 114760]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 121928]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 128264]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-20 3048136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 639512]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:59]

.

2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 20:07]

.

2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 20:07]

.

2012-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-07-13 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Start WingMan Profiler - (no file)

Toolbar-Locked - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:48,66,1b,1d,a2,74,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,42,3f,5b,e6,d6,81,47,ba,63,73,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,42,3f,5b,e6,d6,81,47,ba,63,73,\

.

[HKEY_USERS\S-1-5-21-3372766108-2329903281-2714972612-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

.

**************************************************************************

.

Completion time: 2012-07-13 17:04:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-14 00:04

.

Pre-Run: 794,356,555,776 bytes free

Post-Run: 794,369,896,448 bytes free

.

- - End Of File - - 11CBE4E2BCCE8C29DB9FF42C68292F25

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.