Trojan.Dropper.BCMiner

[dslr_mom]

Hey guys, I am new to this so bare with me. Somehow my kids got this virus and up pops porn when anyone is on the computer. Malware found this virus on my computer but won't remove it any additional help you can offer would be greatly appreciated.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31

Run by Christa at 8:31:34 on 2012-07-24

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3894.2401 [GMT -4:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe

C:\Windows\Samsung\PanelMgr\caller64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe

C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\notepad.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background

mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [<NO NAME>]

mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{6B8F5312-7225-4BF1-9B74-BA975915DEB6} : DhcpNameServer = 64.71.255.198 64.71.255.253

TCP: Interfaces\{9B91BE05-0604-4307-B2B3-C5370317AE82} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9B91BE05-0604-4307-B2B3-C5370317AE82}\24275736560234F657E6479702C4962627162797027457563747 : DhcpNameServer = 216.183.128.14 216.183.140.14

TCP: Interfaces\{9B91BE05-0604-4307-B2B3-C5370317AE82}\261627262757C656A7 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{9B91BE05-0604-4307-B2B3-C5370317AE82}\443374E4F53535944403 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9B91BE05-0604-4307-B2B3-C5370317AE82}\7516C64756272E08993702960586F6E656 : DhcpNameServer = 64.71.255.198 64.71.255.253

TCP: Interfaces\{9B91BE05-0604-4307-B2B3-C5370317AE82}\96D284F64756C6 : DhcpNameServer = 172.16.48.2

TCP: Interfaces\{9B91BE05-0604-4307-B2B3-C5370317AE82}\C457E64627967616E60284F6D656 : DhcpNameServer = 192.168.3.1

TCP: Interfaces\{9B91BE05-0604-4307-B2B3-C5370317AE82}\C657E64627967616E6 : DhcpNameServer = 192.168.0.1

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

mRun-x64: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [(Default)]

mRun-x64: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Christa\AppData\Roaming\Mozilla\Firefox\Profiles\msb873do.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig

FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=

FF - component: C:\Users\Christa\AppData\Roaming\Mozilla\Firefox\Profiles\msb873do.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll

FF - plugin: C:\Users\Christa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

.

user_pref('extensions.dealply.partner', 'iron');

.

user_pref('extensions.dealply.channel', 'iron3');

.

user_pref('extensions.dealply.installId', '6543188591906684216620703504714461195695580');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '0');

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2010-6-8 89600]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-8 338168]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-23 655944]

R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2010-6-8 2320920]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]

S3 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

S3 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SpyroService;Spyro Portal Service;C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [2011-9-9 48128]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]

S4 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

.

=============== Created Last 30 ================

.

2012-07-23 00:07:42 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-22 22:44:12 -------- d-----w- C:\Users\Christa\AppData\Local\{BE0441A3-D44E-11E1-8270-B8AC6F996F26}

2012-07-22 22:44:12 -------- d-----w- C:\Users\Christa\AppData\Local\{BE03FED1-D44E-11E1-8270-B8AC6F996F26}

2012-07-22 22:44:09 444416 ----a-w- C:\Users\Christa\AppData\Roaming\sgifxy.dll

2012-07-22 22:43:15 -------- d-----w- C:\Users\Christa\AppData\Roaming\xsecva

2012-07-19 01:11:25 -------- d-----w- C:\Users\Christa\AppData\Roaming\WildTangent

2012-07-07 19:52:28 -------- d-----w- C:\ProgramData\GFI Software

2012-07-05 15:22:57 -------- d-----w- C:\ProgramData\kinoma

2012-07-05 00:50:29 -------- d-----w- C:\Program Files\ATI Technologies

2012-07-05 00:50:27 -------- d-----w- C:\Program Files\ATI

2012-07-03 22:39:24 -------- d-----w- C:\Users\Christa\AppData\Local\kinoma

2012-07-03 22:39:00 -------- d-----w- C:\Users\Christa\AppData\Local\Sony Corporation

2012-07-03 22:38:59 -------- d-----w- C:\Program Files (x86)\Sony

2012-07-03 22:38:59 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared

2012-07-02 13:30:26 -------- d-----w- C:\Users\Christa\AppData\Local\adaware

2012-07-02 13:30:25 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

.

==================== Find3M ====================

.

2012-07-23 00:02:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-23 00:02:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 8:32:09.08 ===============

[dslr_mom]

Here is the attach file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 19/08/2010 9:39:12 PM

System Uptime: 24/07/2012 7:55:45 AM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 144C

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU | 1065/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 444 GiB total, 231.32 GiB free.

D: is FIXED (NTFS) - 22 GiB total, 3.163 GiB free.

E: is FIXED (FAT32) - 0 GiB total, 0.088 GiB free.

F: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4a9c2fa7-d63f-44c5-a247-bb3289a3739f}

Description: Activision Xbox360 Spyro Portal

Device ID: ROOT\XBOX360USBDEVICE\0000

Manufacturer: Activision

Name: Activision Xbox360 Spyro Portal

PNP Device ID: ROOT\XBOX360USBDEVICE\0000

Service: WinUSB

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SBRE

Device ID: ROOT\LEGACY_SBRE\0000

Manufacturer:

Name: SBRE

PNP Device ID: ROOT\LEGACY_SBRE\0000

Service: SBRE

.

==== System Restore Points ===================

.

RP152: 07/07/2012 3:50:43 PM - Removed Ad-Aware Antivirus.

RP153: 15/07/2012 3:11:50 PM - Scheduled Checkpoint

RP154: 23/07/2012 9:21:10 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

ActiveCheck component for HP Active Support Library

Ad-Aware Browsing Protection

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 6.0

Adobe Reader 9.5.1

Adobe Shockwave Player

Agatha Christie - Death on the Nile

Akamai NetSession Interface

Akamai NetSession Interface Service

Apple Application Support

Apple Software Update

Bejeweled 2 Deluxe

Big Fish Games: Game Manager

Blackhawk Striker 2

Blasterball 3

Bus Driver

Chuzzle Deluxe

Compatibility Pack for the 2007 Office system

Corel Graphics - Windows Shell Extension

CorelDRAW Graphics Suite X5

CorelDRAW Graphics Suite X5 - Capture

CorelDRAW Graphics Suite X5 - Common

CorelDRAW Graphics Suite X5 - Connect

CorelDRAW Graphics Suite X5 - Custom Data

CorelDRAW Graphics Suite X5 - Draw

CorelDRAW Graphics Suite X5 - EN

CorelDRAW Graphics Suite X5 - Filters

CorelDRAW Graphics Suite X5 - FontNav

CorelDRAW Graphics Suite X5 - IPM

CorelDRAW Graphics Suite X5 - PHOTO-PAINT

CorelDRAW Graphics Suite X5 - Photozoom Plugin

CorelDRAW Graphics Suite X5 - Redist

CorelDRAW Graphics Suite X5 - Setup Files

CorelDRAW Graphics Suite X5 - VBA

CorelDRAW Graphics Suite X5 - VideoBrowser

CorelDRAW Graphics Suite X5 - VSTA

CorelDRAW Graphics Suite X5 - WT

CorelDRAW® Graphics Suite X5

Coupon Printer for Windows

CyberLink DVD Suite

Dora's Carnival Adventure

Dropbox

DVD Menu Pack for HP MediaSmart Video

Escape Rosecliff Island

ESU for Microsoft Windows 7

Faerie Solitaire

FATE

FoxTab FLV Player

Garden Defense

Google Chrome

Google Update Helper

Hidden Wonders of the Depths 3: Atlantis Adventures

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

HP Advisor

HP Customer Experience Enhancements

HP DVB-T TV Tuner 8.0.64.43

HP Game Console

HP Games

HP LaserJet P1000 series

HP MediaSmart DVD

HP MediaSmart Internet TV

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart Video

HP MediaSmart Webcam

HP QuickWeb Installer

HP Setup

HP Software Framework

HP Support Assistant

HP Update

HP User Guides 0176

HPAsset component for HP Active Support Library

HPSSupply

IDT Audio

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 31

Jewel Quest 3

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft Office Outlook 2003 with Business Contact Manager Update

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Tools for Applications 2.0 Runtime

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MrvlUsgTracking

Mystery Case Files: Ravenhearst ®

OverDrive Media Console

Penguins!

PhotoNow!

PhotoPresets with One-Click WOW!

PhotoPresets Wow Effects for Lightroom

Plants vs. Zombies

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

QuickTime

Reader for PC

Realtek Ethernet Controller Driver For Windows 7

Realtek USB 2.0 Card Reader

Recovery Manager

Safari

Samsung CLP-310 Series

SpyroDriver

Starcraft

Virtual Families

Virtual Villagers - The Secret City

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

VLC media player 2.0.1

Windows Live installer

Windows Live Messenger

Windows Live Sign-in Assistant

Xvid Video Codec

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

24/07/2012 8:00:49 AM, Error: Service Control Manager [7024] - The MSSQLServerADHelper service terminated with service-specific error %%-1073741724.

24/07/2012 7:56:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

24/07/2012 7:56:07 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

24/07/2012 7:56:06 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[dslr_mom]

First off Mr.Charlie: THANK YOU so much for your help.

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Christa [Admin rights]

Mode: Scan -- Date: 07/24/2012 08:55:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] RunAsStdUser Task.job @ : C:\Users\Christa\AppData\Local\hippogeekSA\bin\1.0.4.0\HippoGeekSA.exe -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Christa\AppData\Local\{476a158c-e88e-bc9f-2115-6146218442f3}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{476a158c-e88e-bc9f-2115-6146218442f3}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{476a158c-e88e-bc9f-2115-6146218442f3}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{476a158c-e88e-bc9f-2115-6146218442f3}\L --> FOUND

[ZeroAccess][FILE] n : c:\users\christa\appdata\local\{476a158c-e88e-bc9f-2115-6146218442f3}\n --> FOUND

[ZeroAccess][FILE] @ : c:\users\christa\appdata\local\{476a158c-e88e-bc9f-2115-6146218442f3}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\christa\appdata\local\{476a158c-e88e-bc9f-2115-6146218442f3}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\christa\appdata\local\{476a158c-e88e-bc9f-2115-6146218442f3}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

--- User ---

[MBR] 36d60958b59ac599d17052ef07f03bf5

[bSP] 0b5d5cfec1c6422612bc189cfb83c36e : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 454418 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 931057664 | Size: 22218 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

[dslr_mom]

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 24-07-2012 10:58:01

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [166424 2010-02-01] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390680 2010-02-01] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [410136 2010-02-01] (Intel Corporation)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-13] (IDT, Inc.)

HKLM-x32\...\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [67488 2007-09-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun [606208 2009-08-27] ()

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2012-01-31] (Sony Corporation)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()

HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()

HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1716784 2012-04-24] (Soluto)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)

3 Akamai; C:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [3417376 2012-03-27] ()

2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-02-08] (DeviceVM, Inc.)

3 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

3 MSSQL$MICROSOFTSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ [9150464 2005-05-03] (Microsoft Corporation)

3 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe" [73728 2005-05-03] (Microsoft Corporation)

3 SpyroService; "C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe" [48128 2011-09-09] (FS)

3 SQLAgent$MICROSOFTSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ [323584 2005-05-03] (Microsoft Corporation)

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe [244736 2010-01-13] (IDT, Inc.)

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-17] (Intel Corporation)

3 usnjsvc; "C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe" [98672 2007-05-17] (Microsoft Corporation)

3 WLSetupSvc; "C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe" [228208 2007-05-16] ()

========================== Drivers (Whitelisted) =============

1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2010-01-29] (DeviceVM, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]

1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-24 10:55 - 2012-07-24 10:55 - 00000000 ____D C:\FRST

2012-07-24 06:26 - 2012-07-24 06:26 - 01437781 ____A (Farbar) C:\Users\Christa\Downloads\FRST64.exe

2012-07-24 04:55 - 2012-07-24 04:55 - 01552384 ____A C:\Users\Christa\Downloads\RogueKiller.exe

2012-07-24 04:55 - 2012-07-24 04:55 - 00002499 ____A C:\Users\Christa\Desktop\RKreport[1].txt

2012-07-24 04:55 - 2012-07-24 04:55 - 00000000 ____D C:\Users\Christa\Desktop\RK_Quarantine

2012-07-24 04:33 - 2012-07-24 04:33 - 00006388 ____A C:\Users\Christa\Desktop\Attach.txt

2012-07-24 04:32 - 2012-07-24 04:32 - 00017102 ____A C:\Users\Christa\Desktop\DDS.txt

2012-07-24 04:29 - 2012-07-24 04:29 - 00607260 ____R (Swearware) C:\Users\Christa\Downloads\dds.scr

2012-07-24 04:18 - 2012-07-24 04:18 - 00000314 ____A C:\Users\Christa\Documents\fixlist.txt

2012-07-22 16:07 - 2012-07-22 16:07 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-22 14:44 - 2012-07-22 14:44 - 00444416 ____A (Dogbert) C:\Users\Christa\AppData\Roaming\sgifxy.dll

2012-07-22 14:44 - 2012-07-22 14:44 - 00000000 ____D C:\Users\Christa\AppData\Local\{BE0441A3-D44E-11E1-8270-B8AC6F996F26}

2012-07-22 14:44 - 2012-07-22 14:44 - 00000000 ____D C:\Users\Christa\AppData\Local\{BE03FED1-D44E-11E1-8270-B8AC6F996F26}

2012-07-22 14:43 - 2012-07-23 18:38 - 00000000 ____D C:\Users\Christa\AppData\Roaming\xsecva

2012-07-22 14:07 - 2012-07-22 15:52 - 189620050 ____A C:\Users\Christa\Downloads\09388.rar

2012-07-22 13:56 - 2012-07-22 13:58 - 17895667 ____A C:\Users\Christa\Downloads\DPG0562 - Tangled Ever After 2012 BRRip Short Film.zip

2012-07-22 13:45 - 2012-07-22 13:45 - 243107457 ____A C:\Users\Christa\Downloads\DPG0458 - Pokémon 1 - The First Movie.zip

2012-07-22 12:39 - 2012-07-22 12:40 - 33455033 ____A C:\Users\Christa\Downloads\R4i-3DS V1.59b English.zip

2012-07-21 15:05 - 2012-07-21 15:41 - 00024064 ____A C:\Users\Christa\Desktop\Christa Settlers.xls

2012-07-21 12:18 - 2012-07-21 12:18 - 00010706 ____A C:\Users\Christa\Downloads\July 23rd, 2012-Christa.xlsx

2012-07-18 17:11 - 2012-07-18 17:11 - 00000000 ____D C:\Users\Christa\AppData\Roaming\WildTangent

2012-07-14 08:32 - 2012-07-14 08:32 - 00009725 ____A C:\Users\Christa\Downloads\CHRISTA SAUBLE BEACH DVG(1).xlsx

2012-07-14 08:21 - 2012-07-14 08:21 - 00009725 ____A C:\Users\Christa\Downloads\CHRISTA SAUBLE BEACH DVG.xlsx

2012-07-11 12:19 - 2012-07-11 12:20 - 00010449 ____A C:\Users\Christa\Downloads\CHRISTA THURSDAY 2012.xlsx

2012-07-09 15:51 - 2012-07-10 12:20 - 00013824 ____A C:\Users\Christa\Documents\gr.xls

2012-07-07 11:52 - 2012-07-07 11:52 - 00000000 ____D C:\Users\All Users\GFI Software

2012-07-06 07:17 - 2012-07-06 08:09 - 00017920 ____A C:\Users\Christa\Documents\hunt.xls

2012-07-05 13:38 - 2012-07-08 21:22 - 00001107 ____A C:\Users\Christa\Desktop\aug 23.txt

2012-07-05 07:22 - 2012-07-05 07:22 - 00000000 ____D C:\Users\All Users\kinoma

2012-07-04 16:50 - 2012-07-04 16:50 - 00000000 ____D C:\Program Files\ATI Technologies

2012-07-04 16:50 - 2012-07-04 16:50 - 00000000 ____D C:\Program Files\ATI

2012-07-04 16:45 - 2012-07-04 16:47 - 208294144 ____A (Hewlett-Packard ) C:\Users\Christa\Downloads\sp50640.exe

2012-07-03 20:39 - 2012-07-03 20:39 - 00001738 ____A C:\Windows\SysWOW64\EmailAVConfig.xml

2012-07-03 14:39 - 2012-07-03 14:39 - 00002065 ____A C:\Users\Public\Desktop\Reader for PC.lnk

2012-07-03 14:39 - 2012-07-03 14:39 - 00000000 ____D C:\Users\Christa\AppData\Local\Sony Corporation

2012-07-03 14:39 - 2012-07-03 14:39 - 00000000 ____D C:\Users\Christa\AppData\Local\kinoma

2012-07-03 14:38 - 2012-07-03 14:38 - 00000000 ____D C:\Program Files (x86)\Sony

2012-07-03 14:37 - 2012-07-03 14:37 - 42565760 ____A (Sony Corporation ) C:\Users\Christa\Downloads\ReaderInstaller.exe

2012-07-02 19:16 - 2012-07-02 19:16 - 00001190 ____A C:\Windows\SysWOW64\ServiceConfig.xml

2012-07-02 18:14 - 2012-07-13 10:31 - 00029696 ____A C:\Users\Christa\Desktop\Mileage.xls

2012-07-02 18:13 - 2012-07-02 18:13 - 00010611 ____A C:\Users\Christa\Downloads\Mileage.xlsx

2012-07-02 05:30 - 2012-07-02 05:30 - 00000012 ____A C:\Users\Christa\Downloads\FSSC.dat

2012-07-02 05:30 - 2012-07-02 05:30 - 00000000 ____D C:\Users\Christa\AppData\Local\adaware

2012-07-02 05:30 - 2012-07-02 05:30 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection

2012-07-02 05:28 - 2012-07-02 05:28 - 06236280 ____A (Lavasoft Limited) C:\Users\Christa\Downloads\Adaware_Installer.exe

2012-06-25 12:44 - 2012-06-25 12:44 - 00022528 ____A C:\Users\Christa\Documents\CHRISTA TUESDAY JUNE 26.xls

============ 3 Months Modified Files ========================

2012-07-24 06:52 - 2012-02-21 10:46 - 00022033 ____A C:\Windows\setupact.log

2012-07-24 06:52 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-24 06:30 - 2009-07-13 20:45 - 00023024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-24 06:30 - 2009-07-13 20:45 - 00023024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-24 06:29 - 2010-06-08 01:46 - 02025309 ____A C:\Windows\WindowsUpdate.log

2012-07-24 06:26 - 2012-07-24 06:26 - 01437781 ____A (Farbar) C:\Users\Christa\Downloads\FRST64.exe

2012-07-24 06:26 - 2009-07-13 21:13 - 00765772 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-24 06:23 - 2010-12-24 07:54 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-24 05:43 - 2011-05-16 17:03 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2931709011-2570839198-3947014898-1001UA.job

2012-07-24 04:55 - 2012-07-24 04:55 - 01552384 ____A C:\Users\Christa\Downloads\RogueKiller.exe

2012-07-24 04:55 - 2012-07-24 04:55 - 00002499 ____A C:\Users\Christa\Desktop\RKreport[1].txt

2012-07-24 04:43 - 2011-05-16 17:03 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2931709011-2570839198-3947014898-1001Core.job

2012-07-24 04:33 - 2012-07-24 04:33 - 00006388 ____A C:\Users\Christa\Desktop\Attach.txt

2012-07-24 04:32 - 2012-07-24 04:32 - 00017102 ____A C:\Users\Christa\Desktop\DDS.txt

2012-07-24 04:29 - 2012-07-24 04:29 - 00607260 ____R (Swearware) C:\Users\Christa\Downloads\dds.scr

2012-07-24 04:18 - 2012-07-24 04:18 - 00000314 ____A C:\Users\Christa\Documents\fixlist.txt

2012-07-23 18:59 - 2012-02-21 10:46 - 00009362 ____A C:\Windows\PFRO.log

2012-07-23 17:58 - 2011-12-28 21:35 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-22 18:25 - 2010-09-12 05:49 - 00022016 ____A C:\Users\Christa\Desktop\INVOICE SAMPLE.xls

2012-07-22 16:02 - 2012-04-09 17:46 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-22 16:02 - 2011-06-24 05:15 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-22 15:52 - 2012-07-22 14:07 - 189620050 ____A C:\Users\Christa\Downloads\09388.rar

2012-07-22 14:44 - 2012-07-22 14:44 - 00444416 ____A (Dogbert) C:\Users\Christa\AppData\Roaming\sgifxy.dll

2012-07-22 13:58 - 2012-07-22 13:56 - 17895667 ____A C:\Users\Christa\Downloads\DPG0562 - Tangled Ever After 2012 BRRip Short Film.zip

2012-07-22 13:45 - 2012-07-22 13:45 - 243107457 ____A C:\Users\Christa\Downloads\DPG0458 - Pokémon 1 - The First Movie.zip

2012-07-22 12:40 - 2012-07-22 12:39 - 33455033 ____A C:\Users\Christa\Downloads\R4i-3DS V1.59b English.zip

2012-07-21 15:43 - 2012-03-27 14:28 - 00057856 ____A C:\Users\Christa\Desktop\Our Budget & Bills.xls

2012-07-21 15:41 - 2012-07-21 15:05 - 00024064 ____A C:\Users\Christa\Desktop\Christa Settlers.xls

2012-07-21 12:18 - 2012-07-21 12:18 - 00010706 ____A C:\Users\Christa\Downloads\July 23rd, 2012-Christa.xlsx

2012-07-16 04:33 - 2010-12-24 07:54 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-14 08:32 - 2012-07-14 08:32 - 00009725 ____A C:\Users\Christa\Downloads\CHRISTA SAUBLE BEACH DVG(1).xlsx

2012-07-14 08:21 - 2012-07-14 08:21 - 00009725 ____A C:\Users\Christa\Downloads\CHRISTA SAUBLE BEACH DVG.xlsx

2012-07-13 10:31 - 2012-07-02 18:14 - 00029696 ____A C:\Users\Christa\Desktop\Mileage.xls

2012-07-11 14:44 - 2011-05-16 17:03 - 00002413 ____A C:\Users\Christa\Desktop\Google Chrome.lnk

2012-07-11 12:20 - 2012-07-11 12:19 - 00010449 ____A C:\Users\Christa\Downloads\CHRISTA THURSDAY 2012.xlsx

2012-07-10 12:20 - 2012-07-09 15:51 - 00013824 ____A C:\Users\Christa\Documents\gr.xls

2012-07-08 21:22 - 2012-07-05 13:38 - 00001107 ____A C:\Users\Christa\Desktop\aug 23.txt

2012-07-06 08:09 - 2012-07-06 07:17 - 00017920 ____A C:\Users\Christa\Documents\hunt.xls

2012-07-04 16:47 - 2012-07-04 16:45 - 208294144 ____A (Hewlett-Packard ) C:\Users\Christa\Downloads\sp50640.exe

2012-07-04 03:26 - 2010-08-19 17:42 - 00127608 ____A C:\Users\Christa\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-04 03:26 - 2009-07-13 20:45 - 00457784 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-03 20:39 - 2012-07-03 20:39 - 00001738 ____A C:\Windows\SysWOW64\EmailAVConfig.xml

2012-07-03 14:39 - 2012-07-03 14:39 - 00002065 ____A C:\Users\Public\Desktop\Reader for PC.lnk

2012-07-03 14:37 - 2012-07-03 14:37 - 42565760 ____A (Sony Corporation ) C:\Users\Christa\Downloads\ReaderInstaller.exe

2012-07-03 09:46 - 2011-12-28 21:35 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-02 19:16 - 2012-07-02 19:16 - 00001190 ____A C:\Windows\SysWOW64\ServiceConfig.xml

2012-07-02 18:13 - 2012-07-02 18:13 - 00010611 ____A C:\Users\Christa\Downloads\Mileage.xlsx

2012-07-02 05:30 - 2012-07-02 05:30 - 00000012 ____A C:\Users\Christa\Downloads\FSSC.dat

2012-07-02 05:28 - 2012-07-02 05:28 - 06236280 ____A (Lavasoft Limited) C:\Users\Christa\Downloads\Adaware_Installer.exe

2012-07-02 05:23 - 2011-12-27 21:43 - 00046247 ____A C:\aaw7boot.log

2012-07-01 12:28 - 2011-12-27 18:25 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat

2012-07-01 12:28 - 2011-12-27 18:25 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat

2012-06-25 12:44 - 2012-06-25 12:44 - 00022528 ____A C:\Users\Christa\Documents\CHRISTA TUESDAY JUNE 26.xls

2012-06-20 19:08 - 2012-06-20 19:08 - 01799024 ____A C:\Users\Christa\Downloads\books.zip

2012-06-17 15:42 - 2010-12-13 18:30 - 00025600 ____A C:\Users\Christa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-13 17:07 - 2012-06-13 17:07 - 00548642 ____A C:\Users\Christa\Downloads\UAVMLS.zip

2012-06-08 15:15 - 2012-06-08 15:15 - 00000158 ____A C:\Users\Public\Documents\freegal.txt

2012-06-04 13:47 - 2012-06-04 13:47 - 00375296 ____A C:\Users\Christa\Documents\MONEY.pub

2012-06-01 12:57 - 2012-05-20 10:00 - 00027648 ____A C:\Users\Christa\Documents\chores.xls

2012-05-26 14:20 - 2012-05-26 14:20 - 00000035 ____A C:\Users\Public\Documents\vonage.txt

2012-05-15 04:08 - 2012-05-07 19:18 - 00016384 ____A C:\Users\Christa\Documents\helpers.xls

2012-05-07 08:59 - 2012-05-07 08:59 - 00000163 ____A C:\Users\Public\Documents\zoho accounts.txt

2012-05-07 06:00 - 2009-07-13 21:08 - 00032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-05-01 11:35 - 2012-05-01 11:35 - 00000078 ____A C:\Users\Public\Documents\pokemon.txt

ZeroAccess:

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\@

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\L

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\U

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\L\00000004.@

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\L\201d3dde

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\U\00000004.@

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\U\00000008.@

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\U\000000cb.@

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\U\80000000.@

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\U\80000032.@

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}\U\80000064.@

ZeroAccess:

C:\Users\Christa\AppData\Local\{476a158c-e88e-bc9f-2115-6146218442f3}

C:\Users\Christa\AppData\Local\{476a158c-e88e-bc9f-2115-6146218442f3}\@

C:\Users\Christa\AppData\Local\{476a158c-e88e-bc9f-2115-6146218442f3}\L

C:\Users\Christa\AppData\Local\{476a158c-e88e-bc9f-2115-6146218442f3}\n

C:\Users\Christa\AppData\Local\{476a158c-e88e-bc9f-2115-6146218442f3}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%

Total physical RAM: 3893.86 MB

Available physical RAM: 3171.78 MB

Total Pagefile: 3892.01 MB

Available Pagefile: 3168.2 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:443.77 GB) (Free:230.91 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:21.7 GB) (Free:3.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

4 Drive g: (PM) (CDROM) (Total:0.56 GB) (Free:0.56 GB) UDF

5 Drive h: (STARKILLER) (Removable) (Total:1.86 GB) (Free:1.83 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 1912 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 443 GB 200 MB

Partition 3 Primary 21 GB 443 GB

Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 443 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 21 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1911 MB 32 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H STARKILLER FAT32 Removable 1911 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 07:29

======================= End Of Log ==========================

[MrCharlie]

You forgot the search for services.exe

services.exe is infected and has to be replaced:

C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

MrC

[dslr_mom]

sorry...I had done the first step but when I didn't see in as a txt I thought it was added in the original log. Here it is

Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-24 11:40:39

Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

[dslr_mom]

On a side note, would this bug be what's causing my google to not load at all today?

[MrCharlie]

Yes it's possible, MrC

[MrCharlie]

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3}
C:\Users\Christa\AppData\Local\{476a158c-e88e-bc9f-2115-6146218442f3}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

[dslr_mom]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-24 12:22:55 Run:1

Running from H:\

==============================================

C:\Windows\Installer\{476a158c-e88e-bc9f-2115-6146218442f3} moved successfully.

C:\Users\Christa\AppData\Local\{476a158c-e88e-bc9f-2115-6146218442f3} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

[MrCharlie]

Well Done "MOM" Lets run ComboFix to clean up any leftovers....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[dslr_mom]

ComboFix 12-07-25.04 - Christa 24/07/2012 12:38:17.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3894.2337 [GMT -4:00]

Running from: c:\users\Christa\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Christa\AppData\Roaming\Help\coredb\storage

c:\users\Christa\AppData\Roaming\sgifxy.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_usnjsvc

.

.

((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))

.

.

2012-07-24 18:55 . 2012-07-24 18:55 -------- d-----w- C:\FRST

2012-07-24 16:45 . 2012-07-24 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-23 00:07 . 2012-07-23 00:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-22 22:44 . 2012-07-22 22:44 -------- d-----w- c:\users\Christa\AppData\Local\{BE0441A3-D44E-11E1-8270-B8AC6F996F26}

2012-07-22 22:44 . 2012-07-22 22:44 -------- d-----w- c:\users\Christa\AppData\Local\{BE03FED1-D44E-11E1-8270-B8AC6F996F26}

2012-07-22 22:43 . 2012-07-24 02:38 -------- d-----w- c:\users\Christa\AppData\Roaming\xsecva

2012-07-19 01:11 . 2012-07-19 01:11 -------- d-----w- c:\users\Christa\AppData\Roaming\WildTangent

2012-07-07 19:52 . 2012-07-07 19:52 -------- d-----w- c:\programdata\GFI Software

2012-07-05 15:22 . 2012-07-05 15:22 -------- d-----w- c:\programdata\kinoma

2012-07-05 00:50 . 2012-07-05 00:50 -------- d-----w- c:\program files\ATI Technologies

2012-07-05 00:50 . 2012-07-05 00:50 -------- d-----w- c:\program files\ATI

2012-07-03 22:39 . 2012-07-03 22:39 -------- d-----w- c:\users\Christa\AppData\Local\kinoma

2012-07-03 22:39 . 2012-07-03 22:39 -------- d-----w- c:\users\Christa\AppData\Local\Sony Corporation

2012-07-03 22:38 . 2012-07-03 22:38 -------- d-----w- c:\program files (x86)\Sony

2012-07-03 22:38 . 2012-07-03 22:38 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared

2012-07-02 13:30 . 2012-07-02 13:30 -------- d-----w- c:\users\Christa\AppData\Local\adaware

2012-07-02 13:30 . 2012-07-02 13:30 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-23 00:02 . 2012-04-10 01:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-23 00:02 . 2011-06-24 13:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 17:46 . 2011-12-29 05:35 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Christa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Christa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Christa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-28 606208]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]

R3 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]

R3 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [2011-09-09 48128]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]

R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-12-04 53488]

S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-24 54728]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-30 20056]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 15:54]

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 15:54]

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2931709011-2570839198-3947014898-1001Core.job

- c:\users\Christa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-17 20:59]

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2931709011-2570839198-3947014898-1001UA.job

- c:\users\Christa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-17 20:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Christa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Christa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Christa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Christa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-02 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-02 390680]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-02 410136]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]

"combofix"="c:\combofix\CF27582.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Christa\AppData\Roaming\Mozilla\Firefox\Profiles\msb873do.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig

FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', '6543188591906684216620703504714461195695580');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '0');

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe

AddRemove-FoxTab FLV Player - c:\progra~2\FOXTAB~1\Uninstall\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

.

**************************************************************************

.

Completion time: 2012-07-24 12:53:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-24 16:53

.

Pre-Run: 256,330,969,088 bytes free

Post-Run: 256,081,117,184 bytes free

.

- - End Of File - - BA4B4755B0282753033BCAF24AC66EDB

[MrCharlie]

Please delete this folder unless you know what it is:

c:\users\Christa\AppData\Roaming\xsecva

You may have to enable hidden files to see it:

http://www.howtogeek...-windows-vista/

------------------------------------

Then.........

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[dslr_mom]

Mr. Charlie, You are my hero!! Google is running, I was able to access my work fttp and upload my work (couldn't connect before as the virus/their virus scanner was blocking me)

[dslr_mom]

File deleted

[MrCharlie]

The scan with Malwarebytes is clean?????? MrC

[dslr_mom]

I was too happy rejoicing to do that..scanning now

[dslr_mom]

Scan was clean!!

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!