Jump to content

Cant Get Rid Of Trojan.Sirefef and Trojan Generic. HELP


Recommended Posts

I knew the computer was acting strange when i would do google searches and it would bring me to toher pages that it shouldnt have been directing to. I currently use bitdefender and also have malwarebytes installed and it cant seem to get rid of it. When i run the quik scan it says no malicious items weere found yet my bitdefender keeps popping up thats it has blocked multiple viruses and also malware keeps popping up thats its blocked access to a potentially malicious website. Please help heres the log when i run a quick scan.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.07.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

jay :: RINILOVESPC [administrator]

Protection: Enabled

8/7/2012 3:33:22 PM

mbam-log-2012-08-07 (15-33-22).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 528407

Time elapsed: 1 hour(s), 16 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

I knew the computer was acting strange when i would do google searches and it would bring me to other pages that it shouldnt have been directing to. I currently use bitdefender and also have malwarebytes installed and it cant seem to get rid of it. When i run the quick scan it says no malicious items were found yet my bitdefender keeps popping up thats it has blocked multiple viruses and also malware keeps popping up thats its blocked access to a potentially malicious website. See attached logs

DDS.txt

Attach.txt

Link to post
Share on other sites

I also ran roguekiller as directed heres that report

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: jay [Admin rights]

Mode: Scan -- Date: 08/07/2012 20:35:33

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] SmileboxTray.exe -- C:\Users\jay\AppData\Roaming\Smilebox\SmileboxTray.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 11 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Users\jay\AppData\Roaming\Smilebox\SmileboxTray.exe") -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2094007905-2170688143-2092116901-1000[...]\Run : SmileboxTray ("C:\Users\jay\AppData\Roaming\Smilebox\SmileboxTray.exe") -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-2094007905-2170688143-2092116901-1000_Classes[...]\Run : Apple Computer (rundll32.exe "C:\Users\jay\AppData\Local\Apps\Apple Computer\bobustxxy.dll",CreateInstance) -> FOUND

[sUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {90120000-0030-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> FOUND

[sUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {91140000-001A-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> FOUND

[sUSP PATH] HKUS\S-1-5-18[...]\RunOnce : {90120000-0030-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> FOUND

[sUSP PATH] HKUS\S-1-5-18[...]\RunOnce : {91140000-001A-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\jay\AppData\Local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\n.) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\jay\appdata\local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\jay\appdata\local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\jay\appdata\local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 adobe.activate.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 125.252.224.90

127.0.0.1 125.252.224.91

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ARRAY0 +++++

--- User ---

[MBR] d163160d883d2db0a9bfe3e0304f972d

[bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9642 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19828736 | Size: 944192 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Attach.txt

DDS.txt

I also ran roguekiller as directed heres that report

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: jay [Admin rights]

Mode: Scan -- Date: 08/07/2012 20:35:33

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] SmileboxTray.exe -- C:\Users\jay\AppData\Roaming\Smilebox\SmileboxTray.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 11 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Users\jay\AppData\Roaming\Smilebox\SmileboxTray.exe") -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2094007905-2170688143-2092116901-1000[...]\Run : SmileboxTray ("C:\Users\jay\AppData\Roaming\Smilebox\SmileboxTray.exe") -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-2094007905-2170688143-2092116901-1000_Classes[...]\Run : Apple Computer (rundll32.exe "C:\Users\jay\AppData\Local\Apps\Apple Computer\bobustxxy.dll",CreateInstance) -> FOUND

[sUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {90120000-0030-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> FOUND

[sUSP PATH] HKUS\.DEFAULT[...]\RunOnce : {91140000-001A-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> FOUND

[sUSP PATH] HKUS\S-1-5-18[...]\RunOnce : {90120000-0030-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> FOUND

[sUSP PATH] HKUS\S-1-5-18[...]\RunOnce : {91140000-001A-0000-0000-0000000FF1CE} (C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\jay\AppData\Local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\n.) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\jay\appdata\local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\jay\appdata\local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\jay\appdata\local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 adobe.activate.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 125.252.224.90

127.0.0.1 125.252.224.91

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ARRAY0 +++++

--- User ---

[MBR] d163160d883d2db0a9bfe3e0304f972d

[bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9642 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19828736 | Size: 944192 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Ima littkle confused on what process to do. Do i format first and reinstall or do the process of the farbar recovery scan first

There's two options to fix this infection.....

The first is to is to wipe the computer clean and reinstall the operating system and start all over.

The second is to clean the infection by running FRST .

I suggest you run FRST and we'll clean the infection.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Here are the logs from FRST

FRST.TXT

Scan result of Farbar Recovery Scan Tool Version: 14-08-2012

Ran by SYSTEM at 13-08-2012 22:33:46

Running from E:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-02] (Realtek Semiconductor)

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent [x]

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)

HKLM\...\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" [109344 2011-06-01] (BitDefender S.R.L.)

HKLM\...\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" [2026680 2011-06-01] (BitDefender S.R.L.)

HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [FAStartup] [x]

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-06] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)

HKLM-x32\...\Run: [standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START [105632 2010-01-07] (Corel)

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )

HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [92352 2011-06-01] (BitDefender S.R.L.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [MyWebFace_5a Browser Plugin Loader] C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abrmon.exe [30096 2012-03-24] (VER_COMPANY_NAME)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui [136416 2011-05-04] (Memeo Inc.)

HKLM-x32\...\Run: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2011-06-01] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\jay\...\Run: [Google Update] "C:\Users\jay\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-05-15] (Google Inc.)

HKU\jay\...\Run: [Corel Photo Downloader] "c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [526992 2010-06-27] (Corel, Inc.)

HKU\jay\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKU\jay\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)

HKU\jay\...\Run: [Akamai NetSession Interface] "C:\Users\jay\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)

HKU\jay\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKU\jay\...\Run: [smileboxTray] "C:\Users\jay\AppData\Roaming\Smilebox\SmileboxTray.exe" [305000 2012-07-02] (Smilebox, Inc.)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-12] (Dell)

HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)

HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Lsa: [Notification Packages] scecli

FAPassSync

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HD Writer AE.lnk

ShortcutTarget: HD Writer AE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\jay\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Services (Whitelisted) ======

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [290832 2011-12-12] (Verizon)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)

2 MyWebFace_5aService; C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abarsvc.exe [42528 2012-03-24] (COMPANYVERS_NAME)

3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.)

3 Update Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [467248 2010-11-30] (BitDefender)

2 Updatesrv; "C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe" /service [53224 2011-06-01] (BitDefender S.R.L.)

2 VSSERV; C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe /service [2660624 2011-06-01] (BitDefender S.R.L.)

2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [x]

2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

========================== Drivers (Whitelisted) =============

3 avc3; C:\Windows\System32\Drivers\avc3.sys [591968 2010-11-29] (BitDefender)

3 avckf; C:\Windows\System32\Drivers\avckf.sys [1186272 2010-11-29] (BitDefender)

3 bdfm; C:\Windows\System32\Drivers\bdfm.sys [162896 2010-05-13] (BitDefender S.R.L. Bucharest, ROMANIA)

1 Bdfndisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [88144 2010-08-20] (BitDefender)

3 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender)

1 bdfwfpf; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [99408 2010-08-20] (BitDefender)

1 Bdvedisk; C:\Windows\System32\Drivers\Bdvedisk.sys [103944 2010-01-19] (BitDefender)

1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

3 TrufosAlt; C:\Windows\System32\Drivers\TrufosAlt.sys [293448 2011-05-06] (BitDefender S.R.L.)

3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-13 22:20 - 2012-08-13 22:21 - 00000000 ____D C:\FRST

2012-08-13 21:06 - 2012-08-13 21:06 - 01442429 ____A (Farbar) C:\Users\jay\Downloads\FRST64(2).exe

2012-08-13 21:06 - 2012-08-13 21:06 - 01442429 ____A (Farbar) C:\Users\jay\Downloads\FRST64(1).exe

2012-08-10 16:40 - 2012-08-10 16:40 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-08-08 11:06 - 2012-08-08 11:06 - 01439725 ____A (Farbar) C:\Users\jay\Downloads\FRST64.exe

2012-08-07 19:31 - 2012-08-07 19:31 - 01552896 ____A C:\Users\jay\Downloads\RogueKiller.exe

2012-08-07 16:57 - 2012-08-07 16:57 - 00607260 ____R (Swearware) C:\Users\jay\Downloads\dds.scr

2012-08-07 14:08 - 2012-08-07 14:08 - 00000660 ____A C:\Windows\System32\bddel.dat

2012-08-07 13:35 - 2012-08-07 13:46 - 00000000 ____D C:\Users\jay\Application Data\IObit

2012-08-07 13:35 - 2012-08-07 13:46 - 00000000 ____D C:\Users\jay\AppData\Roaming\IObit

2012-08-07 13:35 - 2012-08-07 13:35 - 00000000 ____D C:\Users\All Users\IObit

2012-08-07 13:35 - 2012-08-07 13:35 - 00000000 ____D C:\Users\All Users\Application Data\IObit

2012-08-07 13:35 - 2012-08-07 13:35 - 00000000 ____D C:\Program Files (x86)\IObit

2012-08-07 13:34 - 2012-08-07 13:34 - 00718720 ____A (IObit) C:\Users\jay\Downloads\asc5-pro-setup.exe

2012-08-07 06:32 - 2012-08-07 06:32 - 00000000 ____D C:\Users\jay\Application Data\Genie9

2012-08-07 06:32 - 2012-08-07 06:32 - 00000000 ____D C:\Users\jay\AppData\Roaming\Genie9

2012-08-07 06:31 - 2012-08-07 06:31 - 00000000 ____D C:\Program Files\Genie9

2012-08-06 16:18 - 2012-08-13 20:01 - 00027136 ____A C:\Windows\System32\bddel.exe

2012-08-02 07:41 - 2012-08-02 07:41 - 00569960 ____A (TODO: <Company name>) C:\Users\jay\Downloads\U-0089-01-P_AVERY2_ (1).exe

2012-08-02 07:19 - 2012-08-02 07:19 - 00711240 ____A C:\Windows\is-5V36B.exe

2012-08-02 07:19 - 2012-08-02 07:19 - 00010550 ____A C:\Windows\is-5V36B.msg

2012-08-02 07:19 - 2012-08-02 07:19 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-02 07:19 - 2012-08-02 07:19 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-02 07:19 - 2012-08-02 07:19 - 00000459 ____A C:\Windows\is-5V36B.lst

2012-08-02 02:25 - 2012-08-05 20:03 - 00000000 ____D C:\Users\jay\AppData\Local\Apps\Apple Computer

2012-07-30 19:52 - 2012-07-30 19:52 - 00414768 ____A C:\Windows\Minidump\073012-57548-01.dmp

2012-07-30 19:49 - 2012-07-30 19:49 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-07-30 19:49 - 2012-07-30 19:49 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-07-30 19:48 - 2012-08-07 10:32 - 00000000 ____D C:\Program Files\iTunes

2012-07-30 19:48 - 2012-08-07 10:32 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-07-30 19:48 - 2012-07-30 19:48 - 00000000 ____D C:\Program Files\iPod

2012-07-25 20:02 - 2012-08-04 07:03 - 00000000 ____D C:\Users\jay\Local Settings\Pinnacle Systems

2012-07-25 20:02 - 2012-08-04 07:03 - 00000000 ____D C:\Users\jay\Local Settings\Application Data\Pinnacle Systems

2012-07-25 20:02 - 2012-08-04 07:03 - 00000000 ____D C:\Users\jay\AppData\Local\Pinnacle Systems

============ 3 Months Modified Files ========================

2012-08-13 21:08 - 2009-07-14 00:13 - 00730422 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-13 21:06 - 2012-08-13 21:06 - 01442429 ____A (Farbar) C:\Users\jay\Downloads\FRST64(2).exe

2012-08-13 21:06 - 2012-08-13 21:06 - 01442429 ____A (Farbar) C:\Users\jay\Downloads\FRST64(1).exe

2012-08-13 20:01 - 2012-08-06 16:18 - 00027136 ____A C:\Windows\System32\bddel.exe

2012-08-11 10:31 - 2009-07-13 23:51 - 00047159 ____A C:\Windows\setupact.log

2012-08-08 14:53 - 2012-07-05 11:22 - 00011754 ____A C:\Users\jay\My Documents\Matteo1stbday.xlsx

2012-08-08 14:53 - 2012-07-05 11:22 - 00011754 ____A C:\Users\jay\Documents\Matteo1stbday.xlsx

2012-08-08 11:06 - 2012-08-08 11:06 - 01439725 ____A (Farbar) C:\Users\jay\Downloads\FRST64.exe

2012-08-07 20:05 - 2010-06-20 07:52 - 00005018 __ASH C:\Users\All Users\KGyGaAvL.sys

2012-08-07 20:05 - 2010-06-20 07:52 - 00005018 __ASH C:\Users\All Users\Application Data\KGyGaAvL.sys

2012-08-07 19:31 - 2012-08-07 19:31 - 01552896 ____A C:\Users\jay\Downloads\RogueKiller.exe

2012-08-07 16:57 - 2012-08-07 16:57 - 00607260 ____R (Swearware) C:\Users\jay\Downloads\dds.scr

2012-08-07 14:15 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-07 14:15 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-07 14:08 - 2012-08-07 14:08 - 00000660 ____A C:\Windows\System32\bddel.dat

2012-08-07 14:07 - 2012-04-18 11:02 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job

2012-08-07 14:07 - 2010-05-11 12:39 - 01305324 ____A C:\Windows\PFRO.log

2012-08-07 14:07 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-07 13:52 - 2010-05-15 21:52 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094007905-2170688143-2092116901-1000UA.job

2012-08-07 13:34 - 2012-08-07 13:34 - 00718720 ____A (IObit) C:\Users\jay\Downloads\asc5-pro-setup.exe

2012-08-06 16:09 - 2012-05-10 02:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-06 02:43 - 2009-07-14 00:10 - 01606430 ____A C:\Windows\WindowsUpdate.log

2012-08-05 09:33 - 2012-04-18 11:02 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2012-08-03 20:58 - 2010-05-15 21:52 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094007905-2170688143-2092116901-1000Core.job

2012-08-03 08:09 - 2012-05-10 02:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-03 08:09 - 2011-05-28 09:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-02 07:41 - 2012-08-02 07:41 - 00569960 ____A (TODO: <Company name>) C:\Users\jay\Downloads\U-0089-01-P_AVERY2_ (1).exe

2012-08-02 07:19 - 2012-08-02 07:19 - 00711240 ____A C:\Windows\is-5V36B.exe

2012-08-02 07:19 - 2012-08-02 07:19 - 00010550 ____A C:\Windows\is-5V36B.msg

2012-08-02 07:19 - 2012-08-02 07:19 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-02 07:19 - 2012-08-02 07:19 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-02 07:19 - 2012-08-02 07:19 - 00000459 ____A C:\Windows\is-5V36B.lst

2012-07-30 19:52 - 2012-07-30 19:52 - 00414768 ____A C:\Windows\Minidump\073012-57548-01.dmp

2012-07-30 19:51 - 2010-09-29 19:18 - 1619117228 ____A C:\Windows\MEMORY.DMP

2012-07-30 19:49 - 2012-07-30 19:49 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-07-30 19:49 - 2012-07-30 19:49 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-07-12 02:25 - 2009-07-13 23:45 - 05133496 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-12 02:05 - 2009-07-13 21:34 - 00000513 ____A C:\Windows\win.ini

2012-07-12 02:02 - 2010-05-15 21:24 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-06 09:04 - 2012-07-06 09:04 - 04214784 ____A C:\Users\jay\Downloads\U_0087_01_P.msi

2012-07-06 09:02 - 2012-07-06 09:02 - 00569960 ____A (TODO: <Company name>) C:\Users\jay\Downloads\U-0089-01-P_AVERY2_(1).exe

2012-07-05 20:04 - 2012-07-05 20:04 - 00569960 ____A (TODO: <Company name>) C:\Users\jay\Downloads\U-0089-01-P_AVERY2_.exe

2012-07-04 08:00 - 2010-05-15 17:41 - 00177872 ____A C:\Users\jay\Local Settings\GDIPFONTCACHEV1.DAT

2012-07-04 08:00 - 2010-05-15 17:41 - 00177872 ____A C:\Users\jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-07-04 08:00 - 2010-05-15 17:41 - 00177872 ____A C:\Users\jay\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-03 19:10 - 2012-07-03 19:10 - 00049397 ____A C:\Users\jay\Downloads\circus-in-town.zip

2012-07-03 18:52 - 2012-07-03 18:52 - 02147505 ____A C:\Users\jay\Downloads\E973100.EXE

2012-07-03 12:46 - 2011-09-26 08:11 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-30 09:43 - 2012-06-30 09:43 - 02247808 ____A C:\Users\jay\Downloads\Boeing 747-400ER_EA.g3x

2012-06-29 21:05 - 2010-05-22 08:00 - 00000020 ____H C:\Users\All Users\PKP_DLdu.DAT

2012-06-29 21:05 - 2010-05-22 08:00 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLdu.DAT

2012-06-28 19:54 - 2012-06-28 19:54 - 00022528 ____A C:\Users\jay\Downloads\2012njliheapbenefitgrid.xls

2012-06-27 21:13 - 2007-09-14 16:59 - 00216064 __ASH C:\Users\jay\My Documents\Thumbs.db

2012-06-27 21:13 - 2007-09-14 16:59 - 00216064 __ASH C:\Users\jay\Documents\Thumbs.db

2012-06-25 13:16 - 2012-06-25 13:16 - 00410456 ____A C:\Windows\Minidump\062512-30654-01.dmp

2012-06-13 02:28 - 2012-06-13 02:28 - 00000415 ____A C:\Users\jay\AppData\Roaminguser_gensett.xml

2012-06-11 22:08 - 2012-07-12 02:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-09 00:43 - 2012-07-11 04:55 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 23:41 - 2012-07-11 04:55 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-06 01:06 - 2012-07-11 04:55 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-06 01:06 - 2012-07-11 04:55 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-06 01:02 - 2012-07-11 04:55 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-06 00:05 - 2012-07-11 04:55 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-06 00:05 - 2012-07-11 04:55 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-06 00:03 - 2012-07-11 04:55 - 00805376 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-03 08:41 - 2012-06-03 08:40 - 00410456 ____A C:\Windows\Minidump\060312-36301-01.dmp

2012-06-02 21:20 - 2012-06-02 20:39 - 00000060 ____A C:\Windows\EWF545.ini

2012-06-02 21:19 - 2012-06-02 21:19 - 00000936 ____A C:\Users\Public\Desktop\EPSON Scan.lnk

2012-06-02 21:19 - 2012-06-02 21:19 - 00000936 ____A C:\Users\All Users\Desktop\EPSON Scan.lnk

2012-06-02 17:19 - 2012-06-22 07:15 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 17:19 - 2012-06-22 07:15 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 17:19 - 2012-06-22 07:15 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 17:19 - 2012-06-22 07:15 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 17:19 - 2012-06-22 07:15 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 17:15 - 2012-06-22 07:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 17:15 - 2012-06-22 07:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:19 - 2012-06-22 07:15 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:15 - 2012-06-22 07:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 07:49 - 2012-07-12 02:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 07:17 - 2012-07-12 02:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 07:12 - 2012-07-12 02:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 07:05 - 2012-07-12 02:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 07:05 - 2012-07-12 02:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 07:04 - 2012-07-12 02:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 07:04 - 2012-07-12 02:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 07:03 - 2012-07-12 02:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 07:01 - 2012-07-12 02:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 07:00 - 2012-07-12 02:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 06:59 - 2012-07-12 02:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 06:57 - 2012-07-12 02:01 - 02382848 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 06:57 - 2012-07-12 02:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 06:54 - 2012-07-12 02:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 04:07 - 2012-07-12 02:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 03:43 - 2012-07-12 02:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 03:33 - 2012-07-12 02:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 03:26 - 2012-07-12 02:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 03:25 - 2012-07-12 02:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 03:25 - 2012-07-12 02:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 03:23 - 2012-07-12 02:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 03:21 - 2012-07-12 02:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 03:20 - 2012-07-12 02:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 03:19 - 2012-07-12 02:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 03:19 - 2012-07-12 02:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 03:17 - 2012-07-12 02:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 03:16 - 2012-07-12 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 03:14 - 2012-07-12 02:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-02 00:50 - 2012-07-11 04:55 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-02 00:48 - 2012-07-11 04:55 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-02 00:48 - 2012-07-11 04:55 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 00:45 - 2012-07-11 04:55 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-02 00:44 - 2012-07-11 04:55 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 23:40 - 2012-07-11 04:55 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 23:40 - 2012-07-11 04:55 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 23:39 - 2012-07-11 04:55 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 23:34 - 2012-07-11 04:55 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-06-01 17:16 - 2012-06-01 17:16 - 08316015 ____A C:\Users\jay\Downloads\attachments (3).zip

2012-06-01 17:15 - 2012-06-01 17:15 - 08316015 ____A C:\Users\jay\Downloads\attachments (2).zip

2012-06-01 17:09 - 2012-06-01 17:09 - 06420772 ____A C:\Users\jay\Downloads\attachments (1).zip

2012-05-23 10:08 - 2012-05-23 10:08 - 00000017 ____A C:\Users\jay\Local Settings\resmon.resmoncfg

2012-05-23 10:08 - 2012-05-23 10:08 - 00000017 ____A C:\Users\jay\Local Settings\Application Data\resmon.resmoncfg

2012-05-23 10:08 - 2012-05-23 10:08 - 00000017 ____A C:\Users\jay\AppData\Local\resmon.resmoncfg

ZeroAccess:

C:\Windows\Installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}

C:\Windows\Installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\@

C:\Windows\Installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\L

C:\Windows\Installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\U

C:\Windows\Installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\L\00000004.@

C:\Windows\Installer\{497487bd-da82-fc93-2162-5c1839c2c2dd}\U\80000000.@

ZeroAccess:

C:\Users\jay\AppData\Local\{497487bd-da82-fc93-2162-5c1839c2c2dd}

C:\Users\jay\AppData\Local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\@

C:\Users\jay\AppData\Local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\L

C:\Users\jay\AppData\Local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\U

C:\Users\jay\AppData\Local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\L\00000004.@

C:\Users\jay\AppData\Local\{497487bd-da82-fc93-2162-5c1839c2c2dd}\U\80000000.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%

Total physical RAM: 12278.97 MB

Available physical RAM: 11028.77 MB

Total Pagefile: 12277.12 MB

Available Pagefile: 11171 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:922.06 GB) (Free:720.09 GB) NTFS

3 Drive e: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT

4 Drive f: (RECOVERY) (Fixed) (Total:9.42 GB) (Free:4.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]

9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 119 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 9 GB 40 MB

Partition 3 Primary 922 GB 9 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 8 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 F RECOVERY NTFS Partition 9 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 922 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 118 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FAT Removable 118 MB Healthy

==================================================================================

Last Boot: 2012-08-07 03:05

======================= End Of Log ==========================

SEARCH.TXT

Farbar Recovery Scan Tool Version: 14-08-2012

Ran by SYSTEM at 2012-08-13 22:24:04

Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012

Ran by SYSTEM at 2012-08-14 10:48:14 Run:1

Running from E:\

==============================================

C:\Windows\Installer\{497487bd-da82-fc93-2162-5c1839c2c2dd} moved successfully.

C:\Users\jay\AppData\Local\{497487bd-da82-fc93-2162-5c1839c2c2dd} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Heres the combofix log

ComboFix 12-08-14.01 - jay 08/14/2012 11:41:29.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9497 [GMT -4:00]

Running from: c:\users\jay\Desktop\ComboFix.exe

AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\414C340A9B.sys

c:\programdata\7BD3ECA575.sys

c:\programdata\7E19043568.sys

c:\programdata\F4DBB0BEEE.sys

c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll

c:\users\jay\AppData\Local\.#

c:\users\jay\AppData\Local\.#\MBX@196C@3541C00.###

c:\users\jay\AppData\Local\.#\MBX@196C@3541C10.###

c:\users\jay\AppData\Local\.#\MBX@196C@3541C20.###

c:\users\jay\AppData\Local\.#\MBX@196C@3541C30.###

c:\users\jay\AppData\Local\.#\MBX@2140@3951C00.###

c:\users\jay\AppData\Local\.#\MBX@2140@3951C10.###

c:\users\jay\AppData\Local\.#\MBX@2140@3951C20.###

c:\users\jay\AppData\Local\.#\MBX@2140@3951C30.###

c:\users\jay\AppData\Roaming\bytewdownload

c:\users\jay\AppData\Roaming\bytewdownload\installmanager.exe

c:\users\jay\AppData\Roaming\bytewdownload\zip_unzip_installer_file.exe

c:\windows\SysWow64\~GLH0042.TMP

c:\windows\SysWow64\BSTIEPrintCtl1.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))

.

.

2012-08-14 15:59 . 2012-08-14 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-14 03:20 . 2012-08-14 03:21 -------- d-----w- C:\FRST

2012-08-10 21:40 . 2012-08-10 21:40 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-07 18:35 . 2012-08-07 18:35 -------- d-----w- c:\programdata\IObit

2012-08-07 18:35 . 2012-08-07 18:46 -------- d-----w- c:\users\jay\AppData\Roaming\IObit

2012-08-07 18:35 . 2012-08-07 18:35 -------- d-----w- c:\program files (x86)\IObit

2012-08-07 11:32 . 2012-08-07 11:32 -------- d-----w- c:\users\jay\AppData\Roaming\Genie9

2012-08-07 11:31 . 2012-08-07 11:31 -------- d-----w- c:\program files\Genie9

2012-08-02 12:19 . 2012-08-02 12:19 711240 ----a-w- c:\windows\is-5V36B.exe

2012-07-31 00:48 . 2012-08-07 15:32 -------- d-----w- c:\program files\iTunes

2012-07-31 00:48 . 2012-08-07 15:32 -------- d-----w- c:\program files (x86)\iTunes

2012-07-31 00:48 . 2012-07-31 00:48 -------- d-----w- c:\program files\iPod

2012-07-26 01:02 . 2012-08-04 12:03 -------- d-----w- c:\users\jay\AppData\Local\Pinnacle Systems

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-08 01:05 . 2010-06-20 12:52 5018 --sha-w- c:\programdata\KGyGaAvL.sys

2012-08-03 13:09 . 2012-05-10 07:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-03 13:09 . 2011-05-28 14:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 07:02 . 2010-05-16 02:24 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 17:46 . 2011-09-26 13:11 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-12 03:08 . 2012-07-12 07:05 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 09:55 14172672 ------w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 09:55 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 09:55 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 09:55 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 09:55 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 09:55 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 09:55 805376 ------w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-22 12:15 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 12:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 12:15 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 12:15 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 12:15 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 12:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 12:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 12:15 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-12 07:01 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-12 07:01 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-12 07:01 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-12 07:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-12 07:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-12 07:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-12 07:01 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-12 07:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-12 07:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-12 07:01 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-12 07:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-12 07:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-12 07:01 2382848 ------w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-12 07:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-12 07:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-12 07:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-12 07:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-12 07:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-12 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-11 09:55 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 09:55 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 09:55 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 09:55 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 09:55 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 09:55 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 09:55 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 09:55 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 09:55 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-06-27 526992]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

"Akamai NetSession Interface"="c:\users\jay\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-07 102400]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-01 92352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"MyWebFace_5a Browser Plugin Loader"="c:\progra~2\MYWEBF~2\bar\1.bin\5abrmon.exe" [2012-03-25 30096]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2011-05-04 136416]

"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"{90120000-0030-0000-0000-0000000FF1CE}"="del" [X]

"{91140000-001A-0000-0000-0000000FF1CE}"="del" [X]

.

c:\users\jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HD Writer AE.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2010-5-15 210264]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-16 1207312]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]

R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-11-29 591968]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-11-29 1186272]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2011-05-06 293448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-16 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408]

S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-04-04 2409800]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-05-04 25824]

S2 MyWebFace_5aService;MyWebFaceService;c:\progra~2\MYWEBF~2\bar\1.bin\5abarsvc.exe [2012-03-25 42528]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-01 53224]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]

S3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 162896]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-08-28 51240]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544]

S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864]

S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 13:09]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094007905-2170688143-2092116901-1000Core.job

- c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 02:52]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094007905-2170688143-2092116901-1000UA.job

- c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 02:52]

.

2012-08-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-08-14 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-01 109344]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-01 2026680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

URLSearchHooks-{8040829d-1177-46e2-9157-8282438b79c7} - c:\program files (x86)\MyWebFace_5a\bar\1.bin\5aSrcAs.dll

URLSearchHooks-{f897eb0e-a3a4-46c3-80eb-2729699d8892} - (no file)

Toolbar-Locked - (no file)

Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

Wow6432Node-HKLM-Run-FAStartup - (no file)

Toolbar-Locked - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\bgsvcgen.exe

c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

c:\program files (x86)\MyWebFace_5a\bar\1.bin\5abrmon.exe

c:\program files\Logitech\SetPoint\x86\SetPoint32.exe

c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2012-08-14 12:14:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-14 16:14

.

Pre-Run: 772,727,095,296 bytes free

Post-Run: 772,487,237,632 bytes free

.

- - End Of File - - 1AE457043BB5D23130BCE77D776A9244

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

jay :: RINILOVESPC [administrator]

8/14/2012 1:16:30 PM

mbam-log-2012-08-14 (13-16-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208887

Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

ok thanks did all that and its been working fine for me. My husband uses google chrome and have a redirect virus and when he does a Google search and clicks on a link, he sometimes gets redirected to unrelated sites. It was doing that before when we were infected with the virus. Does that mean I still have it? What shall I do now?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.