jeff1675

trojan.dropper.bcminer need help

Recommended Posts

I seem to have this bug. Did a lot of reading, tried normal removal tools with no luck. Seems most I saw needed more invasive help and that your group has been successful removing this. Hope you can for me...

I have run DDS, FRST and RogueKiller scans as I see most need some combination of these log files...

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by jeffrey at 8:44:16 on 2012-08-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5944 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\BRUNVPRNPC64.EXE

C:\Windows\system32\ftusbrdsrv.exe

C:\Windows\system32\ftusbrdwks.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

D:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe

D:\Program Files\Veeam\Veeam Monitor for VMware\VeeamDCS.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe

D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe

D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\ftusbrdp.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe

C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe

D:\Program Files (x86)\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe

D:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe

D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Hitachi Software Engineering\FX-DuoDriver\LSDRVA.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\Dropbox.exe

D:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

C:\Windows\Samsung\PanelMgr\caller64.exe

D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

D:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylus.exe

C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBWinTouchChg.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\UltraMon\UltraMonUiAcc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [Google Update] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Mikogo] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp

uRun: [AdobeBridge]

uRun: [LaCie Ethernet Agent Startup] "C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe" silent

uRun: [EPSON Stylus Photo R1800] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_SD31D.tmp" /EF "HKCU"

mRun: [NUSB3MON] "D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [starBoardPrintListener] "D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe"

mRun: [starBoardDriver] "C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe"

mRun: [MyScriptStylusAutoStart.vbe] "d:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylusAutoStart.vbe"

mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\JEFFRE~1.ONE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - D:\Program Files (x86)\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - D:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARBO~1.LNK - C:\Program Files (x86)\Hitachi Software Engineering\FX-DuoDriver\LSDRVA.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms

IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

Trusted Zone: oneida-air.com\oasvpn

DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://oasvpn.oneida-air.com/XTSAC.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}

DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer = 10.0.0.2,10.0.0.5

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO-X64: LastPass Browser Helper Object - No File

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

mRun-x64: [NUSB3MON] "D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [starBoardPrintListener] "D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe"

mRun-x64: [starBoardDriver] "C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe"

mRun-x64: [MyScriptStylusAutoStart.vbe] "d:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylusAutoStart.vbe"

mRun-x64: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R2 BrUnvPrnPortPCL;BrUnvPrnPortPCL;C:\Windows\system32\\BRUNVPRNPC64.EXE --> C:\Windows\system32\\BRUNVPRNPC64.EXE [?]

R2 ftusbrdsrv;USB for Remote Desktop (Server) service;C:\Windows\system32\ftusbrdsrv.exe --> C:\Windows\system32\ftusbrdsrv.exe [?]

R2 ftusbrdwks;USB for Remote Desktop (Workstation) service;C:\Windows\system32\ftusbrdwks.exe --> C:\Windows\system32\ftusbrdwks.exe [?]

R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]

R2 MSSQL$VEEAM;SQL Server (VEEAM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-10 381248]

R2 TrileadVMXService;Trilead VM Explorer Service;D:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe [2011-12-20 44560]

R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

R2 VeeamDCS;Veeam Data Collector Service;D:\Program Files\Veeam\Veeam Monitor for VMware\VeeamDCS.exe [2012-2-1 8838928]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-8-19 423536]

R2 vmware-converter-server;VMware vCenter Converter Standalone Server;D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]

R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;D:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]

R3 ft2usbhub;Virtual USB Bus;C:\Windows\system32\DRIVERS\ftusbbus2.sys --> C:\Windows\system32\DRIVERS\ftusbbus2.sys [?]

R3 ftusb2;ftusb2;\??\C:\Windows\system32\drivers\ftusb2.sys --> C:\Windows\system32\drivers\ftusb2.sys [?]

R3 ftusbload2;ftusbload2;\??\C:\Windows\system32\drivers\ftusbload2.sys --> C:\Windows\system32\drivers\ftusbload2.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 StarBoardMT;StarBoard Software Multi-touch;C:\Windows\system32\DRIVERS\StarBoardMT.sys --> C:\Windows\system32\DRIVERS\StarBoardMT.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-17 116648]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-12-30 89160]

S3 DraftSight API Service;DraftSight API Service;C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-4-13 78336]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-19 1431888]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-17 116648]

S3 LSDRVA;StarBoard FX-DUO Light Sensor USB Driver (lsdrva.sys);C:\Windows\system32\Drivers\lsdrva.sys --> C:\Windows\system32\Drivers\lsdrva.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-12-9 113800]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-09 16:36:00 -------- d-----w- C:\FRST

2012-08-08 21:57:39 -------- d-----w- C:\ProgramData\HitmanPro

2012-08-08 21:48:12 -------- d-----w- C:\ProgramData\PLAV

2012-08-08 21:48:08 -------- d-----w- C:\ProgramData\ParetoLogic Anti-Virus PLUS

2012-08-08 21:43:38 -------- d-----w- C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\ElevatedDiagnostics

2012-08-08 21:29:56 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys

2012-08-08 20:53:52 -------- d-----w- C:\Program Files\CCleaner

2012-08-07 17:14:51 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-08-07 09:16:38 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A672B16B-EE7D-4288-9257-06BD961BD68B}\mpengine.dll

2012-07-16 13:08:10 -------- d-----w- C:\ProgramData\Realtime Soft

2012-07-16 13:08:10 -------- d-----w- C:\Program Files\UltraMon

2012-07-16 13:08:10 -------- d-----w- C:\Program Files (x86)\Common Files\Realtime Soft

2012-07-12 19:05:40 -------- d-----w- C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\CrashRpt

2012-07-12 19:04:39 -------- d-----w- C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\DraftSight

2012-07-12 19:04:39 -------- d-----w- C:\ProgramData\Dassault Systemes

2012-07-12 19:04:37 -------- d-----w- C:\Program Files (x86)\Dassault Systemes

2012-07-12 07:03:12 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 09:37:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 09:36:50 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 09:36:50 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 09:36:50 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 09:36:50 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 09:36:50 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 09:36:50 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 09:36:50 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 09:36:50 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 09:36:50 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 09:36:50 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 09:36:50 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 09:36:50 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-11 09:36:50 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-10 15:22:10 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2012-07-10 15:21:11 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro

2012-07-10 15:10:03 -------- d-----w- C:\Windows\System32\SPReview

2012-07-10 15:09:49 -------- d-----w- C:\Windows\System32\EventProviders

.

==================== Find3M ====================

.

2012-07-10 15:12:12 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-07-10 15:12:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-26 18:17:31 60304 ----a-w- C:\Users\jeffrey.ONEIDA-AIR\g2mdlhlpx.exe

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-03 19:46:42 13844000 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

.

============= FINISH: 8:44:28.44 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/19/2011 4:35:50 PM

System Uptime: 8/9/2012 8:38:59 AM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R

Processor: Intel® Core i7 CPU 960 @ 3.20GHz | Socket 1366 | 3193/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 6.544 GiB free.

D: is FIXED (NTFS) - 1863 GiB total, 1331.003 GiB free.

E: is CDROM (UDF)

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP264: 8/9/2012 8:21:52 AM - before fixes

.

==== Installed Programs ======================

.

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Anchor Service CS4

Adobe CMaps CS4

Adobe Community Help

Adobe Content Viewer

Adobe Creative Suite 5.5 Design Standard

Adobe CS4 American English Speech Analysis Models

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe OnLocation CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Premiere Pro CS4 Third Party Content

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

Apple Application Support

Apple Software Update

Autodesk Actrix 2000

CardMinder V3.0

Crystal Reports XI

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DraftSight

DrivePM 1.3

DriveWindow Light 2.92

Dropbox

DWL_MergeModules

Exact CRW XI SP6.2

FileZilla Client 3.3.5.1

Fujitsu COBOL Free Run-time

GDR 1617 for SQL Server 2008 R2 (KB2494088)

Getting Things Done Outlook Add-In

Google Chrome

Google Earth Plug-in

Google Update Helper

GoToMeeting 5.1.0.880

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

Java Auto Updater

Java 6 Update 30

Jeff-Net Report Runner 2012

LastPass (uninstall only)

Macola ES

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Application Error Reporting

Microsoft Office 2003 Web Components

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Report Viewer Redistributable 2008 (KB971119)

Microsoft Report Viewer Redistributable 2008 SP1

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (VEEAM)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server 2008 R2

Microsoft SQL Server 2008 R2 Policies

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server System CLR Types

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Applications - ENU

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mikogo 4

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyScript Stylus Hitachi 3.2

NEC Electronics USB 3.0 Host Controller Driver

NVIDIA 3D Vision Controller Driver

NVIDIA Stereoscopic 3D Driver

PDF Settings CS5

Photoshop Camera Raw

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Safari

Samsung CLP-310 Series

SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)

ScanSnap Manager

ScanSnap Organizer

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

SolidWorks 2012 x64 Edition SP02 Early Visibility

SQL Server 2008 R2 Client Tools

SQL Server 2008 R2 Common Files

SQL Server 2008 R2 Management Studio

StarBoard Contents

StarBoard Contents Library

StarBoard Driver

StarBoard Flash Contents

StarBoard Language Recognition Support (English (United States))

StarBoard Light Sensor Driver

StarBoard Software

StarBoard Software 9.33

Suite Shared Configuration CS4

Trilead VM Explorer

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

USB for Remote Desktop (Server) 3.1.2

USB for Remote Desktop (Workstation) 3.1.2

VBA (2627.01)

Veeam Backup and FastSCP

Veeam Report Viewer

VMware Remote Console Plug-in

VMware vCenter Converter Standalone

VMware vSphere Client 5.0

YNAB 3 version 3.6.3

YNAB 4 version 4.1.20

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 8:39:30 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/9/2012 8:39:20 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

8/9/2012 8:21:00 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

8/8/2012 5:53:52 PM, Error: Service Control Manager [7034] - The PLAVService service terminated unexpectedly. It has done this 1 time(s).

8/8/2012 5:46:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/8/2012 5:46:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/8/2012 5:45:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

8/8/2012 5:38:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

8/8/2012 5:38:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/8/2012 5:38:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/8/2012 5:38:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/8/2012 5:38:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/8/2012 5:38:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

8/8/2012 5:38:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 5:38:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

8/8/2012 5:03:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

8/8/2012 5:03:00 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

8/8/2012 5:03:00 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

8/8/2012 4:58:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 4:58:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/8/2012 4:58:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/8/2012 4:58:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The VMware vCenter Converter Standalone Server service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 4:58:38 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

FRST

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by SYSTEM at 09-08-2012 08:37:34

Running from G:\

Windows 7 Professional (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1694016 2011-09-07] ()

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)

HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)

HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)

HKLM-x32\...\Run: [NUSB3MON] "D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [x]

HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-10-25] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [x]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [x]

HKLM-x32\...\Run: [starBoardPrintListener] "D:\Program Files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe" [x]

HKLM-x32\...\Run: [starBoardDriver] "C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe" [908384 2011-09-09] (Hitachi Solutions, Ltd.)

HKLM-x32\...\Run: [MyScriptStylusAutoStart.vbe] "d:\Program Files (x86)\Vision Objects\MyScript Stylus\MyScriptStylusAutoStart.vbe" [x]

HKLM-x32\...\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun [606208 2009-12-09] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [x]

HKU\jeffrey.ONEIDA-AIR\...\Run: [Google Update] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-20] (Google Inc.)

HKU\jeffrey.ONEIDA-AIR\...\Run: [Mikogo] "C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp [5420408 2011-08-04] ()

HKU\jeffrey.ONEIDA-AIR\...\Run: [AdobeBridge] [x]

HKU\jeffrey.ONEIDA-AIR\...\Run: [LaCie Ethernet Agent Startup] "C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe" silent [9809408 2012-02-09] (LaCie SA)

HKU\jeffrey.ONEIDA-AIR\...\Run: [EPSON Stylus Photo R1800] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_SD31D.tmp" /EF "HKCU" [211968 2007-01-12] (SEIKO EPSON CORPORATION)

HKLM\...\Winlogon: [userinit] C:\Windows\system32\ftusbrdp.exe,C:\Windows\system32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation)

Tcpip\..\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E}: [NameServer]10.0.0.2,10.0.0.5

Startup: C:\Users\administrator\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk

ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe (No File)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk

ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (No File)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk

ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\StarBoard Light Sensor Driver.lnk

ShortcutTarget: StarBoard Light Sensor Driver.lnk -> C:\Program Files (x86)\Hitachi Software Engineering\FX-DuoDriver\LSDRVA.exe (eIT Co., Ltd. and Xiroku Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk

ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()

Startup: C:\Users\jeffrey\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

Startup: C:\Users\jeffrey.ONEIDA-AIR\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 BrUnvPrnPortPCL; C:\Windows\system32\\BRUNVPRNPC64.EXE [60416 2010-11-18] ()

3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-04-13] (Dassault Systèmes)

2 ftusbrdsrv; C:\Windows\system32\ftusbrdsrv.exe [1552896 2012-01-25] (FabulaTech)

2 ftusbrdwks; C:\Windows\system32\ftusbrdwks.exe [1538560 2012-01-25] (FabulaTech)

2 MSSQL$VEEAM; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVEEAM [29293408 2010-12-10] (Microsoft Corporation)

2 vmware-converter-agent; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-agent.xml" [6285 2012-01-26] ()

2 vmware-converter-server; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-server.xml" [4291 2012-01-26] ()

2 vmware-converter-worker; "C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe" -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-worker.xml" [6897 2012-01-26] ()

3 CoordinatorServiceHost; "C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe" [x]

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [x]

3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [x]

2 TrileadVMXService; "C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe" [x]

2 VeeamDCS; "C:\Program Files\Veeam\Veeam Monitor for VMware\VeeamDCS.exe" [x]

========================== Drivers (Whitelisted) =============

3 bmdrvr; C:\Windows\SysWow64\Drivers\bmdrvr.sys [74352 2011-03-14] (VMware, Inc.)

3 ft2usbhub; C:\Windows\System32\DRIVERS\ftusbbus2.sys [46584 2012-01-05] (FabulaTech)

3 ftusb2; C:\Windows\System32\Drivers\ftusb2.sys [25592 2012-01-05] (FabulaTech)

3 ftusbload2; C:\Windows\System32\Drivers\ftusbload2.sys [42488 2012-01-05] (FabulaTech)

1 kl1; C:\Windows\System32\Drivers\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO)

1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [354320 2010-05-28] (Kaspersky Lab)

3 LSDRVA; C:\Windows\System32\Drivers\LSDRVA.sys [46360 2009-12-08] (eIT Co., Ltd. and Xiroku Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 StarBoardMT; C:\Windows\System32\Drivers\StarBoardMT.sys [28968 2011-09-14] (Hitachi Solutions, Ltd.)

2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]

3 gdrv; \??\C:\Windows\gdrv.sys [x]

0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [x]

3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-09 08:36 - 2012-08-09 08:36 - 00000000 ____D C:\FRST

2012-08-09 04:21 - 2012-08-09 04:25 - 00017929 ____A C:\Windows\WindowsUpdate.log

2012-08-08 13:57 - 2012-08-08 13:58 - 00000000 ____D C:\Users\All Users\HitmanPro

2012-08-08 13:53 - 2012-08-08 13:54 - 00000000 ___SD C:\32788R22FWJFW

2012-08-08 13:53 - 2012-08-08 13:54 - 00000000 ____D C:\Windows\erdnt

2012-08-08 13:53 - 2012-08-08 13:54 - 00000000 ____D C:\Qoobox

2012-08-08 13:48 - 2012-08-09 04:24 - 00000000 ____D C:\Users\All Users\PLAV

2012-08-08 13:48 - 2012-08-08 13:48 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS

2012-08-08 13:29 - 2012-08-08 13:29 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys

2012-08-08 13:23 - 2012-08-08 13:23 - 00000036 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\housecall.guid.cache

2012-08-08 13:21 - 2012-08-08 13:21 - 00000376 ____A C:\Windows\PFRO.log

2012-08-08 13:02 - 2012-08-09 04:20 - 00000168 ____A C:\Windows\setupact.log

2012-08-08 13:02 - 2012-08-08 13:02 - 00000000 ____A C:\Windows\setuperr.log

2012-08-08 12:53 - 2012-08-08 12:53 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-08-08 12:53 - 2012-08-08 12:53 - 00000000 ____D C:\Program Files\Google

2012-08-08 12:53 - 2012-08-08 12:53 - 00000000 ____D C:\Program Files\CCleaner

2012-08-07 09:14 - 2012-08-07 09:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-24 09:25 - 2012-07-24 09:25 - 00000000 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Temptable.xml

2012-07-17 08:35 - 2012-08-09 04:24 - 00000000 ____D C:\Program Files (x86)\Google

2012-07-17 08:35 - 2012-08-09 04:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-17 08:35 - 2012-08-09 03:45 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-16 05:08 - 2012-07-16 05:08 - 00000000 ____D C:\Users\All Users\Realtime Soft

2012-07-16 05:08 - 2012-07-16 05:08 - 00000000 ____D C:\Program Files\UltraMon

2012-07-12 11:05 - 2012-07-12 11:05 - 00000000 ____D C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\CrashRpt

2012-07-12 11:04 - 2012-07-12 11:04 - 00002773 ____A C:\Users\Public\Desktop\DraftSight.lnk

2012-07-12 11:04 - 2012-07-12 11:04 - 00000000 ____D C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\DraftSight

2012-07-12 11:04 - 2012-07-12 11:04 - 00000000 ____D C:\Users\All Users\Dassault Systemes

2012-07-12 11:04 - 2012-07-12 11:04 - 00000000 ____D C:\Program Files (x86)\Dassault Systemes

2012-07-11 23:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 23:02 - 2012-07-11 23:02 - 00000127 ____A C:\Windows\System32\MRT.INI

2012-07-11 23:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-11 23:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-11 23:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-11 23:00 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-11 23:00 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-11 23:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-11 23:00 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-11 23:00 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-11 23:00 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-11 23:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-11 23:00 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-11 23:00 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-11 23:00 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-11 23:00 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-11 23:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-11 23:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-11 23:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-11 23:00 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-11 23:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-11 23:00 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-11 23:00 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-11 23:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-11 23:00 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-11 23:00 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-11 23:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-11 23:00 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-11 23:00 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-11 23:00 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-11 01:37 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-11 01:37 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-11 01:37 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-11 01:37 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-11 01:37 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-11 01:37 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-11 01:37 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-11 01:37 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-11 01:37 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-11 01:37 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-11 01:37 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-11 01:37 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-11 01:37 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-11 01:37 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-11 01:37 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-11 01:37 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-11 01:37 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-11 01:36 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-11 01:36 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-10 07:22 - 2012-07-10 07:22 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf

2012-07-10 07:22 - 2012-07-10 07:22 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint

2012-07-10 07:21 - 2012-07-10 07:21 - 00000000 ____D C:\Program Files\Microsoft IntelliType Pro

2012-07-10 07:20 - 2012-07-10 07:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf

2012-07-10 07:10 - 2012-07-10 07:10 - 00000000 ____D C:\Windows\System32\SPReview

2012-07-10 07:09 - 2012-07-10 07:09 - 00000000 ____D C:\Windows\System32\EventProviders

============ 3 Months Modified Files ========================

2012-08-09 04:25 - 2012-08-09 04:21 - 00017929 ____A C:\Windows\WindowsUpdate.log

2012-08-09 04:25 - 2009-07-13 21:13 - 00844630 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-09 04:25 - 2009-07-13 20:45 - 00014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-09 04:25 - 2009-07-13 20:45 - 00014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-09 04:20 - 2012-08-08 13:02 - 00000168 ____A C:\Windows\setupact.log

2012-08-09 04:20 - 2012-07-17 08:35 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-09 04:20 - 2011-12-19 13:49 - 00000136 ____A C:\Windows\System32\config\netlogon.ftl

2012-08-09 04:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-09 03:45 - 2012-07-17 08:35 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-09 03:11 - 2011-12-20 06:48 - 00000938 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1409082233-839522115-1119UA.job

2012-08-08 21:11 - 2011-12-20 06:48 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1409082233-839522115-1119Core.job

2012-08-08 13:29 - 2012-08-08 13:29 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys

2012-08-08 13:23 - 2012-08-08 13:23 - 00000036 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\housecall.guid.cache

2012-08-08 13:21 - 2012-08-08 13:21 - 00000376 ____A C:\Windows\PFRO.log

2012-08-08 13:02 - 2012-08-08 13:02 - 00000000 ____A C:\Windows\setuperr.log

2012-08-08 12:53 - 2012-08-08 12:53 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-08-06 07:13 - 2012-01-06 11:53 - 00001456 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Adobe Save for Web 12.0 Prefs

2012-07-24 09:25 - 2012-07-24 09:25 - 00000000 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\Temptable.xml

2012-07-18 09:55 - 2012-02-01 11:29 - 00861898 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-07-16 05:03 - 2012-07-05 12:24 - 00000832 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-12 11:04 - 2012-07-12 11:04 - 00002773 ____A C:\Users\Public\Desktop\DraftSight.lnk

2012-07-11 23:19 - 2009-07-13 20:45 - 05007344 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 23:02 - 2012-07-11 23:02 - 00000127 ____A C:\Windows\System32\MRT.INI

2012-07-11 23:01 - 2011-12-19 14:06 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-11 04:19 - 2011-12-20 06:29 - 00129680 ____A C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-10 07:22 - 2012-07-10 07:22 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf

2012-07-10 07:20 - 2012-07-10 07:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf

2012-07-10 07:12 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll

2012-07-10 07:12 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll

2012-07-03 09:46 - 2012-07-05 12:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-26 10:17 - 2012-06-26 10:17 - 00060304 ____A C:\Users\jeffrey.ONEIDA-AIR\g2mdlhlpx.exe

2012-06-20 12:08 - 2012-06-20 12:08 - 00001139 ____A C:\Users\Public\Desktop\Report Runner Viewer.lnk

2012-06-11 19:08 - 2012-07-11 23:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-11 01:37 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-11 01:37 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-05 22:06 - 2012-07-11 01:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-11 01:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-11 01:36 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-11 01:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-11 01:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-11 01:36 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 14:19 - 2012-06-22 12:37 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-22 12:37 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-22 12:37 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-22 12:37 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-22 12:37 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-22 12:37 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-22 12:37 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-06-22 12:37 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:15 - 2012-06-22 12:37 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-11 23:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-11 23:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-11 23:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-11 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-11 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-11 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-11 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-11 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-11 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-11 23:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-11 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-11 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-11 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-11 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-11 23:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-11 23:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-11 23:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-11 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-11 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-11 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-11 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-11 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-11 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-11 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-11 23:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-11 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-11 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-11 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-11 01:37 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-11 01:37 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-11 01:37 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-11 01:37 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-11 01:37 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-11 01:37 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-11 01:37 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-11 01:37 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-11 01:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-31 08:25 - 2011-12-19 13:52 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

ZeroAccess:

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L\00000004.@

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\00000004.@

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\00000008.@

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\000000cb.@

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000000.@

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000032.@

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000064.@

ZeroAccess:

C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}

C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\@

C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L

C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%

Total physical RAM: 8190.38 MB

Available physical RAM: 7171.66 MB

Total Pagefile: 8188.53 MB

Available Pagefile: 7241.38 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:55.8 GB) (Free:6.56 GB) NTFS

2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (GRMCPRXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF

4 Drive g: (PATRIOT) (Removable) (Total:14.91 GB) (Free:10.5 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (Main) (Fixed) (Total:1863.02 GB) (Free:1330.97 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 1863 GB 1024 KB

Disk 1 Online 55 GB 0 B

Disk 2 Online 14 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y Main NTFS Partition 1863 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 55 GB 101 MB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 1

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C NTFS Partition 55 GB Healthy

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 31 KB

==================================================================================

Disk: 2

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G PATRIOT FAT32 Removable 14 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-06 20:02

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by SYSTEM at 2012-08-09 08:37:05

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: jeffrey [Admin rights]

Mode: Scan -- Date: 08/09/2012 08:04:55

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Mikogo ("C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1229272821-1409082233-839522115-1119[...]\Run : Mikogo ("C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer (10.0.0.2,10.0.0.5) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer (10.0.0.2,10.0.0.5) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : c:\windows\installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\jeffrey.oneida-air\appdata\local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\jeffrey.oneida-air\appdata\local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\jeffrey.oneida-air\appdata\local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Main +++++

--- User ---

[MBR] d13e4411ae15cbc1204037a801f514c1

[bSP] 2080a9313410d9a59b36e44c9bb29f69 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907731 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: OCZ-VERTEX2 ATA Device +++++

--- User ---

[MBR] 889c44ce5fe6f5e349c21c8826e4a79e

[bSP] ade5d072fd87f7df663f824951c8b4d5 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012 02

Ran by SYSTEM at 2012-08-09 09:21:03 Run:1

Running from G:\

==============================================

C:\Windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7} moved successfully.

C:\Users\jeffrey.ONEIDA-AIR\AppData\Local\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Here's Combofix Log...

ComboFix 12-08-08.03 - jeffrey 08/09/2012 9:40.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6210 [GMT -4:00]

Running from: d:\users\jeffrey.ONEIDA-AIR\Desktop\fix\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\jeffrey.ONEIDA-AIR\g2mdlhlpx.exe

c:\windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\@

c:\windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L\00000004.@

c:\windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\L\201d3dde

c:\windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\00000004.@

c:\windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\00000008.@

c:\windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\000000cb.@

c:\windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000000.@

c:\windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000032.@

c:\windows\Installer\{1f998b8e-6b0a-b33c-a311-6f4a1962c2e7}\U\80000064.@

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))

.

.

2012-08-09 16:36 . 2012-08-09 16:36 -------- d-----w- C:\FRST

2012-08-09 13:44 . 2012-08-09 13:44 -------- d-----w- c:\users\jeffrey\AppData\Local\temp

2012-08-09 13:44 . 2012-08-09 13:44 -------- d-----w- c:\users\JEFFRE~1~ONE\AppData\Local\temp

2012-08-08 21:48 . 2012-08-09 12:24 -------- d-----w- c:\programdata\PLAV

2012-08-08 21:48 . 2012-08-08 21:48 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS

2012-08-08 21:43 . 2012-08-08 21:43 -------- d-----w- c:\users\jeffrey.ONEIDA-AIR\AppData\Local\ElevatedDiagnostics

2012-08-08 21:29 . 2012-08-08 21:29 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-08-08 20:53 . 2012-08-08 20:53 -------- d-----w- c:\program files\CCleaner

2012-08-08 20:53 . 2012-08-09 12:39 -------- d-----w- c:\program files\Google

2012-08-07 17:14 . 2012-08-07 17:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-07 09:16 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A672B16B-EE7D-4288-9257-06BD961BD68B}\mpengine.dll

2012-07-17 16:35 . 2012-08-09 12:39 -------- d-----w- c:\program files (x86)\Google

2012-07-16 13:08 . 2012-07-16 13:08 -------- d-----w- c:\programdata\Realtime Soft

2012-07-16 13:08 . 2012-07-16 13:08 -------- d-----w- c:\program files\UltraMon

2012-07-16 13:08 . 2012-07-16 13:08 -------- d-----w- c:\program files (x86)\Common Files\Realtime Soft

2012-07-12 19:05 . 2012-07-12 19:05 -------- d-----w- c:\users\jeffrey.ONEIDA-AIR\AppData\Local\CrashRpt

2012-07-12 19:04 . 2012-07-12 19:04 -------- d-----w- c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\DraftSight

2012-07-12 19:04 . 2012-07-12 19:04 -------- d-----w- c:\programdata\Dassault Systemes

2012-07-12 19:04 . 2012-07-12 19:04 -------- d-----w- c:\program files (x86)\Dassault Systemes

2012-07-12 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 09:37 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 09:36 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-11 09:36 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-11 09:36 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-11 09:36 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 09:36 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-11 09:36 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-07-11 09:36 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 09:36 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 09:36 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 09:36 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 09:36 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 09:36 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 09:36 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-07-10 15:22 . 2012-07-10 15:22 -------- d-----w- c:\program files\Microsoft IntelliPoint

2012-07-10 15:21 . 2012-07-10 15:21 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2012-07-10 15:10 . 2012-07-10 15:10 -------- d-----w- c:\windows\system32\SPReview

2012-07-10 15:09 . 2012-07-10 15:09 -------- d-----w- c:\windows\system32\EventProviders

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 07:01 . 2011-12-19 22:06 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-10 15:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-07-10 15:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-07-03 17:46 . 2012-07-05 20:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:19 . 2012-06-22 20:37 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 20:37 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 20:37 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 20:37 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 20:37 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 20:37 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 20:37 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 20:37 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 20:37 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 16:25 . 2011-12-19 21:52 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-03 19:46 . 2012-01-03 19:46 13844000 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mikogo"="c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2011-08-04 5420408]

"LaCie Ethernet Agent Startup"="c:\program files\LaCie\Network Assistant\LaCie Network Assistant.exe" [2012-02-09 9809408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="d:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]

"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"StarBoardPrintListener"="d:\program files (x86)\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe" [2011-09-16 35840]

"StarBoardDriver"="c:\program files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe" [2011-09-09 908384]

"MyScriptStylusAutoStart.vbe"="d:\program files (x86)\Vision Objects\MyScript Stylus\MyScriptStylusAutoStart.vbe" [2011-09-09 1161]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-1-3 13844000]

.

c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

CardMinder Viewer.lnk - d:\program files (x86)\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe [2012-2-16 36864]

ScanSnap Manager.lnk - d:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2012-2-16 1757184]

SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2012-7-10 1855080]

StarBoard Light Sensor Driver.lnk - c:\program files (x86)\Hitachi Software Engineering\FX-DuoDriver\LSDRVA.exe [2011-8-10 270336]

UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2012-7-16 29310]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 116648]

R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]

R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-12-30 89160]

R3 DraftSight API Service;DraftSight API Service;c:\program files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-04-13 78336]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-19 1431888]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 116648]

R3 LSDRVA;StarBoard FX-DUO Light Sensor USB Driver (lsdrva.sys);c:\windows\system32\Drivers\lsdrva.sys [2009-12-08 46360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;d:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-12-09 113800]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-20 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]

S2 BrUnvPrnPortPCL;BrUnvPrnPortPCL;c:\windows\system32\\BRUNVPRNPC64.EXE [2010-11-18 60416]

S2 ftusbrdsrv;USB for Remote Desktop (Server) service;c:\windows\system32\ftusbrdsrv.exe [2012-01-25 1552896]

S2 ftusbrdwks;USB for Remote Desktop (Workstation) service;c:\windows\system32\ftusbrdwks.exe [2012-01-25 1538560]

S2 MSSQL$VEEAM;SQL Server (VEEAM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-14 11576]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-11 381248]

S2 TrileadVMXService;Trilead VM Explorer Service;d:\program files (x86)\Trilead\Trilead VMX\VMXService.exe [2011-12-20 44560]

S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

S2 VeeamDCS;Veeam Data Collector Service;d:\program files\Veeam\Veeam Monitor for VMware\VeeamDCS.exe [2010-10-03 8838928]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]

S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;d:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-20 423536]

S2 vmware-converter-server;VMware vCenter Converter Standalone Server;d:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]

S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;d:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]

S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

S3 ft2usbhub;Virtual USB Bus;c:\windows\system32\DRIVERS\ftusbbus2.sys [2012-01-05 46584]

S3 ftusb2;ftusb2;c:\windows\system32\drivers\ftusb2.sys [2012-01-05 25592]

S3 ftusbload2;ftusbload2;c:\windows\system32\drivers\ftusbload2.sys [2012-01-05 42488]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-12-20 646248]

S3 StarBoardMT;StarBoard Software Multi-touch;c:\windows\system32\DRIVERS\StarBoardMT.sys [2011-09-14 28968]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 16:35]

.

2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 16:35]

.

2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1409082233-839522115-1119Core.job

- c:\users\jeffrey.ONEIDA-AIR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 14:51]

.

2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1409082233-839522115-1119UA.job

- c:\users\jeffrey.ONEIDA-AIR\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 14:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\jeffrey.ONEIDA-AIR\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1694016]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms

IE: Se&nd to OneNote - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: oneida-air.com\oasvpn

TCP: Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E}: NameServer = 10.0.0.2,10.0.0.5

DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,

9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,

91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:22,3b,72,4b,1e,dd,cc,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

.

**************************************************************************

.

Completion time: 2012-08-09 09:47:59 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-09 13:47

.

Pre-Run: 6,540,906,496 bytes free

Post-Run: 6,935,814,144 bytes free

.

- - End Of File - - 2BE97121777664791BDA16C7122FD640

Share this post


Link to post
Share on other sites

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Reboot and scan the system with RogueKiller again and post the new log, MrC

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

jeffrey :: JEFFREY-PC2012 [administrator]

Protection: Enabled

8/9/2012 9:59:27 AM

mbam-log-2012-08-09 (09-59-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 252490

Time elapsed: 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: jeffrey [Admin rights]

Mode: Scan -- Date: 08/09/2012 10:03:18

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] mikogo-host.exe -- C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Mikogo ("C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1229272821-1409082233-839522115-1119[...]\Run : Mikogo ("C:\Users\jeffrey.ONEIDA-AIR\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer (10.0.0.2,10.0.0.5) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{EC49DE3F-2CFF-4052-8090-8CF207F3ED0E} : NameServer (10.0.0.2,10.0.0.5) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Main +++++

--- User ---

[MBR] d13e4411ae15cbc1204037a801f514c1

[bSP] 2080a9313410d9a59b36e44c9bb29f69 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907731 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: OCZ-VERTEX2 ATA Device +++++

--- User ---

[MBR] 889c44ce5fe6f5e349c21c8826e4a79e

[bSP] ade5d072fd87f7df663f824951c8b4d5 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: Patriot Memory USB Device +++++

--- User ---

[MBR] 51b57a076ed6152b9e2491c75b73338e

[bSP] 8f9f2d2563aea1467f95a217c0825836 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 15279 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.