GOOGLE REDIRECT VIRUS LOGS POSTED HELP!

jeccawest · August 15, 2012

Please help me. I am desperate to get this thing off of my computer. When I use google search links, the links actually take me to different websites (mostly spam) I have posted both logs and really just want to get this thing off of my laptop.

HERE IS MALWAREBYTES

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.14.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jessica :: JESSICA-ASUS [administrator]

8/14/2012 9:32:03 PM

mbam-log-2012-08-14 (21-32-03).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 239656

Time elapsed: 14 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\n (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

HERE IS DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Jessica at 22:02:35 on 2012-08-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3874.1924 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\AsScrPro.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIEQA.EXE

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4ETO0Q1\RogueKiller.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_SCD86.tmp" /EF "HKCU"

uRun: [Facebook Update] "C:\Users\Jessica\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [agetu] rundll32.exe "C:\Users\Jessica\AppData\Roaming\agetu.dll",GetDriverInfo

uRun: [ledips] rundll32.exe "C:\Users\Jessica\AppData\Roaming\ledips.dll",Long_FromString

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

StartupFolder: C:\Users\Jessica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Jessica\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe

StartupFolder: C:\Users\Jessica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{9700C361-ADB4-4F19-A893-93A7AF9F342E} : DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{BB17913B-C9D3-4A4B-8D76-015FA6B6AC12} : DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{BB17913B-C9D3-4A4B-8D76-015FA6B6AC12}\14E64627F69646140503135413 : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{BB17913B-C9D3-4A4B-8D76-015FA6B6AC12}\3505343547574656E647 : DhcpNameServer = 172.16.2.22 172.16.2.2

TCP: Interfaces\{BB17913B-C9D3-4A4B-8D76-015FA6B6AC12}\77962756C656373753830353 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BB17913B-C9D3-4A4B-8D76-015FA6B6AC12}\84F43505944514C4D27455543545 : DhcpNameServer = 10.202.0.6

TCP: Interfaces\{BB17913B-C9D3-4A4B-8D76-015FA6B6AC12}\A45616E656474756355636F6270514D27657563747 : DhcpNameServer = 65.32.5.74 65.32.5.75 192.168.33.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO-X64: Web Assistant Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-3-22 1136128]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-2-11 907600]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-2-11 997712]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-2-23 134928]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]

R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-28 2656280]

R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-7-20 185856]

R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]

R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-2-11 1304912]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-12 250056]

S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-2-4 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-15 01:31:15 711240 ----a-w- C:\Windows\isRS-000.tmp

2012-08-15 01:17:28 102400 ----a-w- C:\Windows\RegBootClean.exe

2012-08-15 01:01:24 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-08-15 00:55:09 -------- d-----w- C:\Users\Jessica\AppData\Roaming\QuickScan

2012-08-13 23:46:46 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2012-08-13 23:46:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-12 16:22:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-08-12 16:15:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-12 16:15:22 446976 ----a-w- C:\Users\Jessica\AppData\Roaming\ledips.dll

2012-08-12 16:14:29 -------- d-----w- C:\Users\Jessica\AppData\Roaming\xsecva

2012-08-12 14:23:18 -------- d-----w- C:\Program Files (x86)\EA GAMES

2012-08-12 14:23:17 442368 ----a-r- C:\Windows\SysWow64\vp6vfw.dll

2012-08-11 22:35:23 -------- d-----w- C:\Program Files (x86)\Sims 3

2012-08-10 22:21:13 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3EDFC26-7C1E-4C42-8771-EA23323B4E9D}\mpengine.dll

2012-08-06 00:45:56 -------- d-----w- C:\Users\Jessica\AppData\Roaming\The Sims Resource

2012-08-06 00:35:45 -------- d-----w- C:\Users\Jessica\AppData\Roaming\MilkShape 3D 1.x.x

2012-08-06 00:35:33 -------- d-----w- C:\Program Files (x86)\MilkShape 3D 1.8.5

2012-08-06 00:15:06 -------- d-----w- C:\Users\Jessica\AppData\Roaming\TSRWorkshop

2012-08-06 00:15:06 -------- d-----w- C:\Users\Jessica\AppData\Local\Ibibi_HB

2012-07-23 19:05:18 -------- d-----w- C:\Users\Jessica\AppData\Local\{C784411F-43DC-4F97-892B-739309D7BA07}

2012-07-21 11:26:45 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-21 11:02:08 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-07-21 11:02:08 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-07-21 11:02:08 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-07-21 11:02:07 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-07-21 11:02:07 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-07-21 11:02:07 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-07-21 11:02:07 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-07-21 02:49:10 -------- d-----w- C:\ProgramData\Big Fish Games

2012-07-21 02:29:48 -------- d-----w- C:\BigFishGamesCache

2012-07-21 00:52:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-07-21 00:52:38 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-07-21 00:52:36 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-21 00:52:36 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-21 00:52:36 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-21 00:52:36 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-21 00:52:36 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-21 00:52:36 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-21 00:52:00 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-07-21 00:52:00 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-07-21 00:52:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-07-21 00:50:46 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-07-21 00:50:44 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-07-21 00:50:43 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-07-21 00:50:43 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-07-21 00:50:37 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-07-21 00:50:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-07-21 00:50:36 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-07-21 00:50:36 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-07-21 00:50:36 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-07-21 00:50:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-07-21 00:50:01 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-07-21 00:35:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-07-21 00:35:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-07-21 00:35:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-07-21 00:30:30 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-21 00:30:16 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-21 00:29:52 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-21 00:29:52 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-20 22:34:59 -------- d-----w- C:\Users\Jessica\AppData\Local\Windows Live

2012-07-20 22:34:59 -------- d-----w- C:\Users\Jessica\AppData\Local\{4D152CB0-5A18-4DBC-891E-7F37CE62BFEA}

2012-07-20 22:34:24 -------- d-----w- C:\Users\Jessica\AppData\Local\{3C30C1D7-3B46-494A-AC9D-E27AB8BF7F5A}

2012-07-20 20:18:00 -------- d-----w- C:\Program Files\Web Assistant

2012-07-20 20:16:35 -------- d-----w- C:\Program Files (x86)\Yontoo

2012-07-20 20:16:32 -------- d-----w- C:\ProgramData\Tarma Installer

2012-07-20 20:15:23 -------- d-----w- C:\Program Files (x86)\1ClickDownload

2012-07-20 13:24:49 -------- d-----w- C:\Users\Jessica\AppData\Roaming\BitTorrent

2012-07-19 00:26:10 -------- d-----w- C:\Users\Jessica\AppData\Local\Facebook

.

==================== Find3M ====================

.

2012-08-15 01:51:36 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-08-14 23:47:37 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 22:08:03.84 ===============

jeccawest · August 15, 2012

Also here is the Attach log as well.

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/16/2011 10:37:04 PM

System Uptime: 8/14/2012 9:51:06 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K53E

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 186 GiB total, 35.607 GiB free.

D: is FIXED (NTFS) - 254 GiB total, 173.937 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

H: is Removable

I: is CDROM ()

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Virtual WiFi Miniport Adapter

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2F4B1062&0&02

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport Adapter #2

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2F4B1062&0&02

Service: vwifimp

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

??????? Windows Live Mesh ActiveX ??(????)

??????? Windows Live Mesh ActiveX ???

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.1)

Alcor Micro USB Card Reader

Any Video Converter 3.2.7

Apple Application Support

Apple Software Update

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ASUS WebStorage

AsusScr_K3 Series_ENG

AsusVibe2.0

ATK Package

BitTorrent

CEP (Color Enable Package) v.9.2 (beta)

Compatibility Pack for the 2007 Office system

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

EPSON Scan

Facebook Messenger 2.1.4590.0

Galeria de Fotografias do Windows Live

Galerie de photos Windows Live

Galería fotográfica de Windows Live

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® WiDi

IZArc 4.1.6

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

Memeo AutoSync

Memeo Instant Backup

Mesh Runtime

Microsoft Office 2010

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MSVCRT

MSVCRT_amd64

Nuance PDF Reader

Origin

PDF Settings CS5

QuickTime

Realtek High Definition Audio Driver

Seagate Dashboard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

SlimDX Redistributable for .NET 2.0 (September 2011)

Sonic Focus

syncables desktop SE

The Sims 2

The Sims 2 Family Fun Stuff

The Sims 2 Glamour Life Stuff

The Sims 2 Nightlife

The Sims 2 Open For Business

The Sims 2 Pets

The Sims 2 University

The Sims™ 2 Bon Voyage

The Sims™ 2 Celebration! Stuff

The Sims™ 2 H&M® Fashion Stuff

The Sims™ 2 IKEA® Home Stuff

The Sims™ 2 Kitchen & Bath Interior Design Stuff

The Sims™ 2 Seasons

The Sims™ 2 Teen Style Stuff

The Sims™ 3 Fast Lane Stuff

The Sims™ 3 Generations

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Late Night

The Sims™ 3 Outdoor Living Stuff

The Sims™ 3 Pets

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

Wireless Console 3

Zoo Tycoon 2 - Marine Mania

Zoo Tycoon 2 Endangered Species

Zoo Tycoon: Complete Collection

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 9:05:16 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Jessica-ASUS\Jessica SID (S-1-5-21-790799072-890783470-2514710844-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/9/2012 9:05:16 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Jessica-ASUS\Jessica SID (S-1-5-21-790799072-890783470-2514710844-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/14/2012 9:52:46 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/14/2012 9:52:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/14/2012 9:51:39 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The system cannot find the file specified.

8/14/2012 9:51:36 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/14/2012 9:51:32 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/14/2012 9:51:31 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/12/2012 7:01:20 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

8/12/2012 6:58:04 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 12.

8/12/2012 6:58:04 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

.

==== End Of File ===========================

MrCharlie · August 15, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

jeccawest · August 15, 2012

I do have roguekiller installed and have already run a scan. do you need the results?

jeccawest · August 15, 2012

Sorry I posted efore I read. Here is the report.

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Jessica [Admin rights]

Mode: Scan -- Date: 08/14/2012 22:04:37

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] FACEBO~1.EXE -- C:\Users\Jessica\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 21 ¤¤¤

[bLACKLIST DLL] HKCU\[...]\Run : agetu (rundll32.exe "C:\Users\Jessica\AppData\Roaming\agetu.dll",GetDriverInfo) -> FOUND

[bLACKLIST DLL] HKCU\[...]\Run : ledips (rundll32.exe "C:\Users\Jessica\AppData\Roaming\ledips.dll",Long_FromString) -> FOUND

[bLACKLIST DLL] HKLM\[...]\Run : ledips ("C:\Windows\System32\rundll32.exe" "C:\Users\Jessica\AppData\Roaming\ledips.dll",Long_FromString) -> FOUND

[bLACKLIST DLL] HKLM\[...]\Run : agetu (rundll32.exe "C:\Users\Jessica\AppData\Roaming\agetu.dll",GetDriverInfo) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-790799072-890783470-2514710844-1001[...]\Run : agetu (rundll32.exe "C:\Users\Jessica\AppData\Roaming\agetu.dll",GetDriverInfo) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-790799072-890783470-2514710844-1001[...]\Run : ledips (rundll32.exe "C:\Users\Jessica\AppData\Roaming\ledips.dll",Long_FromString) -> FOUND

[sUSP PATH] {B59E99E3-69D5-4CE2-8469-0903A795011B}.job @ : C:\Users\Jessica\Desktop\PetSalon.exe -> FOUND

[sUSP PATH] Facebook Messenger.lnk @Jessica : C:\Users\Jessica\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jessica\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\n.) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L --> FOUND

[ZeroAccess][FILE] n : c:\users\jessica\appdata\local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\n --> FOUND

[ZeroAccess][FILE] @ : c:\users\jessica\appdata\local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\jessica\appdata\local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\jessica\appdata\local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] 1adc24914383b501ac1193c37206dec8

[bSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SD Card +++++

--- User ---

[MBR] b07927c6b904ea2d7d8dc9b2acf6092f

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 968 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · August 15, 2012

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.
Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.<------

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]Now press the Search button
[*]When the search is complete, search.txt will also be written to your USB
[*]Type exit and reboot the computer normally
[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

jeccawest · August 15, 2012

Well at least I don't bank online lol. Ohk so I am thinking reformat. This may be a stupid question but if I don't have a flash drive could I use just a regular CD?

MrCharlie · August 15, 2012

This may be a stupid question but if I don't have a flash drive could I use just a regular CD?

No, they're cheap enough to but about $10 us. MrC

jeccawest · August 16, 2012

Ohk here we go.

Search.txt

Farbar Recovery Scan Tool Version: 15-08-2012

Ran by Jessica at 2012-08-15 19:48:23

Running from E:\

================== Search: "system recovery options" ===================

=== End Of Search ===

And FRST.exe

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012

Ran by Jessica at 15-08-2012 20:17:57

Running from E:\

Service Pack 1 (X64) OS Language: English(US)

Attention: Could not load system hive.The operation completed successfully.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-08-15 19:47 - 2012-08-15 20:17 - 00000000 ____D C:\FRST

2012-08-14 22:22 - 2012-08-14 22:22 - 00029514 ____A C:\Users\Jessica\Desktop\DDS.txt

2012-08-14 22:22 - 2012-08-14 22:22 - 00009205 ____A C:\Users\Jessica\Desktop\Attach.txt

2012-08-14 22:04 - 2012-08-14 22:04 - 00004682 ____A C:\Users\Jessica\Desktop\RKreport[1].txt

2012-08-14 22:01 - 2012-08-14 22:01 - 00607260 ____R (Swearware) C:\Users\Jessica\Desktop\dds.com

2012-08-14 21:56 - 2012-08-14 22:04 - 00000000 ____D C:\Users\Jessica\Desktop\RK_Quarantine

2012-08-14 21:31 - 2012-08-14 21:31 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-14 21:17 - 2012-08-14 21:17 - 00102400 ____A C:\Windows\RegBootClean.exe

2012-08-14 21:12 - 2012-08-14 21:12 - 00261034 ____A C:\Users\Jessica\AppData\Local\census.cache

2012-08-14 21:11 - 2012-08-14 21:11 - 00130361 ____A C:\Users\Jessica\AppData\Local\ars.cache

2012-08-14 21:01 - 2012-06-05 03:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys

2012-08-14 20:58 - 2012-08-14 20:58 - 00000036 ____A C:\Users\Jessica\AppData\Local\housecall.guid.cache

2012-08-14 20:55 - 2012-08-14 20:55 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\QuickScan

2012-08-13 19:46 - 2010-12-20 18:09 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2012-08-13 18:19 - 2012-08-13 18:19 - 00759236 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-08-13 18:19 - 2012-08-13 18:19 - 00759236 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-12 16:31 - 2012-08-12 16:31 - 01623377 ____A C:\Users\Jessica\Downloads\QaenSet_o39.zip

2012-08-12 15:15 - 2012-08-12 15:15 - 00307818 ____A C:\Users\Jessica\Downloads\Leisure dress with Jeans.zip

2012-08-12 15:05 - 2012-08-12 15:05 - 00436030 ____A C:\Users\Jessica\Downloads\Colorful Dress with Lace Hem for Girls.zip

2012-08-12 14:47 - 2012-08-12 14:47 - 00263262 ____A C:\Users\Jessica\Downloads\Earrings 7.zip

2012-08-12 14:18 - 2012-08-12 14:18 - 00123625 ____A C:\Users\Jessica\Downloads\AF Alpha Mesh 0004.zip

2012-08-12 12:22 - 2012-08-12 12:22 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-08-12 12:22 - 2012-08-12 12:22 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-08-12 12:15 - 2012-08-15 19:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-12 12:15 - 2012-08-14 19:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-12 12:15 - 2012-08-14 19:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-08-12 12:15 - 2012-08-12 12:15 - 00446976 ____A (Andrew Zhezherun) C:\Users\Jessica\AppData\Roaming\ledips.dll

2012-08-12 12:14 - 2012-08-14 21:17 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\xsecva

2012-08-12 11:53 - 2012-08-12 11:53 - 00002326 ____A C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk

2012-08-12 10:23 - 2012-08-13 18:58 - 00000000 ____D C:\Program Files (x86)\EA GAMES

2012-08-12 10:23 - 2004-08-18 04:34 - 00442368 ___RA (On2.com) C:\Windows\SysWOW64\vp6vfw.dll

2012-08-12 10:23 - 2004-08-18 04:34 - 00442368 ___RA (On2.com) C:\Windows\System32\vp6vfw.dll

2012-08-11 22:16 - 2012-08-11 22:16 - 02114200 ____A C:\Users\Jessica\Downloads\Outfits 15 - Mix&Match.zip

2012-08-11 21:07 - 2012-08-11 21:07 - 00110817 ____A C:\Users\Jessica\Downloads\XMS_Flora_hair061_burgundy.zip

2012-08-11 21:05 - 2012-08-11 21:05 - 00124598 ____A C:\Users\Jessica\Downloads\XMS_Flora_hair058_caramel.zip

2012-08-11 21:02 - 2012-08-11 21:02 - 00202679 ____A C:\Users\Jessica\Downloads\XMS_Flora_hair057_blondesandy.zip

2012-08-11 20:57 - 2012-08-11 20:57 - 00111742 ____A C:\Users\Jessica\Downloads\XMS_Flora_hair055_black.zip

2012-08-11 20:12 - 2012-08-11 20:12 - 00122244 ____A C:\Users\Jessica\Downloads\XMS_Flora_hair004_Blond2.zip

2012-08-11 19:48 - 2012-08-11 19:48 - 00546397 ____A C:\Users\Jessica\Downloads\XMS_Flora_MeshHair009.zip

2012-08-11 19:26 - 2012-08-11 19:26 - 00096901 ____A C:\Users\Jessica\Downloads\XMS_meshoutfits006.zip

2012-08-11 19:13 - 2012-08-11 19:13 - 00676872 ____A C:\Users\Jessica\Downloads\XMSskindonateFeb200511.zip

2012-08-11 19:02 - 2012-08-11 19:02 - 00368739 ____A C:\Users\Jessica\Downloads\7f237bad_XMSoutfits013a.zip

2012-08-11 18:42 - 2012-08-12 12:11 - 00000000 ____D C:\Users\Jessica\Downloads\SIMS2 CUSTOM CONTENT

2012-08-11 18:40 - 2012-08-11 18:40 - 00001964 ____A C:\Users\Jessica\Desktop\vba.ini

2012-08-11 18:35 - 2012-08-11 18:35 - 00000000 ____D C:\Program Files (x86)\Sims 3

2012-08-11 13:11 - 2012-08-11 13:12 - 05497039 ____A C:\Users\Jessica\Downloads\SimDetails@TSR_FE_Dress_06.sims3pack.4dgue82.partial

2012-08-05 21:06 - 2012-08-05 21:06 - 00000016 ___RH C:\Users\Jessica\AppData\Local\9BC2C316.ini

2012-08-05 20:45 - 2012-08-05 20:45 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\The Sims Resource

2012-08-05 20:35 - 2012-08-10 19:11 - 00000000 ____D C:\Program Files (x86)\MilkShape 3D 1.8.5

2012-08-05 20:35 - 2012-08-05 20:39 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\MilkShape 3D 1.x.x

2012-08-05 20:15 - 2012-08-05 20:15 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\TSRWorkshop

2012-08-05 20:15 - 2012-08-05 20:15 - 00000000 ____D C:\Users\Jessica\AppData\Local\Ibibi_HB

2012-08-05 20:05 - 2012-08-05 20:05 - 18856261 ____A C:\Users\Jessica\Downloads\TSRW_2_0_43.exe.zip

2012-08-05 20:05 - 2012-08-05 20:05 - 00000000 ____D C:\Users\Jessica\Downloads\TSRW_2_0_43.exe

2012-07-28 15:22 - 2012-08-01 21:25 - 00004608 ____A C:\Users\Jessica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-07-24 21:04 - 2012-07-24 21:04 - 02198320 ____A C:\Users\Jessica\Documents\1.SNA

2012-07-24 03:26 - 2012-07-24 03:26 - 00002087 ____A C:\Users\Public\Desktop\Zoo Tycoon 2 Endangered Species.lnk

2012-07-23 15:05 - 2012-07-23 15:05 - 00000000 ____D C:\Users\Jessica\AppData\Local\{C784411F-43DC-4F97-892B-739309D7BA07}

2012-07-21 07:02 - 2012-03-01 01:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-07-21 07:02 - 2012-03-01 01:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-07-21 07:02 - 2012-03-01 01:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2012-07-21 07:02 - 2012-03-01 01:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll

2012-07-21 07:02 - 2012-03-01 01:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

2012-07-21 07:02 - 2012-03-01 01:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll

2012-07-21 07:01 - 2012-06-02 05:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-21 07:01 - 2012-06-02 05:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-21 07:01 - 2012-06-02 04:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-21 07:01 - 2012-06-02 04:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-21 07:01 - 2012-06-02 04:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-21 07:01 - 2012-06-02 04:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-21 07:01 - 2012-06-02 04:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-21 07:01 - 2012-06-02 04:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-21 07:01 - 2012-06-02 04:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-21 07:01 - 2012-06-02 04:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-21 07:01 - 2012-06-02 04:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-21 07:01 - 2012-06-02 04:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-21 07:01 - 2012-06-02 04:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-21 07:01 - 2012-06-02 04:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-21 07:01 - 2012-06-02 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-21 07:01 - 2012-06-02 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-21 07:01 - 2012-06-02 04:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-21 07:01 - 2012-06-02 04:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-21 07:01 - 2012-06-02 04:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-21 07:01 - 2012-06-02 04:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-21 07:01 - 2012-06-02 04:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-21 07:01 - 2012-06-02 04:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-21 07:01 - 2012-06-02 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-21 07:01 - 2012-06-02 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-21 07:01 - 2012-06-02 04:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-21 07:01 - 2012-06-02 04:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-21 07:01 - 2012-06-02 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-21 07:01 - 2012-06-02 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-20 22:49 - 2012-08-10 19:12 - 00000000 ____D C:\Users\All Users\Big Fish Games

2012-07-20 22:47 - 2012-07-20 22:48 - 15608136 ____A (Big Fish Games) C:\Users\Jessica\Downloads\bfginstaller_s1_l1.exe

2012-07-20 22:29 - 2012-08-10 19:12 - 00000000 ____D C:\BigFishGamesCache

2012-07-20 20:52 - 2012-06-06 01:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-20 20:52 - 2012-06-06 01:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-20 20:52 - 2012-06-06 01:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-20 20:52 - 2012-06-06 01:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-20 20:52 - 2012-03-03 01:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-07-20 20:52 - 2012-03-03 01:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-07-20 20:52 - 2010-06-25 23:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-20 20:52 - 2010-06-25 23:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-20 20:51 - 2012-06-09 00:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-20 20:51 - 2012-06-09 00:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-20 20:51 - 2012-06-02 00:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-20 20:51 - 2012-06-02 00:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-20 20:51 - 2012-06-02 00:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-20 20:51 - 2012-06-02 00:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll

2012-07-20 20:51 - 2012-06-02 00:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-20 20:51 - 2012-06-02 00:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-20 20:51 - 2012-06-02 00:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-20 20:51 - 2012-06-02 00:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll

2012-07-20 20:51 - 2012-05-04 06:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-07-20 20:51 - 2012-05-04 06:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2012-07-20 20:51 - 2012-05-04 06:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-07-20 20:51 - 2012-05-04 06:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-07-20 20:50 - 2012-04-24 00:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-07-20 20:50 - 2012-04-24 00:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-07-20 20:50 - 2012-04-24 00:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-07-20 20:50 - 2012-04-24 00:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-07-20 20:50 - 2012-04-24 00:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-07-20 20:50 - 2012-04-24 00:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-07-20 20:50 - 2012-04-07 07:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2012-07-20 20:50 - 2012-04-07 07:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll

2012-07-20 20:49 - 2012-06-06 01:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-20 20:49 - 2012-06-06 01:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-20 20:35 - 2012-02-17 01:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2012-07-20 20:35 - 2012-02-17 01:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll

2012-07-20 18:34 - 2012-08-07 21:16 - 00000000 ____D C:\Users\Jessica\AppData\Local\Windows Live

2012-07-20 18:34 - 2012-07-20 18:34 - 00000000 ____D C:\Users\Jessica\AppData\Local\{4D152CB0-5A18-4DBC-891E-7F37CE62BFEA}

2012-07-20 18:34 - 2012-07-20 18:34 - 00000000 ____D C:\Users\Jessica\AppData\Local\{3C30C1D7-3B46-494A-AC9D-E27AB8BF7F5A}

2012-07-20 16:18 - 2012-07-20 16:18 - 00000447 ____A C:\user.js

2012-07-20 16:18 - 2012-07-20 16:18 - 00000000 ____D C:\Program Files\Web Assistant

2012-07-20 16:18 - 2012-07-20 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-07-20 16:16 - 2012-07-20 16:16 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Mozilla

2012-07-20 16:16 - 2012-07-20 16:16 - 00000000 ____D C:\Program Files (x86)\Yontoo

2012-07-20 16:15 - 2012-08-10 19:11 - 00000000 ____D C:\Program Files (x86)\1ClickDownload

2012-07-20 13:05 - 2012-07-20 15:06 - 00000000 ____D C:\Users\Jessica\Downloads\The Lion King Trilogy 720p BDRip [A Release-Lounge H264]

2012-07-20 11:16 - 2012-07-20 11:16 - 00000000 ____D C:\Users\Jessica\Downloads\101 Soups, Salads and Sandwiches(EPUB+PDF+MOBI)[Team Nanban]tmrg

2012-07-20 11:15 - 2012-07-20 11:16 - 00000000 ____D C:\Users\Jessica\Downloads\Top Secret Restaurant Recipes - Creating Kitchen Clones from America's Favorite Restaurant Chains -Mantesh

2012-07-20 09:30 - 2012-07-20 09:30 - 00000000 ____D C:\Users\Jessica\Downloads\Cute Is What We Aim For

2012-07-20 09:27 - 2012-07-20 17:23 - 00000000 ____D C:\Users\Jessica\Downloads\Lights - The Listening (2009)

2012-07-20 09:26 - 2012-07-20 09:26 - 00000000 ____D C:\Users\Jessica\Downloads\Lights - Siberia

2012-07-20 09:24 - 2012-08-12 22:47 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\BitTorrent

2012-07-20 09:24 - 2012-07-20 09:24 - 06077848 ____A (BitTorrent, Inc.) C:\Users\Jessica\Downloads\BitTorrent.exe

2012-07-18 20:26 - 2012-08-15 20:09 - 00006652 ____A C:\Windows\SysWOW64\debug.log

2012-07-18 20:26 - 2012-08-15 20:09 - 00006652 ____A C:\Windows\System32\debug.log

2012-07-18 20:26 - 2012-08-15 18:42 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-790799072-890783470-2514710844-1001UA.job

2012-07-18 20:26 - 2012-08-14 20:31 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-790799072-890783470-2514710844-1001Core.job

2012-07-18 20:26 - 2012-07-18 20:26 - 00000000 ____D C:\Users\Jessica\AppData\Local\Facebook

============ 3 Months Modified Files ========================

2012-08-15 20:09 - 2012-07-18 20:26 - 00006652 ____A C:\Windows\SysWOW64\debug.log

2012-08-15 20:09 - 2012-07-18 20:26 - 00006652 ____A C:\Windows\System32\debug.log

2012-08-15 20:07 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-15 20:07 - 2009-07-14 00:51 - 00071214 ____A C:\Windows\setupact.log

2012-08-15 19:47 - 2012-08-12 12:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-15 19:40 - 2011-06-28 09:42 - 01964987 ____A C:\Windows\WindowsUpdate.log

2012-08-15 18:42 - 2012-07-18 20:26 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-790799072-890783470-2514710844-1001UA.job

2012-08-14 22:22 - 2012-08-14 22:22 - 00029514 ____A C:\Users\Jessica\Desktop\DDS.txt

2012-08-14 22:22 - 2012-08-14 22:22 - 00009205 ____A C:\Users\Jessica\Desktop\Attach.txt

2012-08-14 22:04 - 2012-08-14 22:04 - 00004682 ____A C:\Users\Jessica\Desktop\RKreport[1].txt

2012-08-14 22:01 - 2012-08-14 22:01 - 00607260 ____R (Swearware) C:\Users\Jessica\Desktop\dds.com

2012-08-14 21:51 - 2011-04-02 00:17 - 00336842 ____A C:\Windows\PFRO.log

2012-08-14 21:31 - 2012-08-14 21:31 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-14 21:17 - 2012-08-14 21:17 - 00102400 ____A C:\Windows\RegBootClean.exe

2012-08-14 21:12 - 2012-08-14 21:12 - 00261034 ____A C:\Users\Jessica\AppData\Local\census.cache

2012-08-14 21:11 - 2012-08-14 21:11 - 00130361 ____A C:\Users\Jessica\AppData\Local\ars.cache

2012-08-14 20:58 - 2012-08-14 20:58 - 00000036 ____A C:\Users\Jessica\AppData\Local\housecall.guid.cache

2012-08-14 20:31 - 2012-07-18 20:26 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-790799072-890783470-2514710844-1001Core.job

2012-08-14 19:47 - 2012-08-12 12:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-14 19:47 - 2012-08-12 12:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-08-14 19:47 - 2011-10-16 17:01 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-14 19:47 - 2011-10-16 17:01 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-08-13 18:19 - 2012-08-13 18:19 - 00759236 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-08-13 18:19 - 2012-08-13 18:19 - 00759236 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-13 12:29 - 2011-09-26 10:26 - 00000258 _RASH C:\Users\All Users\ntuser.pol