another trojan.zeroaccess!inf infection

[mensreaj]

Here is the log from FRST, where do you get the fixlist.txt file?

Scan result of Farbar Recovery Scan Tool Version: 15-08-2012

Ran by SYSTEM at 15-08-2012 18:44:55

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-14] (IDT, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)

HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-17] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)

HKLM-x32\...\Run: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-08] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-08] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [377 2012-08-15] ()

HKLM-x32\...\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2010-10-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [623880 2008-11-18] (Intuit Inc. All rights reserved.)

HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [1838592 2012-05-30] (Google)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [] [x]

HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\Monique\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\Monique\...\Run: [smileboxTray] "C:\Users\Monique\AppData\Roaming\Smilebox\SmileboxTray.exe" [305000 2012-07-02] (Smilebox, Inc.)

HKU\Monique\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)

HKU\Monique\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-20] (Google Inc.)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)

==================== Services (Whitelisted) ======

3 GoogleDesktopManager; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [1838592 2012-05-30] (Google)

3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.)

2 N360; "C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)

2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2538520 2010-09-16] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [1385120 2012-08-10] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)

0 FixZeroAccess; C:\Windows\System32\Drivers\FixZeroAccess.sys [27256 2012-08-13] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120814.005\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120815.002\ENG64.SYS [120440 2012-08-13] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120815.002\EX64.SYS [2068600 2012-08-13] (Symantec Corporation)

1 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-11] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

3 BTMCOM; C:\Windows\System32\Drivers\btmcom.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-15 18:44 - 2012-08-15 18:44 - 00000000 ____D C:\FRST

2012-08-15 05:40 - 2012-08-15 05:40 - 00000000 ____D C:\Users\Monique\AppData\Local\{CFE8E5F9-831C-4D47-8809-071AD187BAB8}

2012-08-15 05:40 - 2012-08-15 05:40 - 00000000 ____D C:\Users\Monique\AppData\Local\{CA16BE58-C925-4268-8CC5-D6D6BC1AA7E3}

2012-08-15 05:00 - 2012-08-15 05:00 - 00003168 ____A C:\{123B6F19-A666-4551-A668-CAA7E00D7468}

2012-08-14 17:39 - 2012-08-14 17:40 - 00000000 ____D C:\Users\Monique\AppData\Local\{6F88AA30-C257-4543-A9BF-E5AC5BD0F58F}

2012-08-14 17:39 - 2012-08-14 17:39 - 00003168 ____A C:\{3BAC54F8-3071-4319-94CB-BA48C3C0AFA0}

2012-08-14 17:39 - 2012-08-14 17:39 - 00000000 ____D C:\Users\Monique\AppData\Local\{B35BB1B6-4237-41EF-B102-C89961693FA3}

2012-08-14 17:39 - 2012-08-14 17:39 - 00000000 ____D C:\Users\Monique\AppData\Local\{377216AC-3572-4146-85EA-1CB77A7D0487}

2012-08-14 17:39 - 2012-08-14 17:39 - 00000000 ____D C:\Users\Monique\AppData\Local\{109AA425-8747-4FE6-AA17-55B6A35F2BD4}

2012-08-14 04:32 - 2012-08-14 04:32 - 00000000 ____D C:\Users\Monique\AppData\Local\{E9C8A7A0-7E24-406E-B200-92806E0259C6}

2012-08-14 04:32 - 2012-08-14 04:32 - 00000000 ____D C:\Users\Monique\AppData\Local\{C27013F3-353C-481C-87B0-F8C8B6EAA4DF}

2012-08-14 04:32 - 2012-08-14 04:32 - 00000000 ____D C:\Users\Monique\AppData\Local\{23CFF996-BADD-457A-892E-3DB63A607563}

2012-08-14 04:31 - 2012-08-14 04:32 - 00000000 ____D C:\Users\Monique\AppData\Local\{CF30B4CD-6CE3-4A8A-AE09-0AB514A12B9B}

2012-08-13 16:31 - 2012-08-13 16:31 - 00000000 ____D C:\Users\Monique\AppData\Local\{63BB7C32-7C8C-4CFC-AD00-A3B88BE3A547}

2012-08-13 16:31 - 2012-08-13 16:31 - 00000000 ____D C:\Users\Monique\AppData\Local\{584579E8-9A50-4901-A072-A3D45361964D}

2012-08-13 16:31 - 2012-08-13 16:31 - 00000000 ____D C:\Users\Monique\AppData\Local\{2B58AE25-19AC-4969-AC80-03FF618A7DF0}

2012-08-13 16:31 - 2012-08-13 16:31 - 00000000 ____D C:\Users\Monique\AppData\Local\{22349BD1-016F-4679-93D8-C74F681B64B3}

2012-08-13 08:23 - 2012-08-13 08:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-08-13 04:10 - 2012-08-13 04:10 - 00000000 ____D C:\Users\Monique\AppData\Local\{D4AAC842-8203-4BE0-AD2C-60F7CB92ACF8}

2012-08-13 04:10 - 2012-08-13 04:10 - 00000000 ____D C:\Users\Monique\AppData\Local\{434C5CBA-C5B8-4ADB-B306-3F5ACFE753CF}

2012-08-13 03:09 - 2012-08-13 03:09 - 00000000 ____D C:\Firefox

2012-08-12 18:42 - 2012-08-12 18:42 - 00476976 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-12 18:42 - 2012-08-12 18:42 - 00157488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-12 18:42 - 2012-08-12 18:42 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-12 18:42 - 2012-08-12 18:42 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-12 18:42 - 2012-08-12 18:42 - 00000000 ____D C:\Program Files (x86)\Java

2012-08-12 18:39 - 2012-08-15 14:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-12 18:39 - 2012-08-15 03:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-12 18:39 - 2012-08-12 18:39 - 00000000 ____D C:\Users\All Users\McAfee

2012-08-12 18:32 - 2012-08-12 18:32 - 00266288 ____A C:\Windows\Minidump\081212-32807-01.dmp

2012-08-12 18:32 - 2012-08-12 18:32 - 00000000 ____D C:\Windows\Minidump

2012-08-12 18:31 - 2012-08-12 18:31 - 392428097 ____A C:\Windows\MEMORY.DMP

2012-08-12 16:33 - 2012-08-12 16:33 - 00000000 ____D C:\Users\Monique\Documents\BlackBerry

2012-08-12 16:32 - 2012-08-12 17:40 - 00000385 ____A C:\Users\Monique\AppData\Roaming\Rim.DesktopHelper.Exception.log

2012-08-12 16:32 - 2012-08-12 17:40 - 00000385 ____A C:\Users\Monique\AppData\Roaming\Rim.Desktop.Exception.log

2012-08-12 16:32 - 2012-08-12 16:36 - 00000000 ____D C:\Users\Monique\AppData\Local\Research In Motion

2012-08-12 16:32 - 2012-08-12 16:33 - 00000000 ____D C:\Users\Monique\AppData\Roaming\Research In Motion

2012-08-12 16:31 - 2012-08-12 16:31 - 00001803 ____A C:\Users\Monique\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2012-08-12 16:31 - 2012-08-12 16:31 - 00000000 ____D C:\Users\All Users\Research In Motion

2012-08-12 16:31 - 2012-08-12 16:31 - 00000000 ____D C:\Program Files (x86)\Research In Motion

2012-08-12 16:20 - 2012-08-12 16:25 - 118918232 ____A C:\Users\Monique\Desktop\710_b033_multilanguage.exe

2012-08-12 16:11 - 2012-08-12 16:11 - 01805736 ____A (Symantec Corporation) C:\Users\Monique\Desktop\FixZeroAccess.exe

2012-08-12 16:09 - 2012-08-12 16:10 - 00000000 ____D C:\Users\Monique\AppData\Local\{C2CF6FCF-16AE-4F80-B453-9AACF8547A83}

2012-08-12 16:09 - 2012-08-12 16:09 - 00000000 ____D C:\Users\Monique\AppData\Local\{492F193A-0303-41E8-94CD-85C767227F3B}

2012-08-12 11:05 - 2012-08-13 03:20 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys

2012-08-12 10:55 - 2012-08-12 10:55 - 00000000 ____D C:\Users\Monique\AppData\Roaming\Tific

2012-08-12 10:55 - 2012-08-12 10:55 - 00000000 ____D C:\Users\Monique\AppData\Local\Symantec

2012-08-12 03:28 - 2012-08-12 03:28 - 00000000 ____D C:\Users\Monique\AppData\Local\{C4A8872F-5818-4DB2-B914-6497A9DFCE51}

2012-08-12 03:28 - 2012-08-12 03:28 - 00000000 ____D C:\Users\Monique\AppData\Local\{B0DE44D7-5E82-4C7B-83B3-EF2692C35280}

2012-08-12 03:28 - 2012-08-12 03:28 - 00000000 ____D C:\Users\Monique\AppData\Local\{999FAF8B-B59D-455A-A3EA-922CE9C281E7}

2012-08-12 03:28 - 2012-08-12 03:28 - 00000000 ____D C:\Users\Monique\AppData\Local\{2FB927CD-D703-4694-9B36-9EA912CA3213}

2012-08-12 03:28 - 2012-08-12 03:28 - 00000000 ____D C:\Users\Monique\AppData\Local\{2961352C-2D09-42E0-BA40-99187F84229D}

2012-08-11 06:48 - 2012-08-11 06:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{881C2A9E-FDBB-488A-B4D8-058F0A47FCB9}

2012-08-11 06:48 - 2012-08-11 06:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{31567743-017D-4E92-BC70-E992A84FDCD6}

2012-08-11 06:48 - 2012-08-11 06:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{312D2445-F7E4-4B6A-A4A0-1502F41D43EE}

2012-08-11 06:48 - 2012-08-11 06:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{01002638-E09C-4A00-BEB4-5C81DD4FF2EB}

2012-08-10 18:47 - 2012-08-10 18:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{E5413BA9-B6A0-4ED7-BA10-2C4874BD8052}

2012-08-10 18:47 - 2012-08-10 18:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{81407932-1504-48C0-AD01-CCD6E1B437E0}

2012-08-10 18:47 - 2012-08-10 18:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{743E1958-514D-4FDA-9939-2ED03B0A9A26}

2012-08-10 18:47 - 2012-08-10 18:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{5C9537A6-67C9-45F5-A8D5-D74A7793E053}

2012-08-10 06:46 - 2012-08-10 06:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{C366AECA-AFDC-4B6A-B18A-E2C1FA3CE306}

2012-08-10 06:46 - 2012-08-10 06:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{9FCE81FF-1925-49C3-A184-DA376E010355}

2012-08-10 06:46 - 2012-08-10 06:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{77B64F34-D29D-4770-BBE6-6A0817B3EE59}

2012-08-10 06:46 - 2012-08-10 06:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{0C8A4970-1149-4743-9858-4AD35D70AF99}

2012-08-09 18:46 - 2012-08-09 18:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{EF88C307-7CD0-465B-9FDA-E65C6FAC7158}

2012-08-09 18:46 - 2012-08-09 18:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{227405C8-106C-46D2-BDF6-7234D387DA8F}

2012-08-09 18:45 - 2012-08-09 18:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{B32C635D-C736-4184-9441-F10ACCF0F50F}

2012-08-09 06:45 - 2012-08-09 06:45 - 00000000 ____D C:\Users\Monique\AppData\Local\{FD981B7E-BE65-4EA3-AE17-2C70CC5CABE2}

2012-08-09 06:45 - 2012-08-09 06:45 - 00000000 ____D C:\Users\Monique\AppData\Local\{9EB8A7C3-1EF1-499F-B083-0F056A6E2A60}

2012-08-08 18:45 - 2012-08-08 18:45 - 00000000 ____D C:\Users\Monique\AppData\Local\{D794B0BA-238B-4EEA-BA03-C095DDD8A5CA}

2012-08-08 18:45 - 2012-08-08 18:45 - 00000000 ____D C:\Users\Monique\AppData\Local\{CB5BB387-E93D-4580-8651-6D2FF9CAFF83}

2012-08-08 05:48 - 2012-08-08 05:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{C5BEB2AE-4000-4582-8000-BB9D94252E46}

2012-08-08 05:48 - 2012-08-08 05:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{B3D385E2-1AC1-430F-A2BA-9AF4B0AF27D2}

2012-08-08 05:48 - 2012-08-08 05:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{5AF1B3A6-9C89-4182-9C94-30A129081506}

2012-08-07 17:47 - 2012-08-07 17:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{C7F2DB8F-1A42-4CD1-BDE3-050C7ABB8BB5}

2012-08-07 17:47 - 2012-08-07 17:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{4BBCEB0B-193A-46D4-9A80-633E81B98B91}

2012-08-07 04:09 - 2012-08-07 04:10 - 00000000 ____D C:\Users\Monique\AppData\Local\{CA6E7F01-A32D-4C25-A144-35D2AF282CE2}

2012-08-07 04:09 - 2012-08-07 04:09 - 00000000 ____D C:\Users\Monique\AppData\Local\{8BBD536F-359B-4545-BE8E-CE8597934BA4}

2012-08-07 04:09 - 2012-08-07 04:09 - 00000000 ____D C:\Users\Monique\AppData\Local\{4BE506A2-5602-4CE7-BD9A-6E1E9D6A19B0}

2012-08-06 20:10 - 2012-08-07 09:53 - 00000000 ____D C:\Users\Monique\Documents\ZHANG

2012-08-06 16:09 - 2012-08-06 16:09 - 00000000 ____D C:\Users\Monique\AppData\Local\{58096B1F-52F6-45AD-896B-1414BEF81DE4}

2012-08-06 16:09 - 2012-08-06 16:09 - 00000000 ____D C:\Users\Monique\AppData\Local\{2B3FBB7A-C9C0-4B2A-B927-74EACEDA44DC}

2012-08-06 04:08 - 2012-08-06 04:09 - 00000000 ____D C:\Users\Monique\AppData\Local\{1B4309E8-89C4-4BF8-A466-82F4F5B0DDD9}

2012-08-06 04:08 - 2012-08-06 04:08 - 00000000 ____D C:\Users\Monique\AppData\Local\{DA76552F-4599-4FB2-A32B-7D9671BC1D2F}

2012-08-05 16:08 - 2012-08-05 16:08 - 00000000 ____D C:\Users\Monique\AppData\Local\{CEEB863C-F9A2-4672-9759-E59C71F0181E}

2012-08-05 16:08 - 2012-08-05 16:08 - 00000000 ____D C:\Users\Monique\AppData\Local\{3485996C-C27A-41EA-A45B-F13EFBE5C201}

2012-08-05 16:08 - 2012-08-05 16:08 - 00000000 ____D C:\Users\Monique\AppData\Local\{011E56D6-D51B-4284-BB95-A74C649205BC}

2012-08-05 16:07 - 2012-08-05 16:08 - 00000000 ____D C:\Users\Monique\AppData\Local\{8E8B57A4-7ED2-4D14-8CF1-E65A3E194178}

2012-08-05 16:07 - 2012-08-05 16:07 - 00000000 ____D C:\Users\Monique\AppData\Local\{DEACD32E-F229-4FE8-B685-E8FBE6744A03}

2012-08-05 04:07 - 2012-08-05 04:07 - 00000000 ____D C:\Users\Monique\AppData\Local\{9D13893E-4650-4C41-AD87-603D62C4D604}

2012-08-05 04:07 - 2012-08-05 04:07 - 00000000 ____D C:\Users\Monique\AppData\Local\{7AD9223E-270C-4103-8261-CE2577AE3DC0}

2012-08-05 04:07 - 2012-08-05 04:07 - 00000000 ____D C:\Users\Monique\AppData\Local\{63B7FC0F-AADC-4612-99FB-4FE7D45DE644}

2012-08-05 04:07 - 2012-08-05 04:07 - 00000000 ____D C:\Users\Monique\AppData\Local\{5F62F464-D981-45CB-8C68-AC506A67E428}

2012-08-04 07:11 - 2012-08-04 07:11 - 00000000 ____D C:\Users\Monique\AppData\Local\{793FA987-F221-4E38-AD4A-E8CA952A17E9}

2012-08-04 07:11 - 2012-08-04 07:11 - 00000000 ____D C:\Users\Monique\AppData\Local\{27CB7BFE-5255-4B41-B3D5-D116A9585C70}

2012-08-04 07:11 - 2012-08-04 07:11 - 00000000 ____D C:\Users\Monique\AppData\Local\{0143A63A-0D13-4458-ABA1-D56381D1DB18}

2012-08-04 07:10 - 2012-08-04 07:11 - 00000000 ____D C:\Users\Monique\AppData\Local\{9279BC96-2872-4362-B1BE-DF77814923A3}

2012-08-03 19:10 - 2012-08-03 19:10 - 00000000 ____D C:\Users\Monique\AppData\Local\{E729C318-6B3B-4507-BACE-F718360A5F86}

2012-08-03 19:10 - 2012-08-03 19:10 - 00000000 ____D C:\Users\Monique\AppData\Local\{7FF707D7-BDA1-4D51-8158-295BCC6BF25D}

2012-08-03 19:10 - 2012-08-03 19:10 - 00000000 ____D C:\Users\Monique\AppData\Local\{721D2064-CF18-4352-920B-15C42FB96282}

2012-08-03 19:10 - 2012-08-03 19:10 - 00000000 ____D C:\Users\Monique\AppData\Local\{1087DE1E-31C1-4920-A88B-6E159B6BB179}

2012-08-03 07:10 - 2012-08-03 07:10 - 00000000 ____D C:\Users\Monique\AppData\Local\{0E7F08F2-7212-4D11-937C-0351EDAFB30E}

2012-08-03 07:09 - 2012-08-03 07:10 - 00000000 ____D C:\Users\Monique\AppData\Local\{B3FA3A15-69E9-4FD9-AD32-883504437292}

2012-08-03 07:09 - 2012-08-03 07:09 - 00000000 ____D C:\Users\Monique\AppData\Local\{E6E297CD-994E-4046-8B6D-482DC521D179}

2012-08-03 07:09 - 2012-08-03 07:09 - 00000000 ____D C:\Users\Monique\AppData\Local\{7E4FC072-DEDD-4117-9237-4F4DA23538A9}

2012-08-02 17:55 - 2012-08-02 17:55 - 00000000 ____D C:\Users\Monique\AppData\Local\{6FAA2F48-D7F6-4B4B-AD39-C40E95C7501A}

2012-08-02 17:55 - 2012-08-02 17:55 - 00000000 ____D C:\Users\Monique\AppData\Local\{6710CF78-1A09-4795-8970-4F358D6E076F}

2012-08-02 17:55 - 2012-08-02 17:55 - 00000000 ____D C:\Users\Monique\AppData\Local\{4FC87E9D-2E19-4AA0-9A90-E4DE32BF88AB}

2012-08-02 17:55 - 2012-08-02 17:55 - 00000000 ____D C:\Users\Monique\AppData\Local\{3D3A8F8B-2A12-4BE0-87E3-67E4FA98F06E}

2012-08-02 05:55 - 2012-08-02 05:55 - 00000000 ____D C:\Users\Monique\AppData\Local\{BC3D60A5-DB6D-4B97-93CA-B23434CFAA54}

2012-08-02 05:54 - 2012-08-02 05:55 - 00000000 ____D C:\Users\Monique\AppData\Local\{899B7AD0-F2A2-4BB0-A381-B415B1C8A4AC}

2012-08-02 05:54 - 2012-08-02 05:54 - 00000000 ____D C:\Users\Monique\AppData\Local\{6EB5938E-AB22-40A7-8C4C-2B04353403F5}

2012-08-02 05:54 - 2012-08-02 05:54 - 00000000 ____D C:\Users\Monique\AppData\Local\{63A1ABBB-45DD-4FAD-AEF6-633E636681DC}

2012-08-01 17:54 - 2012-08-01 17:54 - 00000000 ____D C:\Users\Monique\AppData\Local\{C10719B2-0C1B-409F-B083-7DDC22355675}

2012-08-01 17:54 - 2012-08-01 17:54 - 00000000 ____D C:\Users\Monique\AppData\Local\{7A053B36-03A3-46B1-868B-32ABCF2771C8}

2012-08-01 17:54 - 2012-08-01 17:54 - 00000000 ____D C:\Users\Monique\AppData\Local\{6BBB87BE-74C3-46A8-AFB3-2271DDB135F0}

2012-08-01 17:53 - 2012-08-01 17:54 - 00000000 ____D C:\Users\Monique\AppData\Local\{F8E817D7-571C-4F88-ABCE-F3FFA3BE7C60}

2012-08-01 05:49 - 2012-08-01 05:50 - 00000000 ____D C:\Users\Monique\AppData\Local\{6955BA0F-A6F3-4462-A717-EF17C0265043}

2012-08-01 05:49 - 2012-08-01 05:49 - 00000000 ____D C:\Users\Monique\AppData\Local\{1FF7E9BF-2C96-44B0-88BB-59D3807F5544}

2012-07-31 17:49 - 2012-07-31 17:49 - 00000000 ____D C:\Users\Monique\AppData\Local\{4A7C82B9-42D0-4145-838D-ADF75B5541B1}

2012-07-31 17:49 - 2012-07-31 17:49 - 00000000 ____D C:\Users\Monique\AppData\Local\{2FB6D03A-7D01-4B99-886E-CC93B3E1A0F1}

2012-07-31 05:48 - 2012-07-31 05:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{C641E062-9CB6-48A0-AAC3-695D427375B2}

2012-07-31 05:48 - 2012-07-31 05:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{8126A488-E733-4A93-B3D2-B09D68F2E201}

2012-07-31 05:48 - 2012-07-31 05:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{6A80AB40-7976-400D-A6E2-B5C191BCB0B9}

2012-07-31 05:48 - 2012-07-31 05:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{35A6EC28-C5F4-47F7-BE5E-E80828099BDE}

2012-07-31 02:35 - 2012-07-31 02:35 - 00192972 ____A C:\Users\Monique\Desktop\brownleestarr.dat

2012-07-30 17:57 - 2012-07-30 17:57 - 00192972 ____A C:\Users\Monique\Downloads\winmail.dat

2012-07-30 17:48 - 2012-07-30 17:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{3C3B058B-C529-403A-A945-23B48DBC5716}

2012-07-30 17:47 - 2012-07-30 17:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{5C5DAF0D-31EE-4E14-B01B-31F0BAC06A24}

2012-07-30 17:47 - 2012-07-30 17:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{A53B75B5-E035-4B60-9DE6-47D83FF382B5}

2012-07-30 17:43 - 2012-07-30 17:43 - 00192972 ____A C:\Users\Monique\Desktop\winmail.dat

2012-07-30 12:41 - 2012-07-30 12:48 - 00000000 ____D C:\Users\All Users\WordPerfect Office X6

2012-07-30 05:47 - 2012-07-30 05:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{CD8EFF29-7158-4578-A54F-72D09CC81E2D}

2012-07-30 05:47 - 2012-07-30 05:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{51B6D300-63F5-420B-ADB3-912D3D734FD9}

2012-07-29 17:47 - 2012-07-29 17:47 - 00000000 ____D C:\Users\Monique\AppData\Local\{72A0918A-91B5-4606-86C5-94EBCC9C36EB}

2012-07-29 17:46 - 2012-07-29 17:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{45449AA8-8397-4560-8A33-0DB0EBF458A9}

2012-07-29 12:39 - 2012-07-29 12:39 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-07-29 05:46 - 2012-07-29 05:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{CC0467F0-EABB-475B-A063-466BAB3AFD5A}

2012-07-29 05:46 - 2012-07-29 05:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{73746EAC-4CDE-4ECB-8CDA-D992F163DA36}

2012-07-29 05:46 - 2012-07-29 05:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{02830DA5-B7C3-4A65-8367-7909A9553762}

2012-07-28 17:45 - 2012-07-28 17:46 - 00000000 ____D C:\Users\Monique\AppData\Local\{A8689681-C138-4965-9AAD-D761F00CA123}

2012-07-28 17:45 - 2012-07-28 17:45 - 00000000 ____D C:\Users\Monique\AppData\Local\{C658B886-282F-4343-93F4-21E3AB5FFA49}

2012-07-28 17:45 - 2012-07-28 17:45 - 00000000 ____D C:\Users\Monique\AppData\Local\{38887A10-47F8-4F2F-9AC5-D7380E7162EC}

2012-07-28 05:45 - 2012-07-28 05:45 - 00000000 ____D C:\Users\Monique\AppData\Local\{DA922176-4306-465D-8A33-931BCB34AAC0}

2012-07-28 05:45 - 2012-07-28 05:45 - 00000000 ____D C:\Users\Monique\AppData\Local\{C03B43ED-6FE3-45A1-8173-F77702384572}

2012-07-27 17:44 - 2012-07-27 17:45 - 00000000 ____D C:\Users\Monique\AppData\Local\{3D0F7A6C-85C0-42E9-980B-6AAA01FE9EBE}

2012-07-27 17:44 - 2012-07-27 17:44 - 00000000 ____D C:\Users\Monique\AppData\Local\{73C6C581-0956-4DC8-AA14-46CD0796E62B}

2012-07-27 05:44 - 2012-07-27 05:44 - 00000000 ____D C:\Users\Monique\AppData\Local\{EBDCC0CF-8860-439B-B336-0401D4B740FA}

2012-07-27 05:44 - 2012-07-27 05:44 - 00000000 ____D C:\Users\Monique\AppData\Local\{BC161F4A-868C-42C7-BE9B-1758E985D744}

2012-07-26 17:44 - 2012-07-26 17:44 - 00000000 ____D C:\Users\Monique\AppData\Local\{C1897700-680F-4A71-B8DF-37415C0BC315}

2012-07-26 17:44 - 2012-07-26 17:44 - 00000000 ____D C:\Users\Monique\AppData\Local\{85B7512E-8FB7-46E9-83F3-90FEFF02491A}

2012-07-26 05:43 - 2012-07-26 05:43 - 00000000 ____D C:\Users\Monique\AppData\Local\{A81453DF-CDD2-488E-8B22-AA7D46C05621}

2012-07-26 05:43 - 2012-07-26 05:43 - 00000000 ____D C:\Users\Monique\AppData\Local\{1CD118A1-206D-4A48-9F60-41C583C627C9}

2012-07-24 19:49 - 2012-07-24 19:50 - 00000000 ____D C:\Users\Monique\AppData\Local\{38C68920-C1DE-4F33-B5A6-6610B4B9AC3E}

2012-07-24 19:49 - 2012-07-24 19:49 - 00000000 ____D C:\Users\Monique\AppData\Local\{33744094-A46B-40E9-9383-2D2749F40826}

2012-07-24 16:55 - 2012-07-24 16:55 - 00001104 ____A C:\Users\Monique\Desktop\2010-09-04 - Shortcut.lnk

2012-07-24 16:48 - 2012-07-24 16:48 - 00000000 ____D C:\Users\Monique\Documents\oldcomputer

2012-07-24 07:49 - 2012-07-24 07:49 - 00000000 ____D C:\Users\Monique\AppData\Local\{5778DDF4-8EF3-4BDA-8090-C0BE54F1A130}

2012-07-24 07:49 - 2012-07-24 07:49 - 00000000 ____D C:\Users\Monique\AppData\Local\{3D181DBF-4167-427E-A1B0-861F1063AAB9}

2012-07-24 07:49 - 2012-07-24 07:49 - 00000000 ____D C:\Users\Monique\AppData\Local\{04A78C37-41D3-4329-8467-B9507FFAB051}

2012-07-24 07:48 - 2012-07-24 07:49 - 00000000 ____D C:\Users\Monique\AppData\Local\{7251C82E-3154-42F3-BA19-307E1F4CDA61}

2012-07-24 07:48 - 2012-07-24 07:48 - 00000000 ____D C:\Users\Monique\AppData\Local\{BD2859E8-783B-470D-9EB6-DD017D96980F}

2012-07-23 19:06 - 2012-07-23 19:06 - 00000000 ____D C:\Users\Monique\AppData\Local\{F9DD02F2-8086-430F-B69E-257FB63992DE}

2012-07-23 19:06 - 2012-07-23 19:06 - 00000000 ____D C:\Users\Monique\AppData\Local\{8958B1CE-5FA3-48D6-8037-DFA57E094E17}

2012-07-23 07:16 - 2012-07-23 07:16 - 00000000 ____D C:\Users\Monique\AppData\Local\{7D46D745-A4C4-4D1C-AD67-C2BC02A2834E}

2012-07-23 07:16 - 2012-07-23 07:16 - 00000000 ____D C:\Users\Monique\AppData\Local\{70CFAD9E-6B59-44BA-8300-57828C816D5C}

2012-07-22 19:16 - 2012-07-22 19:16 - 00000000 ____D C:\Users\Monique\AppData\Local\{9B6751D5-AB88-4536-B0AC-BB35F9740D0C}

2012-07-22 19:16 - 2012-07-22 19:16 - 00000000 ____D C:\Users\Monique\AppData\Local\{293F9419-AC2A-4366-8CE6-F8CF9212B2D1}

2012-07-22 05:30 - 2012-07-22 05:30 - 00000000 ____D C:\Users\Monique\AppData\Local\{D061D694-E2C6-4A83-84DB-435B3ABA3A5A}

2012-07-22 05:30 - 2012-07-22 05:30 - 00000000 ____D C:\Users\Monique\AppData\Local\{579B4726-394E-4C52-9BAE-121F11B4A671}

2012-07-22 05:30 - 2012-07-22 05:30 - 00000000 ____D C:\Users\Monique\AppData\Local\{24A121C6-81D0-4957-BD2C-3CCF865F7A03}

2012-07-22 05:29 - 2012-07-22 05:30 - 00000000 ____D C:\Users\Monique\AppData\Local\{4ECA1DA7-4013-4F84-9840-F7B772754FC3}

2012-07-21 17:16 - 2012-07-21 17:16 - 00000000 ____D C:\Users\Monique\AppData\Local\{716957EB-863E-4727-A8FF-17C12938CF3B}

2012-07-21 17:15 - 2012-07-21 17:16 - 00000000 ____D C:\Users\Monique\AppData\Local\{A7218AC6-6C40-409D-97CB-A93D81ED54A7}

2012-07-21 17:15 - 2012-07-21 17:15 - 00000000 ____D C:\Users\Monique\AppData\Local\{2A5531DA-3D9A-4EE1-AF6C-F3365752F24B}

2012-07-21 02:56 - 2012-07-21 02:56 - 00000000 ____D C:\Users\Monique\AppData\Local\{A51FB107-6B85-4898-9A21-0EDD1CA8962E}

2012-07-21 02:55 - 2012-07-21 02:56 - 00000000 ____D C:\Users\Monique\AppData\Local\{F3AD2BD5-C3FC-465B-BFB0-73F215A2833B}

2012-07-20 09:13 - 2012-07-20 09:13 - 00000000 ____D C:\Users\Monique\AppData\Local\{C7884916-DC77-4B59-97A5-5EB88E238891}

2012-07-20 09:13 - 2012-07-20 09:13 - 00000000 ____D C:\Users\Monique\AppData\Local\{B37FF635-381D-4151-B641-05B01A4CCE50}

2012-07-19 21:12 - 2012-07-19 21:13 - 00000000 ____D C:\Users\Monique\AppData\Local\{5A71FAB3-41AF-4848-A995-8FBF57861ACA}

2012-07-19 02:42 - 2012-07-19 21:12 - 00000000 ____D C:\Users\Monique\AppData\Local\{C4D77FF0-266A-4557-9DA3-745D3B1ADB96}

2012-07-19 02:42 - 2012-07-19 02:43 - 00000000 ____D C:\Users\Monique\AppData\Local\{8142837E-E251-4936-B776-9AF108E317B6}

2012-07-18 07:17 - 2012-07-18 07:17 - 00000000 ____D C:\Users\Monique\AppData\Local\{2C616802-52F2-4118-89B3-8B75F5559FFE}

2012-07-18 07:17 - 2012-07-18 07:17 - 00000000 ____D C:\Users\Monique\AppData\Local\{1FF29444-1879-416B-A7EC-C9DD2B9EBFE8}

2012-07-17 18:37 - 2012-07-17 18:37 - 00000000 ____D C:\Users\Monique\AppData\Local\{E33D93A2-B4AD-475B-BE66-5F5A4A13A0F5}

2012-07-17 18:37 - 2012-07-17 18:37 - 00000000 ____D C:\Users\Monique\AppData\Local\{004D0B1E-B1C8-4E62-8896-1D298520B62C}

2012-07-17 13:49 - 2012-07-17 13:49 - 00002122 ____A C:\Users\Monique\Desktop\AVERYHOUSE - Shortcut.lnk

2012-07-17 06:37 - 2012-07-17 06:37 - 00000000 ____D C:\Users\Monique\AppData\Local\{D34D936B-2CF3-415E-80C1-B32D1A738ECD}

2012-07-17 06:36 - 2012-07-17 06:37 - 00000000 ____D C:\Users\Monique\AppData\Local\{55A0C32E-347F-47EE-95AA-7F3FCF057187}

2012-07-16 18:36 - 2012-07-16 18:36 - 00000000 ____D C:\Users\Monique\AppData\Local\{2DA79351-5C20-4CC7-B516-93E477F01926}

2012-07-16 18:36 - 2012-07-16 18:36 - 00000000 ____D C:\Users\Monique\AppData\Local\{2D3A2232-9061-4EE9-A39D-517BA7F5F6C5}

2012-07-16 15:14 - 2012-07-16 15:14 - 00000000 ____D C:\Users\Monique\Documents\BENNETT

2012-07-16 15:12 - 2012-07-16 15:12 - 00000000 ____D C:\Users\Monique\Documents\FLOOD,PATRICK

2012-07-16 06:30 - 2012-07-16 06:30 - 00000000 ____D C:\Users\Monique\AppData\Local\{B87F1F72-5D31-4983-A2C4-E9A35866591D}

2012-07-16 06:30 - 2012-07-16 06:30 - 00000000 ____D C:\Users\Monique\AppData\Local\{81902F57-A65C-47EF-9364-99500AAFB37C}

============ 3 Months Modified Files ========================

2012-08-15 14:41 - 2011-07-15 12:29 - 01296879 ____A C:\Windows\WindowsUpdate.log

2012-08-15 14:41 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-15 14:41 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-15 14:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-15 14:36 - 2009-07-13 20:51 - 00050163 ____A C:\Windows\setupact.log

2012-08-15 14:27 - 2011-12-20 13:03 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-15 14:13 - 2009-07-13 21:08 - 00022802 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-15 14:10 - 2012-08-12 18:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-15 14:10 - 2011-12-20 13:03 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-15 05:00 - 2012-08-15 05:00 - 00003168 ____A C:\{123B6F19-A666-4551-A668-CAA7E00D7468}

2012-08-15 03:42 - 2012-08-12 18:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-15 03:42 - 2011-10-03 15:56 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-14 17:39 - 2012-08-14 17:39 - 00003168 ____A C:\{3BAC54F8-3071-4319-94CB-BA48C3C0AFA0}

2012-08-13 10:26 - 2012-02-06 11:38 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForMonique.job

2012-08-13 10:25 - 2011-09-13 05:30 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2012-08-13 05:41 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-13 03:20 - 2012-08-12 11:05 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys

2012-08-13 03:20 - 2010-11-20 19:47 - 00945508 ____A C:\Windows\PFRO.log

2012-08-12 18:42 - 2012-08-12 18:42 - 00476976 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-12 18:42 - 2012-08-12 18:42 - 00157488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-12 18:42 - 2012-08-12 18:42 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-12 18:42 - 2012-08-12 18:42 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-12 18:42 - 2012-02-04 10:35 - 00472880 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-08-12 18:32 - 2012-08-12 18:32 - 00266288 ____A C:\Windows\Minidump\081212-32807-01.dmp

2012-08-12 18:31 - 2012-08-12 18:31 - 392428097 ____A C:\Windows\MEMORY.DMP

2012-08-12 17:40 - 2012-08-12 16:32 - 00000385 ____A C:\Users\Monique\AppData\Roaming\Rim.DesktopHelper.Exception.log

2012-08-12 17:40 - 2012-08-12 16:32 - 00000385 ____A C:\Users\Monique\AppData\Roaming\Rim.Desktop.Exception.log

2012-08-12 16:31 - 2012-08-12 16:31 - 00001803 ____A C:\Users\Monique\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2012-08-12 16:25 - 2012-08-12 16:20 - 118918232 ____A C:\Users\Monique\Desktop\710_b033_multilanguage.exe

2012-08-12 16:11 - 2012-08-12 16:11 - 01805736 ____A (Symantec Corporation) C:\Users\Monique\Desktop\FixZeroAccess.exe

2012-07-31 02:35 - 2012-07-31 02:35 - 00192972 ____A C:\Users\Monique\Desktop\brownleestarr.dat

2012-07-30 17:57 - 2012-07-30 17:57 - 00192972 ____A C:\Users\Monique\Downloads\winmail.dat

2012-07-30 17:43 - 2012-07-30 17:43 - 00192972 ____A C:\Users\Monique\Desktop\winmail.dat

2012-07-24 16:55 - 2012-07-24 16:55 - 00001104 ____A C:\Users\Monique\Desktop\2010-09-04 - Shortcut.lnk

2012-07-23 10:20 - 2011-11-07 14:06 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2012-07-17 13:49 - 2012-07-17 13:49 - 00002122 ____A C:\Users\Monique\Desktop\AVERYHOUSE - Shortcut.lnk

2012-07-12 04:01 - 2009-07-13 20:45 - 00321672 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-12 03:42 - 2012-07-12 03:41 - 00265510 ____A C:\Windows\msxml4-KB2721691-enu.LOG

2012-07-12 03:38 - 2012-01-17 14:16 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll

2012-06-19 20:56 - 2011-04-18 11:47 - 00000963 ____A C:\Windows\DirectX.log

2012-06-18 11:22 - 2011-07-15 12:31 - 00024215 ____A C:\Windows\System32\RaCoInst.log

2012-06-14 04:04 - 2011-09-11 17:13 - 00002377 ____A C:\Users\Public\Desktop\Norton 360.lnk

2012-06-11 19:08 - 2012-07-12 03:42 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-11 03:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-11 03:44 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-05 22:06 - 2012-07-11 03:44 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-11 03:44 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-11 03:44 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-11 03:44 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-11 03:44 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-11 03:44 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-03 19:22 - 2012-06-03 19:22 - 00009033 ____A C:\Users\Monique\Documents\expenses.xlsx

2012-06-02 14:19 - 2012-06-22 01:36 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-22 01:36 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-22 01:36 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-22 01:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-22 01:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-22 01:36 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-22 01:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-06-22 01:35 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:15 - 2012-06-22 01:35 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-12 03:07 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-12 03:07 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-12 03:07 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-12 03:07 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-12 03:07 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-12 03:07 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-12 03:07 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-12 03:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-12 03:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-12 03:07 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-12 03:07 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-12 03:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-12 03:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-12 03:07 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-12 03:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-12 03:07 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-12 03:07 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-12 03:07 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-12 03:07 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-12 03:07 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-12 03:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-12 03:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-12 03:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-12 03:07 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-12 03:07 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-12 03:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-12 03:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-12 03:07 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-11 03:44 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-11 03:44 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-11 03:44 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-11 03:44 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-11 03:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-11 03:44 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-11 03:44 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-11 03:44 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-11 03:44 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-30 09:42 - 2012-05-30 09:42 - 00001286 ____A C:\Users\Public\Desktop\Google Desktop.lnk

2012-05-30 09:42 - 2011-09-11 14:09 - 00072728 ____A C:\Users\Monique\AppData\Local\GDIPFONTCACHEV1.DAT

2012-05-30 09:31 - 2012-05-30 09:31 - 00002153 ____A C:\Users\Public\Desktop\QuickBooks EasyStart 2010.lnk

2012-05-30 09:31 - 2012-05-30 09:31 - 00001248 ____A C:\Users\Public\Desktop\Create a Website.lnk

2012-05-30 09:31 - 2012-05-30 09:31 - 00001234 ____A C:\Users\Public\Desktop\Cheques & More for QuickBooks.lnk

2012-05-30 09:31 - 2012-05-30 09:31 - 00001216 ____A C:\Users\Public\Desktop\Support for QuickBooks.lnk

2012-05-30 09:31 - 2012-05-30 09:24 - 00000095 ____A C:\Windows\QBChanUtil_Trigger.ini

ZeroAccess:

C:\Windows\Installer\{a1124f12-5bea-586e-5374-697b8877f7b9}

C:\Windows\Installer\{a1124f12-5bea-586e-5374-697b8877f7b9}\@

C:\Windows\Installer\{a1124f12-5bea-586e-5374-697b8877f7b9}\L

C:\Windows\Installer\{a1124f12-5bea-586e-5374-697b8877f7b9}\U

C:\Windows\Installer\{a1124f12-5bea-586e-5374-697b8877f7b9}\L\201d3dde

C:\Windows\Installer\{a1124f12-5bea-586e-5374-697b8877f7b9}\U\00000008.@

C:\Windows\Installer\{a1124f12-5bea-586e-5374-697b8877f7b9}\U\80000032.@

C:\Windows\Installer\{a1124f12-5bea-586e-5374-697b8877f7b9}\U\80000064.@

ZeroAccess:

C:\Users\Monique\AppData\Local\{a1124f12-5bea-586e-5374-697b8877f7b9}

C:\Users\Monique\AppData\Local\{a1124f12-5bea-586e-5374-697b8877f7b9}\@

C:\Users\Monique\AppData\Local\{a1124f12-5bea-586e-5374-697b8877f7b9}\L

C:\Users\Monique\AppData\Local\{a1124f12-5bea-586e-5374-697b8877f7b9}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%

Total physical RAM: 5941.86 MB

Available physical RAM: 5119.48 MB

Total Pagefile: 5940.01 MB

Available Pagefile: 5114.76 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:580.4 GB) (Free:513.78 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:15.48 GB) (Free:1.68 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

5 Drive h: () (Removable) (Total:3.76 GB) (Free:3.75 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 596 GB 0 B

Disk 1 Online 3855 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 580 GB 200 MB

Partition 3 Primary 15 GB 580 GB

Partition 4 Primary 103 MB 596 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 580 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 15 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

* Partition 1 Primary 3855 MB 0 B

==================================================================================

Disk: 1

There is no partition selected.

There is no partition selected.

Please select a partition and try again.

==================================================================================

Last Boot: 2012-08-08 07:08

======================= End Of Log ==========================

[mensreaj]

Here is the search.txt

Farbar Recovery Scan Tool Version: 15-08-2012

Ran by SYSTEM at 2012-08-15 18:48:23

Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

[mensreaj]

Should my fixlist.txt look like this:

C:\Windows\Installer\{a1124f12-5bea-586e-5374-697b8877f7b9}

C:\Users\Monique\AppData\Local\{a1124f12-5bea-586e-5374-697b8877f7b9}

C:\Windows\assembly\GAC_32\Desktop.ini

C:\Windows\assembly\GAC_64\Desktop.ini

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

[MrCharlie]

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

[mensreaj]

Wow, thanks!!

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012

Ran by SYSTEM at 2012-08-15 19:36:18 Run:1

Running from H:\

==============================================

C:\Windows\Installer\{a1124f12-5bea-586e-5374-697b8877f7b9} moved successfully.

C:\Users\Monique\AppData\Local\{a1124f12-5bea-586e-5374-697b8877f7b9} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

[MrCharlie]

Before we move on.......

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[mensreaj]

wow, your service is great!!

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode

User: Monique [Admin rights]

Mode: Scan -- Date: 08/15/2012 20:03:04

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Users\Monique\AppData\Roaming\Smilebox\SmileboxTray.exe") -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1051989438-288514822-56840039-1000[...]\Run : SmileboxTray ("C:\Users\Monique\AppData\Roaming\Smilebox\SmileboxTray.exe") -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-60HXZT1 +++++

--- User ---

[MBR] 7582ffcd993bf86a8cc4961d005bb191

[bSP] a0f566e8374670946c5973e0ec0e4787 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 594329 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1217595392 | Size: 15847 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 16a37e168314fe967f395a0afdff5ff4

[bSP] a0f566e8374670946c5973e0ec0e4787 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo

1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo

2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo

3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 20000 Mo

+++++ PhysicalDrive1: Imation USB Flash Drive USB Device +++++

--- User ---

[MBR] 67473aeba226df5c05fa69ae3e9dd124

[bSP] 511ad4d60b7c9cf5f463af2ec78e0cf9 : MBR Code unknown

Partition table:

0 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo

1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo

2 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo

3 - [XXXXXX] UNKNOWN (0x0d) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[mensreaj]

It came up with all unsigned files, no malware. How do I attach a file?

20:39:00.0969 1300 ============================================================

20:39:00.0969 1300 Scan finished

20:39:00.0969 1300 ============================================================

20:39:00.0969 1428 Detected object count: 5

20:39:00.0969 1428 Actual detected object count: 5

20:39:21.0156 1428 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user

20:39:21.0156 1428 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:39:21.0156 1428 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user

20:39:21.0156 1428 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:39:21.0187 1428 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user

20:39:21.0187 1428 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:39:21.0202 1428 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

20:39:21.0202 1428 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:39:21.0218 1428 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

20:39:21.0218 1428 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

[MrCharlie]

Don't attach logs, just post them.

~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[mensreaj]

It's running combofix now but saying Norton 360 is running. I'm in safe mode and don't see any processes running for norton and in services for norton it shows it as stopped.

[MrCharlie]

Try it like this......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

[mensreaj]

K, got a fresh copy, deleted old combofix on desktop, put fresh copy on desktop and run as you instructed in start -> run and it still warns me that norton 360 is active.

btw, I did reboot into safe mode again too

should I continue?

[MrCharlie]

As long as Norton is disabled it's OK to run ComboFix, MrC

[mensreaj]

Here is the combofix log:

ComboFix 12-08-15.01 - Monique 15/08/2012 21:07:21.3.4 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5942.5198 [GMT -4:00]

Running from: c:\users\Monique\Desktop\combofix.exe

Command switches used :: /nombr

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))

.

.

2012-08-16 02:44 . 2012-08-16 02:44 -------- d-----w- C:\FRST

2012-08-16 01:12 . 2012-08-16 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-13 16:23 . 2012-08-13 16:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-13 11:09 . 2012-08-13 11:09 -------- d-----w- C:\Firefox

2012-08-13 02:42 . 2012-08-13 02:42 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-08-13 02:42 . 2012-08-13 02:42 -------- d-----w- c:\program files (x86)\Java

2012-08-13 02:39 . 2012-08-13 02:39 -------- d-----w- c:\programdata\McAfee

2012-08-13 02:39 . 2012-08-15 11:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-13 00:32 . 2012-08-13 00:36 -------- d-----w- c:\users\Monique\AppData\Local\Research In Motion

2012-08-13 00:32 . 2012-08-13 00:33 -------- d-----w- c:\users\Monique\AppData\Roaming\Research In Motion

2012-08-13 00:31 . 2012-08-13 00:31 -------- d-----w- c:\programdata\Research In Motion

2012-08-13 00:31 . 2012-08-13 06:30 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM

2012-08-13 00:31 . 2012-08-13 06:30 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion

2012-08-13 00:31 . 2012-08-13 00:31 -------- d-----w- c:\program files (x86)\Research In Motion

2012-08-12 19:05 . 2012-08-13 11:20 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-08-12 18:55 . 2012-08-12 18:55 -------- d-----w- c:\users\Monique\AppData\Roaming\Tific

2012-08-12 18:55 . 2012-08-12 18:55 -------- d-----w- c:\users\Monique\AppData\Local\Symantec

2012-07-30 20:41 . 2012-07-30 20:48 -------- d-----w- c:\programdata\WordPerfect Office X6

2012-07-29 20:39 . 2012-07-29 20:39 -------- d-----w- c:\program files (x86)\QuickTime

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 11:42 . 2011-10-03 23:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-13 02:42 . 2012-02-04 18:35 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-12 11:38 . 2012-01-17 22:16 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-12 03:08 . 2012-07-12 11:42 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 11:44 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 11:44 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 11:44 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 11:44 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 11:44 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 11:44 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 11:44 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-22 09:35 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 09:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 09:36 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 09:36 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 09:35 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 09:36 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 09:35 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 09:35 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 09:35 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-12 11:07 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-12 11:07 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-12 11:07 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-12 11:07 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-12 11:07 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-12 11:07 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-12 11:07 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-12 11:07 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-12 11:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-12 11:07 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-12 11:07 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-12 11:07 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-12 11:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-12 11:07 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-12 11:07 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-12 11:07 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-12 11:07 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-12 11:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-12 11:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-11 11:44 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 11:44 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 11:44 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 11:44 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 11:44 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 11:44 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 11:44 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 11:44 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 11:44 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-15_23.57.03 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-08-15 23:46 . 2012-08-15 23:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-16 01:01 . 2012-08-16 01:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-16 01:01 . 2012-08-16 01:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-15 23:46 . 2012-08-15 23:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]

"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\SmileBox_EN\prxtbSmil.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]

"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmileboxTray"="c:\users\Monique\AppData\Roaming\Smilebox\SmileboxTray.exe" [2012-07-02 305000]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-18 318520]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]

"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]

"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]

"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]

"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]

"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]

"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]

"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2012-05-30 1838592]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-8-20 984344]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]

R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120814.005\IDSvia64.sys [2012-06-14 509088]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2011-01-27 171128]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]

R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]

R2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]

R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 136176]

R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-13 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 FixZeroAccess;Zero Access Fixtool driver;c:\windows\system32\drivers\FixZeroAccess.sys [2012-08-13 27256]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 11:42]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 21:02]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 21:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3201318

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]

@Denied: (A) (Everyone)

"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]

"Key"="ActionsPane"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-15 21:14:32

ComboFix-quarantined-files.txt 2012-08-16 01:14

ComboFix2.txt 2012-08-15 23:58

.

Pre-Run: 554,094,587,904 bytes free

Post-Run: 553,967,771,648 bytes free

.

- - End Of File - - C0A0644BB93D509249013BAA54E27D0B

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[mensreaj]

Here is the log from MBAM, does this mean everything is fixed?

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.15.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Monique :: MOHP [administrator]

15/08/2012 9:28:12 PM

mbam-log-2012-08-15 (21-28-12).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194700

Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

Yes..........

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[mensreaj]

Wow, thank you so much!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!