Texean Posted May 21, 2013 ID:682276 Share Posted May 21, 2013 My computer was hijacked by the Moneypak virus. After killing processes from another user account I have on the computer and then running Malwarebytes and TDSSKiller I can remove the files but they (and the virus) have been coming back as soon as I reboot even though all say there is no virus left on the computer. Also, Malwarebytes has protection disabled and I can not get it to enable again. I used System Mechanic and msconfig to stop the autostarts and to be able to post here. Thanks in advance for any help you can give me. Here are the requested cut/paste files from DDS.com per the AdvancedSetup topic : DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.4.1Run by Test at 15:56:45 on 2013-05-21Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16366.13248 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\IDT\WDM\AESTSr64.exeC:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exeC:\Program Files\NVIDIA Corporation\Display\NvXDSync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\iolo\System Mechanic Professional\SystemGuardAlerter.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exeC:\Program Files (x86)\CyberLink\Shared files\brs.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exeC:\Program Files\Alienware\Command Center\AWCCServiceController.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exeC:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exeC:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exeC:\Users\Test\Desktop\aswMBR.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Alienware\Command Center\AlienFusionService.exeC:\Program Files\Alienware\Command Center\AlienFusionController.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://my.yahoo.com/uDefault_Page_URL = www.dell.commWinlogon: Userinit = userinit.exe,BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunmRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exemRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"StartupFolder: C:\Users\Test\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cabTCP: NameServer = 192.168.1.254TCP: Interfaces\{10290551-55E4-4BB1-8C70-448409C20C79} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{2F028FA4-460E-44ED-8F31-10DC4AF7AA60} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{2F028FA4-460E-44ED-8F31-10DC4AF7AA60}\76F676F696E666C696768647 : DHCPNameServer = 172.19.134.2TCP: Interfaces\{2F028FA4-460E-44ED-8F31-10DC4AF7AA60}\C496D6563747F6E65602C4F6467656 : DHCPNameServer = 192.168.0.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Startx64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-15 55856]R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-2-15 21616]R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-4-17 31432]R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-15 89600]R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-3-30 1070080]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-7-27 82160]R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-2-15 27760]R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2012-2-15 71168]R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2012-2-15 175104]R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2012-2-15 81920]R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-2-15 344616]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-2-15 172704]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-2-15 76912]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-20 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-15 80384]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-15 180736]R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-5-16 121448]R3 SiBEAMSB92xxHostSerial;SiBEAMSB92xxHostSerial;C:\Windows\System32\drivers\SiBEAM_x64.sys [2012-2-15 62464]R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/15 07:23:41;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 MBAMScheduler;MBAMScheduler;"\mbamscheduler.exe" --> \mbamscheduler.exe [?]S2 MBAMService;MBAMService;"\mbamservice.exe" --> \mbamservice.exe [?]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-3-5 118784]S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2008-3-5 43032]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-2-15 335464]S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-13 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]S4 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496].=============== File Associations ===============.FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"FileExt: .js: JSFile=NOTEPAD.EXE "%1"FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1".=============== Created Last 30 ================.2013-05-21 20:48:49 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F3A2D00-3E1A-413B-AF60-64D31F9E0245}\offreg.dll2013-05-21 00:14:43 -------- d-----w- C:\ProgramData\PC Tools2013-05-21 00:14:42 -------- d-----w- C:\Users\Test\AppData\Roaming\TestApp2013-05-21 00:12:37 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F3A2D00-3E1A-413B-AF60-64D31F9E0245}\mpengine.dll2013-05-20 18:35:28 -------- d-----w- C:\Users\Test\AppData\Roaming\Dell2013-05-20 18:35:25 -------- d-----w- C:\ProgramData\PCDr2013-05-20 18:35:25 -------- d-----w- C:\ProgramData\PC-Doctor for Windows2013-05-20 18:35:17 -------- d-----w- C:\Program Files\AlienAutopsy2013-05-20 18:34:24 -------- d-----w- C:\Users\Test\AppData\Roaming\PCDr2013-05-20 18:34:20 -------- d-----w- C:\temp2013-05-20 13:59:12 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-05-20 12:24:03 -------- d-----w- C:\Users\Test\AppData\Roaming\Malwarebytes2013-05-20 12:23:42 -------- d-----w- C:\ProgramData\Malwarebytes2013-05-20 12:23:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-05-20 12:23:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-05-20 12:23:24 -------- d-----w- C:\Users\Test\AppData\Local\Programs2013-05-19 18:20:31 65024 ----a-w- C:\Users\Test\javaw.dll2013-05-15 11:38:48 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-04-26 04:39:05 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3485C91-A19A-47C4-93B4-2238A363DE88}\gapaengine.dll2013-04-25 12:07:51 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys.==================== Find3M ====================.2013-05-20 12:18:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-20 12:18:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe2013-03-18 04:59:04 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe2013-03-18 04:58:56 26184 ----a-w- C:\Windows\System32\smrgdf.exe2013-03-18 04:43:58 2155688 ----a-w- C:\Windows\System32\Incinerator64.dll2013-03-18 04:43:56 2097472 ----a-w- C:\Windows\SysWow64\Incinerator32.dll2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll.============= FINISH: 15:56:51.64 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 4/9/2012 2:51:40 PMSystem Uptime: 5/21/2013 3:47:33 PM (0 hours ago).Motherboard: Alienware | | M17xR3Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz | CPU1 | 2401/1600mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 238 GiB total, 87.544 GiB free.D: is FIXED (NTFS) - 699 GiB total, 345.473 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID:Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&1C3E1704&0&F40B93E720B8_C00000000Manufacturer:Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&1C3E1704&0&F40B93E720B8_C00000000Service:.==== System Restore Points ===================.RP124: 2/26/2013 11:06:07 PM - Windows UpdateRP125: 3/2/2013 10:19:50 AM - Windows UpdateRP126: 3/8/2013 11:20:23 PM - Windows UpdateRP127: 3/12/2013 5:59:05 PM - Windows UpdateRP128: 3/14/2013 9:45:09 AM - Windows UpdateRP129: 3/18/2013 11:09:31 AM - Windows UpdateRP130: 3/22/2013 2:22:39 PM - Windows UpdateRP131: 3/25/2013 9:44:03 PM - Windows UpdateRP132: 3/29/2013 1:12:59 PM - Windows UpdateRP133: 4/3/2013 10:23:59 AM - Windows UpdateRP134: 4/7/2013 7:50:23 AM - Windows UpdateRP135: 4/9/2013 3:52:57 PM - Windows UpdateRP136: 4/12/2013 9:20:02 PM - Windows UpdateRP137: 4/16/2013 7:22:19 PM - Windows UpdateRP138: 4/20/2013 8:24:57 AM - Windows UpdateRP139: 4/25/2013 11:38:46 PM - Windows UpdateRP140: 4/26/2013 8:31:21 AM - Windows UpdateRP141: 4/29/2013 10:00:35 AM - Windows UpdateRP142: 4/30/2013 12:04:24 AM - Windows UpdateRP143: 5/3/2013 2:04:18 PM - Windows UpdateRP144: 5/7/2013 6:53:26 AM - Windows UpdateRP145: 5/10/2013 4:59:22 PM - Windows UpdateRP146: 5/14/2013 8:58:03 PM - Windows UpdateRP147: 5/15/2013 7:50:12 PM - Windows UpdateRP148: 5/19/2013 7:47:46 AM - Windows UpdateRP149: 5/20/2013 3:27:57 PM - Malwarebytes Anti-Rootkit Restore PointRP150: 5/20/2013 5:04:51 PM - Malwarebytes Anti-Rootkit Restore Point.==== Installed Programs ======================.Adobe AIRAdobe Reader X (10.1.7)Adobe Shockwave Player 11.6Advanced Audio FX EngineAlienware On-Screen DisplayApple Application SupportApple Software UpdateCommand CenterCorel PaintShop Pro X4CyberLink PowerDVD 9.6Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell Webcam CentralDiablo IIDigital CopyDirectX 9 RuntimeEMSCFlixster CollectionsFree File Viewer 2011ICAiolo technologies' System Mechanic ProfessionalIPM_PSP_COMJava Auto UpdaterJava™ 7 Update 4JavaFX 2.1.0Juniper Networks, Inc. Setup ClientJunk Mail filter updateLive! Cam Avatar CreatorMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Starter 2010 - EnglishMicrosoft Office Word MUI (English) 2010Microsoft Save as PDF Add-in for 2007 Microsoft Office programsMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NVIDIA 3D Vision Controller DriverPhotoShowExpressPSPPContentPSPPHelpPSPPro64QuickTimeRBVirtualFolder64InstRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealUpgrade 1.1Roxio Activation ModuleRoxio BackOnTrackRoxio BurnRoxio Creator StarterRoxio Express Labeler 3Roxio File BackupSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSetupSonic CinePlayer Decoder PackSprint SmartViewswMSMSynaptics Pointing Device DriverUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionWidevine Media Optimizer IE 6.0.0WiHD ControllerWindows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Movie MakerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live Upload ToolWindows Live WriterWinZip 15.5.==== Event Viewer Messages From Past Week ========.5/21/2013 3:52:14 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The system cannot find the file specified.5/21/2013 3:51:36 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The system cannot find the file specified.5/21/2013 3:48:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.5/21/2013 3:47:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FileDisk5/20/2013 7:35:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.5/20/2013 7:35:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.5/20/2013 7:33:09 PM, Error: volmgr [46] - Crash dump initialization failed!5/20/2013 7:16:52 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JEANNES-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2F028FA4-460E-44ED-8F31-10DC4AF7AA60}. The master browser is stopping or an election is being forced.5/20/2013 7:12:37 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0.==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted May 21, 2013 ID:682283 Share Posted May 21, 2013 Welcome to the forum, here's how we deal with that malware:Please download Farbar Recovery Scan Tool and save it to a flash drive.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Plug the flash drive into the infected PC.If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.If you are using Vista or Windows 7 enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.[*]On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptOnce in the Command Prompt:[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.MrC Link to post Share on other sites More sharing options...
Texean Posted May 21, 2013 Author ID:682303 Share Posted May 21, 2013 Thank you for assisting. Here is the log file requested :Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2013 02Ran by SYSTEM on 21-05-2013 17:47:19Running from F:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2392872 2010-11-29] (Synaptics Incorporated)HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [315496 2011-06-26] (NVIDIA Corporation)HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-03-03] (IDT, Inc.)HKLM\...\Run: [] [x]HKLM\...\Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [13256 2010-11-10] (Microsoft)HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)HKLM-x32\...\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1500528 2010-11-17] ()HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)BootExecute: ?????==================== Services (Whitelisted) =================S3 CASprint; C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [118784 2008-03-05] (PCTEL)S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1070080 2013-03-17] (iolo technologies, LLC)S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()S3 SprintRcAppSvc; C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe [106496 2008-03-05] (PCTEL)S2 MBAMScheduler; "\mbamscheduler.exe" [x]S2 MBAMService; "\mbamservice.exe" [x]==================== Drivers (Whitelisted) ====================S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-11] (EldoS Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)S3 NvStUSB; C:\Windows\System32\DRIVERS\nvstusb.sys [121448 2010-12-08] ()S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2008-03-05] (PCTEL Inc.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)S3 SiBEAMSB92xxHostSerial; C:\Windows\System32\DRIVERS\SiBEAM_x64.sys [62464 2011-03-01] ()S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-03-05] ()S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.)S1 FileDisk; No ImagePath==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-05-21 17:47 - 2013-05-21 17:47 - 00000000 ____D C:\FRST2013-05-21 12:56 - 2013-05-21 12:57 - 00018015 ____A C:\Users\Test\Desktop\dds.txt2013-05-21 12:56 - 2013-05-21 12:57 - 00011885 ____A C:\Users\Test\Desktop\attach.txt2013-05-21 12:56 - 2013-05-21 12:56 - 00688992 ____R (Swearware) C:\Users\Test\Desktop\dds.com2013-05-20 19:39 - 2013-05-21 13:35 - 00006394 ____A C:\Users\Test\Desktop\aswMBR.txt2013-05-20 19:39 - 2013-05-21 13:35 - 00000512 ____A C:\Users\Test\Desktop\MBR.dat2013-05-20 19:20 - 2013-05-20 19:22 - 04745728 ____A (AVAST Software) C:\Users\Test\Desktop\aswMBR.exe2013-05-20 16:39 - 2013-05-20 16:39 - 00000020 __ASH C:\Users\Jeanne.DADS-ALIEN\ntuser.ini2013-05-20 16:39 - 2013-05-20 16:39 - 00000000 ____D C:\Users\Jeanne.DADS-ALIEN\AppData\Roaming\Real2013-05-20 16:39 - 2013-05-20 16:39 - 00000000 ____D C:\Users\Jeanne.DADS-ALIEN\AppData\Roaming\iolo2013-05-20 16:39 - 2013-05-20 16:39 - 00000000 ____D C:\Users\Jeanne.DADS-ALIEN\AppData\Roaming\Adobe2013-05-20 16:39 - 2013-05-20 16:39 - 00000000 ____D C:\Users\Jeanne.DADS-ALIEN\AppData\Local\VirtualStore2013-05-20 16:39 - 2013-05-20 16:39 - 00000000 ____D C:\users\Jeanne.DADS-ALIEN2013-05-20 16:39 - 2012-04-22 18:34 - 00000000 ____D C:\Users\Jeanne.DADS-ALIEN\AppData\Local\Microsoft Help2013-05-20 16:39 - 2012-04-15 13:30 - 00000000 ____D C:\Users\Jeanne.DADS-ALIEN\AppData\Roaming\Macromedia2013-05-20 16:27 - 2013-05-20 16:27 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Test\Desktop\TDSSKiller.exe2013-05-20 16:14 - 2013-05-20 16:14 - 00000000 ____D C:\Users\Test\AppData\Roaming\TestApp2013-05-20 16:14 - 2013-05-20 16:14 - 00000000 ____D C:\ProgramData\PC Tools2013-05-20 13:48 - 2013-05-20 13:48 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\RealNetworks2013-05-20 12:41 - 2013-05-20 12:41 - 02250054 ____A C:\ProgramData\1.bmp2013-05-20 12:39 - 2013-05-20 12:39 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\Real2013-05-20 12:39 - 2013-05-20 12:39 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\Malwarebytes2013-05-20 12:38 - 2013-05-20 13:07 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\iolo2013-05-20 12:38 - 2013-05-20 12:38 - 00000020 ___SH C:\Users\Jeanne\ntuser.ini2013-05-20 12:38 - 2013-05-20 12:38 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\Adobe2013-05-20 12:38 - 2013-05-20 12:38 - 00000000 ____D C:\Users\Jeanne\AppData\Local\VirtualStore2013-05-20 12:38 - 2013-05-20 12:38 - 00000000 ____D C:\users\Jeanne2013-05-20 12:38 - 2012-04-22 18:34 - 00000000 ____D C:\Users\Jeanne\AppData\Local\Microsoft Help2013-05-20 12:38 - 2012-04-15 13:30 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\Macromedia2013-05-20 12:36 - 2013-05-20 13:43 - 00000004 ____A C:\Users\Test\AppData\Roaming\skype.ini2013-05-20 10:35 - 2013-05-20 11:00 - 00000000 ____D C:\Program Files\AlienAutopsy2013-05-20 10:35 - 2013-05-20 10:35 - 00000000 ____D C:\Users\Test\AppData\Roaming\Dell2013-05-20 10:35 - 2013-05-20 10:35 - 00000000 ____D C:\ProgramData\PCDr2013-05-20 10:34 - 2013-05-20 10:34 - 00000000 ____D C:\Users\Test\AppData\Roaming\PCDr2013-05-20 04:24 - 2013-05-20 04:24 - 00000000 ____D C:\Users\Test\AppData\Roaming\Malwarebytes2013-05-20 04:23 - 2013-05-20 04:23 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-05-20 04:23 - 2013-05-20 04:23 - 00000000 ____D C:\ProgramData\Malwarebytes2013-05-20 04:23 - 2013-05-20 04:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-05-20 04:23 - 2013-04-04 11:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-05-19 10:21 - 2013-05-19 10:21 - 00000000 ____D C:\ProgramData\Intel2013-05-19 10:20 - 2013-05-19 10:20 - 00065024 ____A C:\Users\Test\javaw.dll2013-05-15 16:50 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-05-15 16:50 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-05-15 16:50 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-05-15 16:50 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-05-15 16:50 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-05-15 16:50 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-05-15 16:50 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-05-15 16:50 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-05-15 16:50 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-05-15 16:50 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-05-15 16:50 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-05-15 16:50 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-05-15 16:50 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-05-15 16:50 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-05-15 16:50 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-05-15 16:50 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-05-15 16:50 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-05-15 16:50 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-05-15 16:50 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-05-15 16:50 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-05-15 16:50 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-05-15 16:50 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-05-15 16:50 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-05-15 16:50 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-05-15 16:50 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-05-15 16:50 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-05-15 16:50 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-05-15 16:50 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-05-15 16:50 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-05-15 16:50 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-05-15 16:50 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-05-15 03:38 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys2013-05-15 03:38 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys2013-05-15 03:38 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-05-15 03:38 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll2013-05-15 03:38 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll2013-05-15 03:38 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe2013-05-15 03:38 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2013-05-15 03:38 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll2013-05-15 03:38 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll2013-05-15 03:38 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll2013-05-15 03:38 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-05-15 03:38 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll2013-05-15 03:38 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2013-05-15 03:38 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll2013-04-29 21:05 - 2013-04-29 21:05 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-04-29 21:05 - 2013-04-29 21:05 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-04-29 21:05 - 2013-04-29 21:05 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-04-29 21:05 - 2013-04-29 21:05 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-04-29 21:05 - 2013-04-29 21:05 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-04-29 21:05 - 2013-04-29 21:05 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-04-29 21:05 - 2013-04-29 21:05 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-04-29 21:05 - 2013-04-29 21:05 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-04-29 21:05 - 2013-04-29 21:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-04-29 21:04 - 2013-04-29 21:07 - 00007201 ____A C:\Windows\IE10_main.log2013-04-25 04:07 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys==================== One Month Modified Files and Folders =======2013-05-21 17:47 - 2013-05-21 17:47 - 00000000 ____D C:\FRST2013-05-21 14:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-05-21 14:40 - 2009-07-13 20:51 - 00067522 ____A C:\Windows\setupact.log2013-05-21 14:27 - 2012-02-15 05:06 - 01610393 ____A C:\Windows\WindowsUpdate.log2013-05-21 13:56 - 2012-10-28 06:35 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168337650-4283734589-1400818274-1002UA.job2013-05-21 13:35 - 2013-05-20 19:39 - 00006394 ____A C:\Users\Test\Desktop\aswMBR.txt2013-05-21 13:35 - 2013-05-20 19:39 - 00000512 ____A C:\Users\Test\Desktop\MBR.dat2013-05-21 12:57 - 2013-05-21 12:56 - 00018015 ____A C:\Users\Test\Desktop\dds.txt2013-05-21 12:57 - 2013-05-21 12:56 - 00011885 ____A C:\Users\Test\Desktop\attach.txt2013-05-21 12:56 - 2013-05-21 12:56 - 00688992 ____R (Swearware) C:\Users\Test\Desktop\dds.com2013-05-21 12:54 - 2009-07-13 20:45 - 00021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-05-21 12:54 - 2009-07-13 20:45 - 00021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-05-21 12:52 - 2009-07-13 21:13 - 00779724 ____A C:\Windows\System32\PerfStringBackup.INI2013-05-21 12:51 - 2012-04-29 09:13 - 00000400 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job2013-05-20 19:22 - 2013-05-20 19:20 - 04745728 ____A (AVAST Software) C:\Users\Test\Desktop\aswMBR.exe2013-05-20 18:40 - 2012-04-17 13:51 - 00000000 ____D C:\Users\Test\AppData\Roaming\iolo2013-05-20 18:34 - 2013-03-22 17:30 - 00000000 ____D C:\Users\Public\Downloads\mbar2013-05-20 16:39 - 2013-05-20 16:39 - 00000020 __ASH C:\Users\Jeanne.DADS-ALIEN\ntuser.ini2013-05-20 16:39 - 2013-05-20 16:39 - 00000000 ____D C:\Users\Jeanne.DADS-ALIEN\AppData\Roaming\Real2013-05-20 16:39 - 2013-05-20 16:39 - 00000000 ____D C:\Users\Jeanne.DADS-ALIEN\AppData\Roaming\iolo2013-05-20 16:39 - 2013-05-20 16:39 - 00000000 ____D C:\Users\Jeanne.DADS-ALIEN\AppData\Roaming\Adobe2013-05-20 16:39 - 2013-05-20 16:39 - 00000000 ____D C:\Users\Jeanne.DADS-ALIEN\AppData\Local\VirtualStore2013-05-20 16:39 - 2013-05-20 16:39 - 00000000 ____D C:\users\Jeanne.DADS-ALIEN2013-05-20 16:36 - 2012-04-09 11:51 - 00000000 ____D C:\users\Test2013-05-20 16:27 - 2013-05-20 16:27 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Test\Desktop\TDSSKiller.exe2013-05-20 16:14 - 2013-05-20 16:14 - 00000000 ____D C:\Users\Test\AppData\Roaming\TestApp2013-05-20 16:14 - 2013-05-20 16:14 - 00000000 ____D C:\ProgramData\PC Tools2013-05-20 16:12 - 2010-11-20 19:47 - 00101666 ____A C:\Windows\PFRO.log2013-05-20 14:56 - 2012-10-28 06:35 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168337650-4283734589-1400818274-1002Core.job2013-05-20 13:48 - 2013-05-20 13:48 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\RealNetworks2013-05-20 13:43 - 2013-05-20 12:36 - 00000004 ____A C:\Users\Test\AppData\Roaming\skype.ini2013-05-20 13:07 - 2013-05-20 12:38 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\iolo2013-05-20 12:41 - 2013-05-20 12:41 - 02250054 ____A C:\ProgramData\1.bmp2013-05-20 12:39 - 2013-05-20 12:39 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\Real2013-05-20 12:39 - 2013-05-20 12:39 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\Malwarebytes2013-05-20 12:38 - 2013-05-20 12:38 - 00000020 ___SH C:\Users\Jeanne\ntuser.ini2013-05-20 12:38 - 2013-05-20 12:38 - 00000000 ____D C:\Users\Jeanne\AppData\Roaming\Adobe2013-05-20 12:38 - 2013-05-20 12:38 - 00000000 ____D C:\Users\Jeanne\AppData\Local\VirtualStore2013-05-20 12:38 - 2013-05-20 12:38 - 00000000 ____D C:\users\Jeanne2013-05-20 12:30 - 2012-04-16 15:32 - 00000000 ____D C:\Users\Test\AppData\Local\CrashDumps2013-05-20 11:00 - 2013-05-20 10:35 - 00000000 ____D C:\Program Files\AlienAutopsy2013-05-20 10:35 - 2013-05-20 10:35 - 00000000 ____D C:\Users\Test\AppData\Roaming\Dell2013-05-20 10:35 - 2013-05-20 10:35 - 00000000 ____D C:\ProgramData\PCDr2013-05-20 10:34 - 2013-05-20 10:34 - 00000000 ____D C:\Users\Test\AppData\Roaming\PCDr2013-05-20 10:31 - 2012-10-28 06:35 - 00000000 ____D C:\Users\Test\AppData\Local\Deployment2013-05-20 04:24 - 2013-05-20 04:24 - 00000000 ____D C:\Users\Test\AppData\Roaming\Malwarebytes2013-05-20 04:23 - 2013-05-20 04:23 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-05-20 04:23 - 2013-05-20 04:23 - 00000000 ____D C:\ProgramData\Malwarebytes2013-05-20 04:23 - 2013-05-20 04:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-05-20 04:18 - 2012-04-13 12:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-05-20 04:18 - 2012-04-13 12:22 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-05-19 10:21 - 2013-05-19 10:21 - 00000000 ____D C:\ProgramData\Intel2013-05-19 10:20 - 2013-05-19 10:20 - 00065024 ____A C:\Users\Test\javaw.dll2013-05-15 18:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-05-15 16:55 - 2009-07-13 20:45 - 00461464 ____A C:\Windows\System32\FNTCACHE.DAT2013-05-15 16:53 - 2012-04-21 13:38 - 00000000 ____D C:\ProgramData\Microsoft Help2013-05-15 16:52 - 2012-04-13 14:52 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-05-02 07:29 - 2010-11-20 19:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe2013-04-30 04:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions2013-04-29 21:07 - 2013-04-29 21:04 - 00007201 ____A C:\Windows\IE10_main.log2013-04-29 21:05 - 2013-04-29 21:05 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-04-29 21:05 - 2013-04-29 21:05 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-04-29 21:05 - 2013-04-29 21:05 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-04-29 21:05 - 2013-04-29 21:05 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-04-29 21:05 - 2013-04-29 21:05 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-04-29 21:05 - 2013-04-29 21:05 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-04-29 21:05 - 2013-04-29 21:05 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-04-29 21:05 - 2013-04-29 21:05 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-04-29 21:05 - 2013-04-29 21:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-04-29 21:05 - 2013-04-29 21:05 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-04-29 21:05 - 2013-04-29 21:05 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exeOther Malware:===========C:\Users\Test\AppData\Roaming\skype.iniC:\ProgramData\qci.pad==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-03-08 21:20:28Restore point made on: 2013-03-12 14:59:09Restore point made on: 2013-03-14 06:45:14Restore point made on: 2013-03-18 08:09:36Restore point made on: 2013-03-22 11:22:44Restore point made on: 2013-03-25 18:44:07Restore point made on: 2013-03-29 10:13:03Restore point made on: 2013-04-03 07:24:04Restore point made on: 2013-04-07 04:50:28Restore point made on: 2013-04-09 12:53:01Restore point made on: 2013-04-12 18:20:06Restore point made on: 2013-04-16 16:22:24Restore point made on: 2013-04-20 05:25:03Restore point made on: 2013-04-25 20:38:52Restore point made on: 2013-04-26 05:31:26Restore point made on: 2013-04-29 07:00:40Restore point made on: 2013-04-29 21:04:30Restore point made on: 2013-05-03 11:04:23Restore point made on: 2013-05-07 03:53:32Restore point made on: 2013-05-10 13:59:27Restore point made on: 2013-05-14 17:58:08Restore point made on: 2013-05-15 16:50:17Restore point made on: 2013-05-19 04:47:52Restore point made on: 2013-05-20 12:28:05Restore point made on: 2013-05-20 14:04:59Restore point made on: 2013-05-21 12:58:31==================== Memory info ===========================Percentage of memory in use: 7%Total physical RAM: 16365.86 MBAvailable physical RAM: 15064.76 MBTotal Pagefile: 16364.06 MBAvailable Pagefile: 15043.36 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.87 MB==================== Drives ================================Drive c: (OSDisk) (Fixed) (Total:238.47 GB) (Free:88.28 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]Drive d: (HD2) (Fixed) (Total:698.63 GB) (Free:345.3 GB) NTFS (Disk=1 Partition=1)Drive e: (W7SP1_HOMEPREMIUM) (CDROM) (Total:4.69 GB) (Free:0 GB) UDFDrive f: (USB MEM 64M) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT32 (Disk=2 Partition=1)Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 7219425B)Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 62E6E4DB)Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)========================================================Disk: 2 (Size: 62 MB) (Disk ID: 4AD7EEF2)Partition 1: (Active) - (Size=61 MB) - (Type=0B)Last Boot: 2013-05-14 18:24==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted May 21, 2013 ID:682311 Share Posted May 21, 2013 OK, here you go......this should get you going:Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.See if the computer boots normally now and if so..........Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.MrC~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.Just run fixdamage.exe.Verify that your system is now functioning normally.MrC Link to post Share on other sites More sharing options...
Texean Posted May 22, 2013 Author ID:682317 Share Posted May 22, 2013 Thanks MrC. The system booted ok, but it has been booting fine since I stopped the bootup processes as mentioned earlier but I knew I still had some virus elements from the fact that I had to disable the startups with msconfig. In any event I am praying that these changes bring it to heel. I will be retiring this year and you guys have shown me a possible way to give back when I do. It is much appreciated. Also, I will gladly put some funds in the account to keep you guys going!Here is the fixlog data :Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2013 02Ran by SYSTEM at 2013-05-21 18:46:11 Run:1Running from F:\Boot Mode: Recovery==============================================C:\Users\Test\AppData\Roaming\skype.ini => Moved successfully.C:\ProgramData\qci.pad => Moved successfully.==== End of Fixlog ====Then when I ran MBAR, it found a virus file. I have to reboot so will post the final two logs when done and have a (hopefully) clean bill. Here are the interim logs attached.system-log.txtmbar-log-2013-05-21 (18-58-00).txt Link to post Share on other sites More sharing options...
Texean Posted May 22, 2013 Author ID:682323 Share Posted May 22, 2013 OK, I got a clean bill this time after rebooting and everything seems to be working well. Here are the last 2 logs. Thank you so much for taking the time with me today.mbar-log-2013-05-21 (19-19-31).txtsystem-log.txt Link to post Share on other sites More sharing options...
Texean Posted May 22, 2013 Author ID:682326 Share Posted May 22, 2013 One follow up note. I still can not enable filesystem protection or malicious website blocking in the malwarebytes pro program .... Link to post Share on other sites More sharing options...
MrCharlie Posted May 22, 2013 ID:682328 Share Posted May 22, 2013 OK, we're not done so please be patient.....Next:Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
Texean Posted May 22, 2013 Author ID:682331 Share Posted May 22, 2013 Also, when I try to go to scheduler to set up, I get an error that reads : "An error has occurred. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission). PROGRAM_ERROR_SCHEDULER (2,0,SchedulerStart). The system cannot find the file specified. Here is the quickscan log : Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.05.21.11Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16576Test :: DADS-ALIEN [administrator]Protection: Disabled5/21/2013 7:46:54 PMmbam-log-2013-05-21 (19-46-54).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 290774Time elapsed: 1 minute(s), 37 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Texean Posted May 22, 2013 Author ID:682341 Share Posted May 22, 2013 OK, combofix downloaded and run. Sorry, I thought we were done and really appreciate you sticking with it. The log for combofix is : ComboFix 13-05-21.01 - Test 05/21/2013 19:56:32.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16366.13859 [GMT -5:00]Running from: c:\users\Test\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8936BCF0-4298-4D10-99DE-21BB469F7693}.xpsc:\users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinumc:\users\Test\javaw.dll..((((((((((((((((((((((((( Files Created from 2013-04-22 to 2013-05-22 )))))))))))))))))))))))))))))))..2013-05-22 01:47 . 2013-05-22 01:47 -------- d-----w- C:\FRST2013-05-22 00:59 . 2013-05-22 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp2013-05-22 00:59 . 2013-05-22 00:59 -------- d-----w- c:\users\Family\AppData\Local\temp2013-05-22 00:21 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0ADF1B9-41BB-4053-B279-C952788C494C}\mpengine.dll2013-05-21 20:58 . 2013-05-21 20:58 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1317648-5D7B-4C01-A4AD-830041067201}\gapaengine.dll2013-05-21 20:58 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-05-21 00:14 . 2013-05-21 00:14 -------- d-----w- c:\programdata\PC Tools2013-05-21 00:14 . 2013-05-21 00:14 -------- d-----w- c:\users\Test\AppData\Roaming\TestApp2013-05-20 20:38 . 2013-05-20 20:38 -------- d-----w- c:\users\Jeanne2013-05-20 18:35 . 2013-05-20 18:35 -------- d-----w- c:\users\Test\AppData\Roaming\Dell2013-05-20 18:35 . 2013-05-20 18:35 -------- d-----w- c:\programdata\PCDr2013-05-20 18:35 . 2013-05-20 18:35 -------- d-----w- c:\programdata\PC-Doctor for Windows2013-05-20 18:35 . 2013-05-20 19:00 -------- d-----w- c:\program files\AlienAutopsy2013-05-20 18:34 . 2013-05-20 18:34 -------- d-----w- c:\users\Test\AppData\Roaming\PCDr2013-05-20 18:34 . 2013-05-20 19:00 -------- d-----w- C:\temp2013-05-20 12:24 . 2013-05-20 12:24 -------- d-----w- c:\users\Test\AppData\Roaming\Malwarebytes2013-05-20 12:23 . 2013-05-20 12:23 -------- d-----w- c:\programdata\Malwarebytes2013-05-20 12:23 . 2013-05-22 00:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-05-20 12:23 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-05-20 12:23 . 2013-05-20 12:23 -------- d-----w- c:\users\Test\AppData\Local\Programs2013-05-19 18:21 . 2013-05-19 18:21 -------- d-----w- c:\programdata\Intel2013-05-15 11:38 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-25 12:07 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-20 12:18 . 2012-04-13 20:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-20 12:18 . 2012-04-13 20:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-05-16 00:52 . 2012-04-13 22:52 75016696 ----a-w- c:\windows\system32\MRT.exe2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-26 04:38 . 2012-06-12 14:57 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-04-13 05:49 . 2013-05-15 11:38 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 11:38 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 11:38 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 11:38 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 11:38 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 11:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-03-19 06:04 . 2013-04-09 19:52 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-19 05:46 . 2013-04-09 19:52 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-03-19 05:04 . 2013-04-09 19:52 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04 . 2013-04-09 19:52 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-03-19 04:47 . 2013-04-09 19:52 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-03-19 03:06 . 2013-04-09 19:52 112640 ----a-w- c:\windows\system32\smss.exe2013-03-18 04:59 . 2012-04-17 22:24 57584 ----a-w- c:\windows\system32\iolobtdfg.exe2013-03-18 04:58 . 2012-04-17 22:24 26184 ----a-w- c:\windows\system32\smrgdf.exe2013-03-18 04:43 . 2012-04-17 22:25 2155688 ----a-w- c:\windows\system32\Incinerator64.dll2013-03-18 04:43 . 2012-04-17 22:25 2097472 ----a-w- c:\windows\SysWow64\Incinerator32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-11-17 1500528]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"Z1"="c:\users\Public\Downloads\mbar\mbar\mbar.exe" [2013-03-23 1398856]"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040].c:\users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ ???\0??\0.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/15 07:23;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-08-12 248304]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 MBAMScheduler;MBAMScheduler;mbamscheduler.exe [x]R2 MBAMService;MBAMService;mbamservice.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-03-05 118784]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2008-03-05 43032]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-13 1255736]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]R4 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-11 31432]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-03-03 89600]S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296]S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-03-18 1070080]S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-07-26 82160]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-20 27760]S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-16 71168]S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-16 175104]S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-16 81920]S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 344616]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-30 76912]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2010-12-08 121448]S3 SiBEAMSB92xxHostSerial;SiBEAMSB92xxHostSerial;c:\windows\system32\DRIVERS\SiBEAM_x64.sys [2011-03-01 62464]..--- Other Services/Drivers In Memory ---.*Deregistered* - CLKMDRV10_9EC60124*Deregistered* - ioloSGuardDriver.Contents of the 'Scheduled Tasks' folder.2013-05-22 c:\windows\Tasks\FreeFileViewerUpdateChecker.job- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-29 19:24].2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168337650-4283734589-1400818274-1002Core.job- c:\users\Test\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28 14:35].2013-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168337650-4283734589-1400818274-1002UA.job- c:\users\Test\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-28 14:35]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-27 315496]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-03 525312]"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2010-11-10 13256].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceFontCache.------- Supplementary Scan -------.uStart Page = hxxp://my.yahoo.com/Trusted Zone: raytheon.com\rsvpnTCP: DhcpNameServer = 192.168.1.254..------- File Associations -------.JSEFile=NOTEPAD.EXE "%1".- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-05-21 20:00:21ComboFix-quarantined-files.txt 2013-05-22 01:00.Pre-Run: 93,978,312,704 bytes freePost-Run: 93,921,071,104 bytes free.- - End Of File - - 765096F829B7D6AB66F201792ED68645 Link to post Share on other sites More sharing options...
MrCharlie Posted May 22, 2013 ID:682342 Share Posted May 22, 2013 OK...Next:Please download AdwCleaner from here and save it on your Desktop.AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:/DisableAskDetection - This option disables Ask Toolbar detection.MrC Link to post Share on other sites More sharing options...
Texean Posted May 22, 2013 Author ID:682344 Share Posted May 22, 2013 Log file for ADW Cleaner : # AdwCleaner v2.301 - Logfile created 05/21/2013 at 20:13:50# Updated 16/05/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Test - DADS-ALIEN# Boot Mode : Normal# Running from : C:\Users\Test\Desktop\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] ********** [Registry] *****Key Found : HKCU\Software\APN PIPKey Found : HKLM\Software\Freeze.comKey Found : HKLM\Software\PIPKey Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16576[OK] Registry is clean.*************************AdwCleaner[R1].txt - [716 octets] - [21/05/2013 20:13:50]########## EOF - C:\AdwCleaner[R1].txt - [775 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted May 22, 2013 ID:682353 Share Posted May 22, 2013 Some adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Then......Lets check your computers security:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
Texean Posted May 22, 2013 Author ID:682360 Share Posted May 22, 2013 I owe you MrC. Results of the two requested actions : # AdwCleaner v2.301 - Logfile created 05/21/2013 at 20:52:43# Updated 16/05/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Test - DADS-ALIEN# Boot Mode : Normal# Running from : C:\Users\Test\Desktop\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] *****Key Deleted : HKCU\Software\APN PIPKey Deleted : HKLM\Software\Freeze.comKey Deleted : HKLM\Software\PIPKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16576[OK] Registry is clean.*************************AdwCleaner[R1].txt - [843 octets] - [21/05/2013 20:13:50]AdwCleaner[s1].txt - [783 octets] - [21/05/2013 20:52:43]########## EOF - C:\AdwCleaner[s1].txt - [842 octets] ########## Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.0 Java 7 Update 4 Java version out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe iolo Common Lib ioloServiceManager.exe iolo System Mechanic Professional SystemGuardAlerter.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted May 22, 2013 ID:682366 Share Posted May 22, 2013 OK, want problems are left?? MrC Link to post Share on other sites More sharing options...
Texean Posted May 22, 2013 Author ID:682368 Share Posted May 22, 2013 It looks like just the inability to enable filesystem protection and malicious website blocking in malwarebytes pro? Cheers, MrC! Link to post Share on other sites More sharing options...
MrCharlie Posted May 22, 2013 ID:682371 Share Posted May 22, 2013 Lets re-install MB and see if that corrects the problem, follow the instruction carefully.http://forums.malwarebytes.org/index.php?showtopic=122284MrC Link to post Share on other sites More sharing options...
Texean Posted May 22, 2013 Author ID:682378 Share Posted May 22, 2013 That fixed it. Thanks MrC! Take care. Link to post Share on other sites More sharing options...
MrCharlie Posted May 22, 2013 ID:682382 Share Posted May 22, 2013 Good..............Out dated programs on the system are vulnerable to malware.Please update or uninstall them:JavaFX 2.1.0 <---uninstall from add/remove programsJava™ 7 Update 4 <---please update should be Update 21Java version out of Date! <--------Go to control panel > Java > Update Tab > Update NowUncheck the box to install the Ask toolbar!!! and any other free "stuff".If there's no update tab in Java, uninstall it and Download and install the latest version from HereUncheck the box to install the Ask toolbar!!! and any other free "stuff".----------------------------------------------------Adobe Reader 10.1.7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------If you used DeFogger to disable your CD Emulation drivers, please re-enable them.-------------------------------Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
LDTate Posted May 22, 2013 ID:682485 Share Posted May 22, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts