Jump to content

MWB finds Trojan.Agent, does not remove


Recommended Posts

Hello

MWB has found Trojan.Agent and says the location is AppData\Local\wsr30zt32.dll. However, it does not remove it.

Since MWB found this Trojan, MS Security Essentials has disappeared and cannot be re-installed.

Here are the two files, DDS and Attach. Thanks for any help you can provide.

Colin

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 10.7.2

Run by Les_New at 13:18:29 on 2013-10-15

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3006.1231 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Users\Les_New\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DellSupport\brkrsvc.exe

C:\Windows\ehome\ehRecvr.exe

C:\Windows\ehome\ehsched.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

c:\xampp\mysql\bin\mysqld.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\System32\vds.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\WmiPrvSE.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\msiexec.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\Explorer.exe

C:\Windows\system32\wbem\WmiPrvSE.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [spotify Web Helper] "c:\users\les_new\appdata\roaming\spotify\data\SpotifyWebHelper.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: dell.com

TCP: NameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{415E46C2-7982-45DE-A495-14F5C4D9D0A3} : DHCPNameServer = 192.168.1.254 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\les_new\appdata\roaming\mozilla\firefox\profiles\7a39l92k.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - ExtSQL: 2013-09-18 09:00; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext

.

============= SERVICES / DRIVERS ===============

.

R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\common files\epson\epw!3 ssrp\E_JT50RP.EXE [2012-2-3 678400]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]

R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 2039808]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-9-16 3819520]

S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-9-10 571392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 677376]

S2 gupdate1c90d02e9defad0;Google Update Service (gupdate1c90d02e9defad0);c:\program files\google\update\GoogleUpdate.exe [2008-9-2 680448]

S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-5-30 16000]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]

S3 BTUsbrXP®;BT Voyager 1010 USB Adapter;c:\windows\system32\drivers\btusbrxp.sys [2003-1-21 93056]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-3 39272]

S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-10-7 21504]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 813568]

S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-7-12 155320]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 1300992]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\WORDPAD.EXE="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [userChoice]

FileExt: .ini: inifile - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]

.

=============== Created Last 30 ================

.

2013-10-15 10:34:01 59225 ----a-w- c:\users\les_new\appdata\local\dfl30z32.dll

2013-10-15 08:56:06 -------- d-----w- c:\users\les_new\appdata\local\temp

2013-10-15 08:47:01 -------- d-----w- C:\$RECYCLE.BIN

2013-10-09 16:33:24 798208 ----a-w- c:\windows\system32\FntCache.dll

2013-10-09 16:32:59 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-10-09 16:32:57 134272 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2013-10-09 16:32:56 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2013-10-09 16:32:54 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-10-09 16:32:52 293376 ----a-w- c:\windows\system32\atmfd.dll

2013-10-09 16:32:51 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-10-09 16:32:49 532480 ----a-w- c:\windows\system32\comctl32.dll

2013-10-09 16:32:46 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys

2013-10-09 16:32:46 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys

2013-10-07 13:24:39 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-09-18 16:55:08 -------- d-----r- c:\users\les_new\Google Drive

2013-09-18 12:52:37 -------- d-----w- c:\users\les_new\appdata\roaming\Avery

2013-09-18 08:01:00 -------- d-----w- c:\users\les_new\appdata\roaming\RealNetworks

2013-09-18 08:00:19 -------- d-----w- c:\program files\RealNetworks

2013-09-18 08:00:16 -------- d-----w- c:\programdata\RealNetworks

2013-09-18 08:00:07 -------- d-----w- c:\program files\common files\xing shared

2013-09-18 07:59:56 153736 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll

2013-09-18 07:59:48 124504 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll

2013-09-16 11:30:40 4806016 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

2013-09-16 11:30:40 4806016 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2013-10-15 09:21:52 624640 ----a-w- c:\windows\system32\msiexec.exe

2013-10-15 09:09:12 2644480 ----a-w- c:\windows\system32\dfsr.exe

2013-10-15 08:58:44 872960 ----a-w- c:\windows\system32\cmd.exe

2013-10-15 08:55:43 1607680 ----a-w- c:\windows\system32\VSSVC.exe

2013-10-15 08:55:42 659456 ----a-w- c:\windows\system32\msdtc.exe

2013-10-15 08:55:42 565760 ----a-w- c:\windows\system32\snmptrap.exe

2013-10-15 08:55:42 560640 ----a-w- c:\windows\system32\Locator.exe

2013-10-15 08:47:07 611840 ----a-w- c:\windows\system32\alg.exe

2013-10-14 17:42:56 859648 ----a-w- c:\windows\IsUninst.exe

2013-10-09 16:15:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-09 16:15:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-18 07:59:36 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-09-18 07:59:36 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys

2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll

2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll

2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll

2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll

2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-01 03:16:32 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-08-01 02:49:15 37376 ----a-w- c:\windows\system32\cdd.dll

2013-07-20 10:44:53 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll

.

============= FINISH: 13:19:53.72 ===============

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 27/03/2007 02:13:11

System Uptime: 15/10/2013 11:54:53 (2 hours ago)

.

Motherboard: Dell Inc | | 0HY175

Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | Socket M2 | 2000/1000mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 139 GiB total, 32.089 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 6.301 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Add-In Information Lister

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.8)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Verifier x86 External Package

Audacity 2.0.3

Bonjour

BT Desktop Help

BT Yahoo! Applications

Canon MP140 series

Canon MP140 series User Registration

Canon Utilities Easy-LayoutPrint

Canon Utilities Easy-PhotoPrint

CCleaner

CoffeeCup HTML Editor

CoffeeCup Image Mapper

CoffeeCup StyleSheet Maker

Compatibility Pack for the 2007 Office system

Corel Paint Shop Pro Photo XI

Corel Snapfire Plus

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Defraggler

Dell System Customization Wizard

Dell System Detect

DellSupport

DesignPro 5

DHTML Editing Component

Epson Download Navigator

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON TWAIN 5

EPSON WP-4535 Series Printer Uninstall

EpsonNet Print

Facebook Video Calling 1.1.1.1

Free Countdown Timer 2.7.2

Google Chrome

Google Drive

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Highlight Viewer (Windows Live Toolbar)

HiJackThis

HitmanPro 3.7

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Driver Diagnostics

InfraRecorder

Internet Explorer (Enable DEP)

iTunes

Java 7 Update 7

Java Auto Updater

Junk Mail filter update

Kits Configuration Installer

Kobo

Lame ACM MP3 Codec

LAME v3.99.3 (for Windows)

Macromedia Dreamweaver MX

Malwarebytes Anti-Malware version 1.70.0.1100

Map Button (Windows Live Toolbar)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Automated Troubleshooting Services Shim

Microsoft Corporation

Microsoft Fix it Center

Microsoft LifeCam

Microsoft Office 2000 Web Archive Add-On

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Word Web Archive Converter

Microsoft Works

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 24.0.1 (x86 en-GB)

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Musicnotes Software Suite 1.7.2

My Dell

Network Guide EPSON WP-4535 Series

Nokia_Multimedia_Common_Components_2_5

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OpenOffice.org 3.3

Paint Shop Pro 7

Picasa 3

PrimoPDF -- brought to you by Nitro PDF Software

QuickTime

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

RealUpgrade 1.1

Samsung Media Studio

SDK Debuggers

Seagate Dashboard 2.0

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition

Segoe UI

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

SigmaTel Audio

Skype Click to Call

Skype™ 6.9

Smart Menus (Windows Live Toolbar)

Sonic Activation Module

Sony Mobile Update Service

Sony PC Companion 2.10.079

Speccy

Spelling Dictionaries Support For Adobe Reader 9

Spotify

Time Saving Excel Solutions

Tweaking.com - Windows Repair (All in One)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition

User's Guide EPSON WP-4535 Series

Windows Installer Clean Up

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Favorites for Windows Live Toolbar

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Software Development Kit

Windows Software Development Kit EULA

WinZip

XAMPP 1.7.7

XviD MPEG-4 Video Codec

.

==== End Of File ===========================

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Many thanks. Here's the RK report:

 

RogueKiller V8.7.3 [Oct 15 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Les_New [Admin rights]

Mode : Scan -- Date : 10/15/2013 20:40:38

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{c6c20914-49ac-17aa-db84-306d9719f7f3}\ \...\???ﯹ

๛\{c6c20914-49ac-17aa-db84-306d9719f7f3}\GoogleUpdate.exe" < [x]) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Leslie\AppData\Local\Temp\IHU698D.tmp.exe [x][x] -> FOUND

[V2][sUSP PATH] Les_New1 : C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe - "C:\Users\Les_New\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Les_New1.nji" [-][-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][Folder] Install : C:\Users\Les_New\AppData\Local\Google\Desktop\Install [-] --> FOUND

[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

[inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3615CD66)

[inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3615CD66)

[inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3615CD66)

[inline] EAT @explorer.exe (??_7CWbemInstance@@6BCClassPartContainer@@@) : fastprox.dll -> HOOKED (Unknown @ 0xEBA98529)

¤¤¤ External Hives: ¤¤¤

-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

127.0.0.1 localhost

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST316081 2AS SCSI Disk Device +++++

--- User ---

[MBR] 70486eebc3406326d051c9c0c7ae891a

[bSP] e4f1a3792e18a93ded96ab613143948a : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10240 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21053440 | Size: 142306 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[0]_S_10152013_204038.txt >>

 

 

 

 

Link to post
Share on other sites

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Not great news, then. I've changed several passwords etc. and have run Farbar. Here are the logs.

Many thanks.

1. FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013

Ran by Les_New (administrator) on LESLIE-PC on 16-10-2013 14:28:33

Running from C:\Users\Les_New\Downloads

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Spotify Ltd) C:\Users\Les_New\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

(Apache Software Foundation) c:\xampp\apache\bin\httpd.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\DellSupport\brkrsvc.exe

(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe

(Microsoft Corporation) C:\Windows\ehome\ehsched.exe

(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE

(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe

() c:\xampp\mysql\bin\mysqld.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(SigmaTel, Inc.) C:\Windows\system32\STacSV.exe

(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe

(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [spotify Web Helper] - C:\Users\Les_New\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-14] (Spotify Ltd)

HKCU\...\Run: [uploader] - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)

HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2013-10-14] (Gteko Ltd.)

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2013-10-14] (Gteko Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8CB7D1A9AC9BCC01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

SearchScopes: HKCU - {4BE808DF-AD68-4E40-8B72-DF3C900B94DF} URL = http://www.flickr.com/search/?q={searchTerms}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={320D8B26-F38B-41C8-8180-EB65C1073572}&mid=a66084cf20d047d0a054d153e6eac8aa-b7cab49dc14eb2e74a3cb679b88c08492534e892〈=en&ds=gl011&pr=sa&d=2012-08-25 17:25:36&v=12.2.0.5&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {981785BD-5F3E-4470-8FCF-61288EBE2823} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-ie8

BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Les_New\AppData\Roaming\Mozilla\Firefox\Profiles\7a39l92k.default

FF NewTab: about:blank

FF SelectedSearchEngine: Wikipedia (en)

FF Homepage: https://twitter.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF Plugin: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)

FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @Sibelius.com/Scorch Plugin - C:\Program Files\Musicnotes\npsibelius.dll ()

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

FF Extension: . - C:\Users\Les_New\AppData\Roaming\Mozilla\Firefox\Profiles\7a39l92k.default\Extensions\{26697A73-cb38-cf2d-bf33-5a1b0c031a46}

FF Extension: DownloadHelper - C:\Users\Les_New\AppData\Roaming\Mozilla\Firefox\Profiles\7a39l92k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF Extension: DownloadHelper - C:\Users\Les_New\AppData\Roaming\Mozilla\Firefox\Profiles\7a39l92k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(43)

FF Extension: firebug - C:\Users\Les_New\AppData\Roaming\Mozilla\Firefox\Profiles\7a39l92k.default\Extensions\firebug@software.joehewitt.com.xpi

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: mcciwbch - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF HKCU\...\Firefox\Extensions: [{F4A7B302-E187-11E1-8270-B8AC6F996F26}] - C:\Users\Les_New\AppData\Local\{F4A7B302-E187-11E1-8270-B8AC6F996F26}\

FF Extension: Mozilla Safe Browsing - C:\Users\Les_New\AppData\Local\{F4A7B302-E187-11E1-8270-B8AC6F996F26}\

Chrome:

=======

CHR Extension: (Google Docs) - C:\Users\Les_New\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Les_New\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1

CHR Extension: (YouTube) - C:\Users\Les_New\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Google Search) - C:\Users\Les_New\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (RealDownloader) - C:\Users\Les_New\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_1

CHR Extension: (Skype Click to Call) - C:\Users\Les_New\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_1

CHR Extension: (cwwogwaoa) - C:\Users\Les_New\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdgkfajodaliacghnafobjnclblcfmlm\1.0_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Les_New\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1

CHR Extension: (Gmail) - C:\Users\Les_New\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

========================== Services (Whitelisted) =================

R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [571392 2013-10-15] (Apache Software Foundation)

R2 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [623616 2013-10-14] ()

R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [678400 2013-10-15] (SEIKO EPSON CORPORATION)

S2 gupdate1c90d02e9defad0; C:\Program Files\Google\Update\GoogleUpdate.exe [680448 2013-10-14] (Google Inc.)

R2 mysql; c:\xampp\mysql\bin\my.ini [5396 2012-05-25] ()

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [586240 2013-10-15] ()

S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

R2 Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)

R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3819520 2013-10-15] (Skype Technologies S.A.)

S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)

R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-05-06] (SigmaTel, Inc.)

S3 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]

S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [x]

==================== Drivers (Whitelisted) ====================

S3 BTUsbrXP®; C:\Windows\System32\DRIVERS\btusbrxp.sys [93056 2003-01-21] (Askey Computer)

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)

S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)

R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)

S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-22] (HP)

S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-22] (HP)

S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)

S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [21504 2011-10-07] (http://libusb-win32.sourceforge.net)

S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))

S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)

S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)

S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)

S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)

S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)

R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-05-06] (SigmaTel, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]

S1 qfqdwqgg; \??\C:\Windows\system32\drivers\qfqdwqgg.sys [x]

S3 yeddef; System32\Drivers\yeddef.sys [x]

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2013-10-16 14:28 - 2013-10-16 14:28 - 00000000 ____D C:\FRST

2013-10-16 14:27 - 2013-10-16 14:27 - 01087213 _____ (Farbar) C:\Users\Les_New\Downloads\FRST.exe

2013-10-15 20:41 - 2013-10-15 22:01 - 00000003 _____ C:\i30.nls

2013-10-15 20:40 - 2013-10-15 20:40 - 00003898 _____ C:\Users\Les_New\Desktop\RKreport[0]_S_10152013_204038.txt

2013-10-15 20:36 - 2013-10-15 20:44 - 00000000 ____D C:\Users\Les_New\Desktop\RK_Quarantine

2013-10-15 20:35 - 2013-10-15 20:33 - 00951296 _____ C:\Users\Les_New\Desktop\RogueKiller.exe

2013-10-15 20:34 - 2013-10-15 20:34 - 00951296 _____ C:\Users\Les_New\Downloads\RogueKiller (1).exe

2013-10-15 20:33 - 2013-10-15 20:33 - 00951296 _____ C:\Users\Les_New\Downloads\RogueKiller.exe

2013-10-15 14:35 - 2013-10-15 15:11 - 00000878 _____ C:\Users\Les_New\AppData\Local\wsr30zt32.dll

2013-10-15 13:20 - 2013-10-15 13:20 - 00010474 _____ C:\Users\Les_New\Desktop\attach.txt

2013-10-15 13:20 - 2013-10-15 13:20 - 00000510 _____ C:\Windows\WORDPAD.INI

2013-10-15 13:20 - 2013-10-15 13:19 - 00015638 _____ C:\Users\Les_New\Desktop\dds.txt

2013-10-15 13:17 - 2013-10-15 13:16 - 00688992 ____R (Swearware) C:\Users\Les_New\Desktop\dds.scr

2013-10-15 13:16 - 2013-10-15 13:16 - 00688992 _____ (Swearware) C:\Users\Les_New\Downloads\dds.scr

2013-10-15 12:15 - 2013-10-15 20:26 - 00000003 _____ C:\orm30.nls

2013-10-15 11:51 - 2013-10-15 11:51 - 04101172 _____ C:\Users\Les_New\Downloads\tdsskiller.zip

2013-10-15 11:34 - 2013-10-16 14:10 - 00887050 _____ C:\Users\Les_New\AppData\Local\dfl30z32.dll

2013-10-15 09:55 - 2013-10-15 09:55 - 00027058 _____ C:\ComboFix.txt

2013-10-15 09:14 - 2013-10-15 09:24 - 00000003 _____ C:\r30.nls

2013-10-15 08:15 - 2013-10-15 08:50 - 00000003 _____ C:\ckup30.nls

2013-10-15 08:10 - 2013-10-15 08:10 - 11233112 _____ (Microsoft Corporation) C:\Users\Les_New\Downloads\mseinstall (1).exe

2013-10-14 17:54 - 2013-10-14 23:14 - 00000003 _____ C:\s30.nls

2013-10-14 17:52 - 2013-10-16 13:54 - 00000003 _____ C:\Users\Les_New\AppData\Local\cecfdiac30.nls

2013-10-14 11:28 - 2013-10-14 11:28 - 00000000 ____D C:\Users\Les_New\Documents\New Folder

2013-10-13 18:02 - 2013-10-13 18:02 - 00955240 _____ C:\Users\Les_New\Downloads\the-snow-child.pptx

2013-10-13 07:55 - 2013-10-14 18:27 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-10-10 13:05 - 2013-10-10 13:05 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-10-10 13:05 - 2013-10-10 13:05 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-10-10 11:11 - 2013-10-10 11:11 - 00002289 _____ C:\Users\Les_New\Downloads\CSSgirl-fullwidth-headerfooter-2012.zip

2013-10-09 19:48 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-09 19:48 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-09 19:48 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-09 19:48 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-10-09 19:48 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-09 19:48 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-09 19:48 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-09 19:48 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-09 19:48 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-10-09 19:48 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-09 19:48 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-10-09 19:48 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-09 19:48 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-09 19:48 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-09 19:48 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-09 19:48 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-09 17:33 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 17:33 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2013-10-09 17:33 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2013-10-09 17:33 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2013-10-09 17:33 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2013-10-09 17:33 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2013-10-09 17:33 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2013-10-09 17:33 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2013-10-09 17:33 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-10-09 17:33 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2013-10-09 17:33 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 17:33 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2013-10-09 17:33 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 17:33 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-09 17:33 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-09 17:33 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-09 17:33 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-09 17:33 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-09 17:32 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-09 17:32 - 2013-07-12 10:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2013-10-09 17:32 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 17:32 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-09 17:32 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 17:32 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 17:32 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 17:32 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 17:32 - 2011-05-05 14:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-10-09 09:59 - 2013-10-09 09:59 - 00355074 _____ C:\Users\Les_New\Downloads\Google one-page SEO Guide

2013-10-08 10:29 - 2013-10-08 10:29 - 00019723 _____ C:\Users\Les_New\Downloads\rainismysunshine_iamthecrayonmaster.zip

2013-10-07 14:26 - 2013-10-07 14:26 - 00001666 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-10-07 14:24 - 2013-10-14 18:39 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-10-06 13:17 - 2013-10-06 13:17 - 02081792 _____ C:\Users\Les_New\Downloads\properties-of-polymers (1).ppt

2013-10-06 13:16 - 2013-10-06 13:16 - 02087424 _____ C:\Users\Les_New\Downloads\properties-of-polymers.ppt

2013-09-28 23:01 - 2013-10-15 09:46 - 00004736 _____ C:\Windows\PFRO.log

2013-09-23 22:11 - 2013-09-23 22:11 - 00000000 ____D C:\Users\Public\Gaelle scans

2013-09-23 22:09 - 2013-09-23 22:09 - 00000000 ____D C:\Users\Public\Documents\Gaelle scans

2013-09-22 22:21 - 2013-09-22 22:21 - 23479624 _____ C:\Users\Les_New\Downloads\mp140swin106ea24.exe

2013-09-19 17:01 - 2013-09-19 17:01 - 00303008 _____ C:\Users\Les_New\Downloads\BTBBDesktopHelpInstall.exe

2013-09-19 08:57 - 2013-09-19 08:57 - 00001855 _____ C:\Users\Les_New\Desktop\Laptop Documents.lnk

2013-09-18 22:00 - 2013-09-18 22:00 - 00001135 _____ C:\Users\Public\Desktop\BT Desktop Help.lnk

2013-09-18 17:55 - 2013-09-18 17:55 - 00001547 _____ C:\Users\Les_New\Desktop\Google Drive.lnk

2013-09-18 17:55 - 2013-09-18 17:55 - 00000000 ___RD C:\Users\Les_New\Google Drive

2013-09-18 13:52 - 2013-09-18 13:52 - 00000000 ____D C:\Users\Les_New\AppData\Roaming\Avery

2013-09-18 13:51 - 2013-09-18 13:51 - 00001993 _____ C:\Users\Public\Desktop\DesignPro 5.lnk

2013-09-18 13:46 - 2013-09-18 13:46 - 11111968 _____ (Avery Dennison Corp. ) C:\Users\Les_New\Downloads\GB_en_DP5_DL_20100525.exe

2013-09-18 09:01 - 2013-09-18 09:01 - 00000000 ____D C:\Users\Les_New\AppData\Roaming\RealNetworks

2013-09-18 09:00 - 2013-09-18 09:00 - 00000847 _____ C:\Users\Public\Desktop\RealPlayer.lnk

2013-09-18 09:00 - 2013-09-18 09:00 - 00000000 ____D C:\ProgramData\RealNetworks

2013-09-18 09:00 - 2013-09-18 09:00 - 00000000 ____D C:\Program Files\RealNetworks

2013-09-18 09:00 - 2013-09-18 09:00 - 00000000 ____D C:\Program Files\Common Files\xing shared

2013-09-18 08:59 - 2013-09-18 08:59 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll

2013-09-18 08:59 - 2013-09-18 08:59 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll

2013-09-18 08:59 - 2013-09-18 08:59 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll

==================== One Month Modified Files and Folders =======

2013-10-16 14:28 - 2013-10-16 14:28 - 00000000 ____D C:\FRST

2013-10-16 14:27 - 2013-10-16 14:27 - 01087213 _____ (Farbar) C:\Users\Les_New\Downloads\FRST.exe

2013-10-16 14:25 - 2008-03-09 11:35 - 00000418 ____H C:\Windows\Tasks\User_Feed_Synchronization-{4410D2A5-866D-4E21-BE58-E2C137396A8C}.job

2013-10-16 14:25 - 2007-11-07 18:02 - 00000416 ____H C:\Windows\Tasks\User_Feed_Synchronization-{ED38B297-A111-4C4A-9A18-3554545F5267}.job

2013-10-16 14:15 - 2012-03-30 18:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-16 14:10 - 2013-10-15 11:34 - 00887050 _____ C:\Users\Les_New\AppData\Local\dfl30z32.dll

2013-10-16 14:05 - 2009-07-01 08:22 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-16 13:54 - 2013-10-14 17:52 - 00000003 _____ C:\Users\Les_New\AppData\Local\cecfdiac30.nls

2013-10-16 13:05 - 2009-07-01 08:22 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-16 12:51 - 2006-11-02 13:47 - 00003696 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-16 12:51 - 2006-11-02 13:47 - 00003696 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-16 11:22 - 2006-11-02 11:33 - 00780794 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-16 11:01 - 2011-11-09 18:32 - 00000000 ____D C:\Users\Les_New\Documents\Lewis

2013-10-16 11:00 - 2011-11-05 15:28 - 00000000 ____D C:\Users\Les_New\Documents\Acting

2013-10-16 10:57 - 2011-11-05 15:28 - 00000000 ____D C:\Users\Les_New\Documents\Miscellaneous

2013-10-16 10:27 - 2011-11-05 15:27 - 00000000 ____D C:\Users\Les_New\Documents\Home

2013-10-16 06:51 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-16 06:51 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-10-15 22:45 - 2006-11-02 14:01 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-15 22:02 - 2011-12-10 13:03 - 00000000 ____D C:\Users\Les_New\AppData\Roaming\Skype

2013-10-15 22:01 - 2013-10-15 20:41 - 00000003 _____ C:\i30.nls

2013-10-15 20:44 - 2013-10-15 20:36 - 00000000 ____D C:\Users\Les_New\Desktop\RK_Quarantine

2013-10-15 20:40 - 2013-10-15 20:40 - 00003898 _____ C:\Users\Les_New\Desktop\RKreport[0]_S_10152013_204038.txt

2013-10-15 20:34 - 2013-10-15 20:34 - 00951296 _____ C:\Users\Les_New\Downloads\RogueKiller (1).exe

2013-10-15 20:33 - 2013-10-15 20:35 - 00951296 _____ C:\Users\Les_New\Desktop\RogueKiller.exe

2013-10-15 20:33 - 2013-10-15 20:33 - 00951296 _____ C:\Users\Les_New\Downloads\RogueKiller.exe

2013-10-15 20:26 - 2013-10-15 12:15 - 00000003 _____ C:\orm30.nls

2013-10-15 20:26 - 2013-03-07 23:26 - 00002531 _____ C:\Users\Public\Desktop\Seagate Dashboard 2.0.lnk

2013-10-15 15:11 - 2013-10-15 14:35 - 00000878 _____ C:\Users\Les_New\AppData\Local\wsr30zt32.dll

2013-10-15 15:11 - 2013-09-02 23:55 - 01480230 _____ C:\Windows\WindowsUpdate.log

2013-10-15 13:33 - 2006-11-02 09:48 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe

2013-10-15 13:20 - 2013-10-15 13:20 - 00010474 _____ C:\Users\Les_New\Desktop\attach.txt

2013-10-15 13:20 - 2013-10-15 13:20 - 00000510 _____ C:\Windows\WORDPAD.INI

2013-10-15 13:19 - 2013-10-15 13:20 - 00015638 _____ C:\Users\Les_New\Desktop\dds.txt

2013-10-15 13:16 - 2013-10-15 13:17 - 00688992 ____R (Swearware) C:\Users\Les_New\Desktop\dds.scr

2013-10-15 13:16 - 2013-10-15 13:16 - 00688992 _____ (Swearware) C:\Users\Les_New\Downloads\dds.scr

2013-10-15 12:56 - 2011-10-05 09:32 - 00002115 _____ C:\Windows\epplauncher.mif

2013-10-15 11:51 - 2013-10-15 11:51 - 04101172 _____ C:\Users\Les_New\Downloads\tdsskiller.zip

2013-10-15 10:35 - 2008-09-07 18:54 - 00000000 ____D C:\Program Files\Common Files\Motive

2013-10-15 10:21 - 2009-09-29 16:56 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe

2013-10-15 10:09 - 2009-09-29 16:56 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\dfsr.exe

2013-10-15 10:00 - 2011-05-04 18:28 - 00000000 ____D C:\Program Files\Microsoft LifeCam

2013-10-15 09:58 - 2008-09-24 11:28 - 00872960 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe

2013-10-15 09:56 - 2012-11-22 10:11 - 00000000 ____D C:\Users\Les_New\AppData\Local\Apps\2.0

2013-10-15 09:56 - 2012-08-12 11:33 - 00000000 ____D C:\Qoobox

2013-10-15 09:55 - 2013-10-15 09:55 - 00027058 _____ C:\ComboFix.txt

2013-10-15 09:55 - 2009-09-29 16:56 - 01607680 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe

2013-10-15 09:55 - 2008-09-24 11:26 - 00659456 _____ (Microsoft Corporation) C:\Windows\system32\msdtc.exe

2013-10-15 09:55 - 2006-11-02 09:58 - 00565760 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe

2013-10-15 09:55 - 2006-11-02 09:50 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\Locator.exe

2013-10-15 09:47 - 2013-09-02 10:07 - 00000000 ____D C:\Program Files\Bonjour

2013-10-15 09:47 - 2008-09-24 11:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\alg.exe

2013-10-15 09:47 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini

2013-10-15 09:47 - 2006-11-02 09:50 - 00560128 _____ (Microsoft Corporation) C:\Windows\system32\dllhost.exe

2013-10-15 09:46 - 2013-09-28 23:01 - 00004736 _____ C:\Windows\PFRO.log

2013-10-15 09:46 - 2012-08-12 11:33 - 00000000 ____D C:\Windows\erdnt

2013-10-15 09:46 - 2006-11-02 11:22 - 62914560 _____ C:\Windows\system32\config\software.bak

2013-10-15 09:46 - 2006-11-02 11:22 - 43778048 _____ C:\Windows\system32\config\system.bak

2013-10-15 09:46 - 2006-11-02 11:22 - 42467328 _____ C:\Windows\system32\config\COMPON~3.bak

2013-10-15 09:46 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default.bak

2013-10-15 09:46 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security.bak

2013-10-15 09:46 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam.bak

2013-10-15 09:24 - 2013-10-15 09:14 - 00000003 _____ C:\r30.nls

2013-10-15 09:24 - 2013-09-01 22:00 - 05133109 ____R (Swearware) C:\Users\Les_New\Desktop\ComboFix.exe

2013-10-15 08:52 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration

2013-10-15 08:51 - 2008-09-30 12:05 - 00000000 ____D C:\Windows\Downloaded Installations

2013-10-15 08:50 - 2013-10-15 08:15 - 00000003 _____ C:\ckup30.nls

2013-10-15 08:10 - 2013-10-15 08:10 - 11233112 _____ (Microsoft Corporation) C:\Users\Les_New\Downloads\mseinstall (1).exe

2013-10-14 23:14 - 2013-10-14 17:54 - 00000003 _____ C:\s30.nls

2013-10-14 22:37 - 2012-10-19 21:57 - 00000000 ____D C:\Users\Les_New\AppData\Roaming\Spotify

2013-10-14 18:46 - 2001-06-09 00:32 - 00000000 ____D C:\SBPCI

2013-10-14 18:42 - 2007-04-06 12:44 - 00859648 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe

2013-10-14 18:39 - 2013-10-07 14:24 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-10-14 18:39 - 2009-05-07 17:03 - 00000000 ____D C:\Program Files\XviD

2013-10-14 18:39 - 2007-03-31 17:07 - 00000000 ____D C:\Program Files\winzip

2013-10-14 18:39 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-10-14 18:39 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery

2013-10-14 18:38 - 2009-04-27 09:25 - 00000000 ____D C:\Program Files\Windows Installer Clean Up

2013-10-14 18:38 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal

2013-10-14 18:38 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender

2013-10-14 18:38 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Collaboration

2013-10-14 18:37 - 2011-02-13 01:25 - 00000000 ____D C:\Program Files\Speccy

2013-10-14 18:37 - 2010-03-15 13:46 - 00000000 ____D C:\Program Files\Web Archive

2013-10-14 18:37 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Calendar

2013-10-14 18:32 - 2013-05-23 12:14 - 00000000 ____D C:\Program Files\QuickTime

2013-10-14 18:27 - 2013-10-13 07:55 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-10-14 18:27 - 2013-08-04 18:45 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-14 18:27 - 2013-05-22 02:26 - 00000000 ____D C:\Program Files\My Dell

2013-10-14 18:26 - 2008-10-20 20:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-14 18:26 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Movie Maker

2013-10-14 18:24 - 2010-04-19 16:50 - 00000000 ____D C:\Program Files\Microsoft Fix it Center

2013-10-14 18:23 - 2011-10-04 14:39 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-14 18:19 - 2013-08-07 14:01 - 00000000 ____D C:\Program Files\Lame For Audacity

2013-10-14 18:19 - 2011-09-16 16:05 - 00000000 ____D C:\Program Files\Kobo

2013-10-14 18:06 - 2013-09-01 20:41 - 00000000 ____D C:\Program Files\HitmanPro

2013-10-14 18:06 - 2012-09-04 08:02 - 00000000 ____D C:\Program Files\iTunes

2013-10-14 18:06 - 2011-09-23 15:24 - 00000000 ____D C:\Program Files\InfraRecorder

2013-10-14 18:06 - 2011-09-14 22:23 - 00000000 ____D C:\Program Files\iLivid

2013-10-14 18:00 - 2011-05-25 09:08 - 00000000 ____D C:\Program Files\Dell Support Center

2013-10-14 18:00 - 2011-01-15 01:46 - 00000000 ____D C:\Program Files\Defraggler

2013-10-14 18:00 - 2007-03-27 02:29 - 00000000 ____D C:\Program Files\DellSupport

2013-10-14 17:54 - 2011-01-09 09:42 - 00000000 ____D C:\Program Files\CCleaner

2013-10-14 17:47 - 2001-06-15 00:03 - 00000000 ____D C:\IDriver

2013-10-14 17:46 - 2002-01-17 20:27 - 00000000 ____D C:\BTSpeedwayPCI

2013-10-14 17:46 - 2001-06-17 13:01 - 00000000 ____D C:\BRME

2013-10-14 17:45 - 2012-05-25 09:56 - 00000000 ____D C:\xampp

2013-10-14 17:44 - 2013-08-07 12:38 - 00000000 ____D C:\Program Files\Audacity

2013-10-14 17:43 - 2012-04-26 18:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-14 14:48 - 2011-11-07 11:48 - 00000000 ____D C:\Users\Les_New\AppData\Roaming\PrimoPDF

2013-10-14 11:58 - 2012-10-19 21:57 - 00000000 ____D C:\Users\Les_New\AppData\Local\Spotify

2013-10-14 11:28 - 2013-10-14 11:28 - 00000000 ____D C:\Users\Les_New\Documents\New Folder

2013-10-14 11:28 - 2011-11-05 15:22 - 00000000 ____D C:\Users\Les_New\Documents\Business

2013-10-13 18:02 - 2013-10-13 18:02 - 00955240 _____ C:\Users\Les_New\Downloads\the-snow-child.pptx

2013-10-12 11:45 - 2011-11-05 15:30 - 00000000 ____D C:\Users\Les_New\Documents\Tessa

2013-10-10 20:19 - 2012-01-19 10:34 - 00000013 _____ C:\Windows\system32\WinSys32.crc

2013-10-10 13:34 - 2011-12-10 14:09 - 00000000 ___RD C:\Program Files\Skype

2013-10-10 13:34 - 2009-08-02 19:38 - 00000000 ____D C:\ProgramData\Skype

2013-10-10 13:05 - 2013-10-10 13:05 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-10-10 13:05 - 2013-10-10 13:05 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-10-10 11:11 - 2013-10-10 11:11 - 00002289 _____ C:\Users\Les_New\Downloads\CSSgirl-fullwidth-headerfooter-2012.zip

2013-10-10 10:52 - 2011-11-05 15:29 - 00000000 ____D C:\Users\Les_New\Documents\My Websites

2013-10-10 09:27 - 2011-11-19 17:46 - 00000000 ____D C:\Users\Les_New\AppData\Roaming\CoffeeCup Software

2013-10-09 23:34 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-09 23:24 - 2006-11-02 13:47 - 00603712 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-09 20:06 - 2013-01-25 15:22 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-09 20:01 - 2013-08-04 11:36 - 00000000 ____D C:\Windows\system32\MRT

2013-10-09 19:57 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-10-09 17:15 - 2012-03-30 18:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-09 17:15 - 2011-10-25 19:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 09:59 - 2013-10-09 09:59 - 00355074 _____ C:\Users\Les_New\Downloads\Google one-page SEO Guide

2013-10-08 17:01 - 2011-11-05 15:25 - 00000000 ____D C:\Users\Les_New\Documents\Consulting topics

2013-10-08 15:35 - 2011-11-07 11:49 - 00000000 ____D C:\Users\Les_New\AppData\Local\Adobe

2013-10-08 15:34 - 2007-03-27 02:32 - 00000000 ____D C:\ProgramData\Google

2013-10-08 15:34 - 2007-03-27 02:32 - 00000000 ____D C:\Program Files\Google

2013-10-08 11:14 - 2011-11-05 15:28 - 00000000 ____D C:\Users\Les_New\Documents\Hemsley Fraser

2013-10-08 11:14 - 2011-11-05 15:13 - 00187424 _____ C:\Users\Les_New\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-08 10:29 - 2013-10-08 10:29 - 00019723 _____ C:\Users\Les_New\Downloads\rainismysunshine_iamthecrayonmaster.zip

2013-10-07 14:26 - 2013-10-07 14:26 - 00001666 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-10-07 14:24 - 2012-09-04 08:02 - 00000000 ____D C:\Program Files\iPod

2013-10-06 13:17 - 2013-10-06 13:17 - 02081792 _____ C:\Users\Les_New\Downloads\properties-of-polymers (1).ppt

2013-10-06 13:16 - 2013-10-06 13:16 - 02087424 _____ C:\Users\Les_New\Downloads\properties-of-polymers.ppt

2013-10-04 14:29 - 2011-11-05 15:27 - 00000000 ____D C:\Users\Les_New\Documents\Financial

2013-10-04 14:18 - 2011-11-05 15:30 - 00000000 ____D C:\Users\Les_New\Documents\WordSkill

2013-10-02 08:25 - 2011-11-04 22:47 - 00000000 ____D C:\Users\Les_New

2013-09-30 20:50 - 2013-09-11 09:05 - 00000000 ____D C:\Users\Les_New\Documents\BRICS Economies

2013-09-25 10:20 - 2013-08-18 08:33 - 00000000 ____D C:\Users\Les_New\Documents\PhD thesis

2013-09-23 22:11 - 2013-09-23 22:11 - 00000000 ____D C:\Users\Public\Gaelle scans

2013-09-23 22:11 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public

2013-09-23 22:09 - 2013-09-23 22:09 - 00000000 ____D C:\Users\Public\Documents\Gaelle scans

2013-09-23 16:02 - 2011-11-05 15:27 - 00000000 ____D C:\Users\Les_New\Documents\Food and cooking

2013-09-22 22:21 - 2013-09-22 22:21 - 23479624 _____ C:\Users\Les_New\Downloads\mp140swin106ea24.exe

2013-09-22 11:29 - 2013-10-09 19:48 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-22 11:22 - 2013-10-09 19:48 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-22 11:22 - 2013-10-09 19:48 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-22 11:14 - 2013-10-09 19:48 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-09-22 11:13 - 2013-10-09 19:48 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-22 11:13 - 2013-10-09 19:48 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-22 11:12 - 2013-10-09 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-09-22 11:09 - 2013-10-09 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-22 11:08 - 2013-10-09 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-09-22 11:07 - 2013-10-09 19:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-22 11:06 - 2013-10-09 19:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-09-22 11:05 - 2013-10-09 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-22 11:03 - 2013-10-09 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-22 11:03 - 2013-10-09 19:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-22 11:03 - 2013-10-09 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-09-22 10:59 - 2013-10-09 19:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-21 16:28 - 2010-12-11 14:10 - 00000000 ____D C:\ProgramData\PCDr

2013-09-19 17:01 - 2013-09-19 17:01 - 00303008 _____ C:\Users\Les_New\Downloads\BTBBDesktopHelpInstall.exe

2013-09-19 15:32 - 2011-11-05 15:30 - 00000000 ____D C:\Users\Les_New\Documents\School

2013-09-19 08:57 - 2013-09-19 08:57 - 00001855 _____ C:\Users\Les_New\Desktop\Laptop Documents.lnk

2013-09-18 22:00 - 2013-09-18 22:00 - 00001135 _____ C:\Users\Public\Desktop\BT Desktop Help.lnk

2013-09-18 17:55 - 2013-09-18 17:55 - 00001547 _____ C:\Users\Les_New\Desktop\Google Drive.lnk

2013-09-18 17:55 - 2013-09-18 17:55 - 00000000 ___RD C:\Users\Les_New\Google Drive

2013-09-18 17:53 - 2011-11-06 20:35 - 00000000 ____D C:\Users\Les_New\AppData\Local\Google

2013-09-18 16:37 - 2011-11-05 15:22 - 00000000 ____D C:\Users\Les_New\Documents\Carys

2013-09-18 13:57 - 2009-04-29 09:26 - 00000000 ____D C:\Program Files\Avery Dennison

2013-09-18 13:57 - 2007-03-27 02:21 - 00000000 ____D C:\Program Files\InstallShield Installation Information

2013-09-18 13:52 - 2013-09-18 13:52 - 00000000 ____D C:\Users\Les_New\AppData\Roaming\Avery

2013-09-18 13:51 - 2013-09-18 13:51 - 00001993 _____ C:\Users\Public\Desktop\DesignPro 5.lnk

2013-09-18 13:51 - 2008-09-30 12:07 - 00000000 ____D C:\ProgramData\Avery

2013-09-18 13:46 - 2013-09-18 13:46 - 11111968 _____ (Avery Dennison Corp. ) C:\Users\Les_New\Downloads\GB_en_DP5_DL_20100525.exe

2013-09-18 09:01 - 2013-09-18 09:01 - 00000000 ____D C:\Users\Les_New\AppData\Roaming\RealNetworks

2013-09-18 09:01 - 2009-11-20 22:42 - 00000000 ____D C:\ProgramData\Real

2013-09-18 09:00 - 2013-09-18 09:00 - 00000847 _____ C:\Users\Public\Desktop\RealPlayer.lnk

2013-09-18 09:00 - 2013-09-18 09:00 - 00000000 ____D C:\ProgramData\RealNetworks

2013-09-18 09:00 - 2013-09-18 09:00 - 00000000 ____D C:\Program Files\RealNetworks

2013-09-18 09:00 - 2013-09-18 09:00 - 00000000 ____D C:\Program Files\Common Files\xing shared

2013-09-18 09:00 - 2012-03-23 09:04 - 00000000 ____D C:\Users\Les_New\AppData\Roaming\Real

2013-09-18 09:00 - 2007-03-31 17:05 - 00000000 ____D C:\Program Files\real

2013-09-18 08:59 - 2013-09-18 08:59 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll

2013-09-18 08:59 - 2013-09-18 08:59 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll

2013-09-18 08:59 - 2013-09-18 08:59 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll

2013-09-18 08:59 - 2003-03-18 20:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll

2013-09-18 08:59 - 2003-02-21 04:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll

Files to move or delete:

====================

ZeroAccess:

C:\Users\Les_New\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\Program Files\Google\Desktop\Install

C:\Users\Les_New\jagex_cl_loginapplet_LIVE.dat

C:\Users\Les_New\jagex_cl_runescape_LIVE.dat

C:\Users\Les_New\random.dat

C:\Users\Public\MyWebTattoo.exe

 

Some content of TEMP:

====================

C:\Users\Les_New\AppData\Local\temp\ntdll_dump.dll

C:\Users\Les_New\AppData\Local\temp\TDSSKiller.exe

 

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

LastRegBack: 2013-10-16 07:05

==================== End Of Log ============================

Link to post
Share on other sites

2. Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013

Ran by Les_New at 2013-10-16 14:29:49

Running from C:\Users\Les_New\Downloads

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Add-In Information Lister

Adobe AIR (Version: 3.7.0.1860)

Adobe Digital Editions

Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (Version: 11.9.900.117)

Adobe Reader X (10.1.8) (Version: 10.1.8)

Apple Application Support (Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (Version: 2.1.3.127)

Application Verifier x86 External Package (Version: 8.59.8400)

Audacity 2.0.3 (Version: 2.0.3)

Bonjour (Version: 3.0.0.10)

BT Desktop Help

BT Yahoo! Applications

Canon MP140 series User Registration

Canon Utilities Easy-LayoutPrint

Canon Utilities Easy-PhotoPrint

CCleaner (Version: 4.04)

CoffeeCup HTML Editor

CoffeeCup Image Mapper

CoffeeCup StyleSheet Maker

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

Corel Paint Shop Pro Photo XI (Version: 11.003.0000)

Corel Snapfire Plus (Version: 1.003.0000)

D3DX10 (Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Defraggler (Version: 2.15)

Dell System Customization Wizard (Version: 1.00.0000)

Dell System Detect (HKCU Version: 3.3.2.0)

DellSupport (Version: 6.0.3030)

DesignPro 5 (Version: 5.5.708)

DHTML Editing Component (Version: 6.02.0001)

Epson Download Navigator (Version: 1.0.0)

Epson Event Manager (Version: 2.50.0000)

Epson FAX Utility (Version: 1.20.00)

Epson PC-FAX Driver

EPSON Scan

EPSON TWAIN 5 (Version: 5.71.0000)

EPSON WP-4535 Series Printer Uninstall

EpsonNet Print (Version: 2.4j)

Facebook Video Calling 1.1.1.1 (Version: 1.1.1)

Free Countdown Timer 2.7.2 (Version: 2.7)

Google Chrome (Version: 30.0.1599.101)

Google Drive (Version: 1.12.5329.1887)

Google Earth (Version: 7.1.1.1888)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.5.4601.54)

Google Update Helper (Version: 1.3.21.165)

Google Updater (Version: 2.4.1536.6592)

Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146)

HiJackThis (Version: 1.0.0)

HitmanPro 3.7 (Version: 3.7.7.205)

HP Driver Diagnostics (Version: 1.02.0008)

InfraRecorder

Internet Explorer (Enable DEP)

iTunes (Version: 11.1.1.11)

Java 7 Update 7 (Version: 7.0.70)

Java Auto Updater (Version: 2.1.9.0)

Junk Mail filter update (Version: 15.4.3502.0922)

Kits Configuration Installer (Version: 8.59.8400)

Kobo (Version: 3.2.3)

Lame ACM MP3 Codec

LAME v3.99.3 (for Windows)

Macromedia Dreamweaver MX (Version: 6.0)

Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)

Map Button (Windows Live Toolbar) (Version: 03.01.0146)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Automated Troubleshooting Services Shim

Microsoft Corporation (Version: 9.1.0.0)

Microsoft Fix it Center (Version: 1.0.0100)

Microsoft LifeCam (Version: 3.22.270.0)

Microsoft Office 2000 Web Archive Add-On (Version: 1.0.0.0)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Search Enhancement Pack (Version: 3.0.133.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Word Web Archive Converter (Version: 2000.3.22.0)

Microsoft Works (Version: 08.05.0818)

Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)

Mozilla Maintenance Service (Version: 24.0.1)

Mozilla Thunderbird 24.0.1 (x86 en-GB) (Version: 24.0.1)

MSVC80_x86_v2 (Version: 1.0.3.0)

MSVC90_x86 (Version: 1.0.1.2)

MSVCRT (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Musicnotes Software Suite 1.7.2 (Version: 1.7.2)

My Dell (Version: 3.4.6308.28)

Network Guide EPSON WP-4535 Series

Nokia_Multimedia_Common_Components_2_5 (Version: 2.7.69)

NVIDIA Drivers

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)

OpenOffice.org 3.3 (Version: 3.3.9567)

Paint Shop Pro 7 (Version: 7.0.0.0000)

Picasa 3 (Version: 3.9)

PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)

QuickTime (Version: 7.74.80.86)

RealDownloader (Version: 1.3.3)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)

RealPlayer (Version: 16.0.3)

RealUpgrade 1.1 (Version: 1.1.0)

Samsung Media Studio (Version: 5)

SDK Debuggers (Version: 8.59.8400)

Seagate Dashboard 2.0 (Version: 2.2.29.0)

Segoe UI (Version: 15.4.2271.0615)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

SigmaTel Audio (Version: 5.10.5102.0)

Skype Click to Call (Version: 6.12.13601)

Skype™ 6.9 (Version: 6.9.106)

Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)

Sonic Activation Module (Version: 1.0)

Sony Mobile Update Service (Version: 2.12.8.23)

Sony PC Companion 2.10.079 (Version: 2.10.079)

Speccy (Version: 1.08)

Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)

Spotify (HKCU Version: 0.9.4.178.g259772ba)

Time Saving Excel Solutions

Tweaking.com - Windows Repair (All in One) (Version: 1.9.15)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition

User's Guide EPSON WP-4535 Series

Windows Installer Clean Up (Version: 3.00.00.0000)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live Family Safety (Version: 15.4.3555.0308)

Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live Sync (Version: 14.0.8064.206)

Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Software Development Kit (Version: 8.59.8400)

Windows Software Development Kit EULA (Version: 8.59.8400)

WinZip (Version: 9.0 SR-1 (6224))

XAMPP 1.7.7

XviD MPEG-4 Video Codec (Version: XviD-1.0.3-20122004)

==================== Restore Points =========================

28-09-2013 22:46:26 Scheduled Checkpoint

30-09-2013 06:35:37 Windows Update

02-10-2013 18:57:41 Scheduled Checkpoint

04-10-2013 07:06:55 Windows Update

08-10-2013 07:34:04 Windows Update

09-10-2013 18:31:16 Windows Update

13-10-2013 22:01:53 Scheduled Checkpoint

14-10-2013 05:31:08 Windows Update

==================== Hosts content: ==========================

2006-11-02 11:23 - 2013-10-15 09:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00C42C78-7409-45B6-AA56-B3A3E726CEE8} - \99fc20c No Task File

Task: {05D0AFBA-E5BF-4192-A1EA-86A66754B39E} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe

Task: {0901C2C0-EB7C-4174-9D83-B082F49F4023} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {168F452F-2817-49D7-94DD-29817FCC612A} - \e7e84314 No Task File

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {1E60947F-1E0E-43B6-8667-6D6C2565625D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2155982950-3057843811-3124903850-1007 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-10-14] (RealNetworks, Inc.)

Task: {21FBAF38-FECA-43CD-8795-AFFC90B2E044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-14] (Google Inc.)

Task: {244235B5-0AEE-4814-A262-CD477B413AF7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-06] (PC-Doctor, Inc.)

Task: {3A7351A0-0B11-4F5F-8945-7E6696311587} - System32\Tasks\Les_New1 => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-14] (Seagate Technology LLC)

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {3E456D27-607E-43DC-95DF-44C02E297B07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-14] (Google Inc.)

Task: {3F205C10-BC8E-4259-BFDF-507CD3BCD919} - \200e68c No Task File

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {44D955B7-3BE8-425B-B534-BC06A6702B2F} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => C:\Program Files\Microsoft Fix it Center\MatsApi.dll [2011-06-13] (Microsoft Corporation)

Task: {54A8A713-5218-4663-846C-2A6EE9897CBF} - System32\Tasks\{8188C7FA-9EAD-4A0F-85C1-99BD8424DA80} => C:\Program Files\Skype\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)

Task: {564BA79B-292C-4B95-89F6-366135408D3D} - System32\Tasks\check disc => C:\Windows\System32\chkdsk.exe [2006-11-02] (Microsoft Corporation)

Task: {57C4C464-0C3D-45A0-A44C-A7FB14762EAB} - \74e2190c No Task File

Task: {5F7994CB-556E-44F1-B647-3D38027A5112} - System32\Tasks\Microsoft\Windows\RestartManager\{E0E9B93B-3337-4951-B6E6-40A9746581E1} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

Task: {737B82CC-D9DD-4163-A405-87D01CBBA8C1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {8817B7EF-1E68-4EC6-853D-CF05108D1DA2} - System32\Tasks\Les_New DBAgent 2 0 => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-10-14] (Seagate Technology LLC)

Task: {8A132213-5E41-4CD2-9FEB-CA9A0B063050} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2155982950-3057843811-3124903850-1007 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-10-14] (RealNetworks, Inc.)

Task: {8F8252CA-7AFD-4035-A1B3-3D065C78CE3B} - \7bb2c78c No Task File

Task: {961B6E06-6ACF-4BED-9764-715FEEFE066F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-05-30] (Seagate Technology LLC)

Task: {BB0BBF06-848B-4895-9A9A-D3C7B674729A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {C0162598-3F87-4A3E-AD4E-585D2C18E5C8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2155982950-3057843811-3124903850-1007 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-10-14] (RealNetworks, Inc.)

Task: {D18E2D89-DA5E-454C-B309-2F124B69F825} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-10-14] (PC-Doctor, Inc.)

Task: {D33FD385-79F1-4EBC-B2B7-779D272C5CC8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2155982950-3057843811-3124903850-1007 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-10-14] (RealNetworks, Inc.)

Task: {E0E87BE1-A70B-4DFC-AADE-03AE9F43A0B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-14] (Adobe Systems Incorporated)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()

Task: {E612ADC4-78D0-4A97-84C7-C8A8F7C8AFAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-14] (Piriform Ltd)

Task: {ECA44AA0-F9F6-4F0B-A05F-9E235D210BA2} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => C:\Program Files\Microsoft Fix it Center\MatsApi.dll [2011-06-13] (Microsoft Corporation)

Task: {F1448CB2-54DA-4F03-ABEA-9B661EAD55B4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)

Task: {F3136755-E5A8-4A6B-B746-5A13A418D3E8} - System32\Tasks\IHUninstallTrackingTASK => C:\Windows\System32\CMD

Task: {F3BCCA3E-C301-4FE0-9387-818BA32ED6A0} - \3b662b8c No Task File

Task: {FD1EEBFB-A168-4EF4-8E28-62EFEB22A509} - System32\Tasks\Microsoft\Windows\RestartManager\{7E2F721D-B1C7-47c0-81ED-AB33787D0B6F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{4410D2A5-866D-4E21-BE58-E2C137396A8C}.job => C:\Windows\system32\msfeedssync.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{4B7857AA-85CC-4203-95CC-FA2AF1F610B7}.job => C:\Windows\system32\msfeedssync.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{ED38B297-A111-4C4A-9A18-3554545F5267}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-10-13 07:55 - 2013-10-13 07:56 - 03008112 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll

2013-10-13 07:55 - 2013-10-13 07:56 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll

2013-10-13 07:55 - 2013-10-13 07:56 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Program Files\Starfish:Roxio EMC Stream

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

AlternateDataStreams: C:\Users\Les_New\Documents\Business:Roxio EMC Stream

AlternateDataStreams: C:\Users\Les_New\Documents\Financial:Roxio EMC Stream

AlternateDataStreams: C:\Users\Les_New\Documents\Home:Roxio EMC Stream

AlternateDataStreams: C:\Users\Les_New\Documents\LH Jobs:Roxio EMC Stream

AlternateDataStreams: C:\Users\Les_New\Documents\lh_signature.gif:Roxio EMC Stream

AlternateDataStreams: C:\Users\Les_New\Documents\Miscellaneous:Roxio EMC Stream

AlternateDataStreams: C:\Users\Les_New\Documents\My Received Files:Roxio EMC Stream

AlternateDataStreams: C:\Users\Les_New\Documents\Outlook transfer files:Roxio EMC Stream

AlternateDataStreams: C:\Users\Les_New\Documents\School:Roxio EMC Stream

AlternateDataStreams: C:\Users\Les_New\Documents\SE V600i camera:Roxio EMC Stream

AlternateDataStreams: C:\Users\Les_New\Documents\Tessa:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\11994207.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\11994207.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

 

==================== Event log errors: =========================

Application errors:

==================

Error: (10/16/2013 01:34:40 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\LES_NEW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#P.JWPCDN.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (10/16/2013 01:34:40 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\LES_NEW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#P.JWPCDN.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (10/16/2013 11:19:49 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2013 09:02:26 AM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\LES_NEW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2PK4C39R\S7G3.SCENE7.COM\S7_STORAGE_INIT.SXX> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (10/16/2013 09:02:22 AM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\LES_NEW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S7G3.SCENE7.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (10/16/2013 09:02:22 AM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\LES_NEW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S7G3.SCENE7.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (10/16/2013 06:52:07 AM) (Source: Application Error) (User: )

Description: Faulting application infocard.exe, version 3.0.4506.2123, time stamp 0x4858c450, faulting module KERNEL32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xe0434f4d, fault offset 0x0003fc16,

process id 0xab0, application start time 0xinfocard.exe0.

Error: (10/16/2013 06:51:46 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (10/15/2013 10:31:49 PM) (Source: Application Error) (User: )

Description: Faulting application infocard.exe, version 3.0.4506.2123, time stamp 0x4858c450, faulting module KERNEL32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xe0434f4d, fault offset 0x0003fc16,

process id 0x858, application start time 0xinfocard.exe0.

Error: (10/15/2013 10:23:16 PM) (Source: Application Error) (User: )

Description: Faulting application infocard.exe, version 3.0.4506.2123, time stamp 0x4858c450, faulting module KERNEL32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xe0434f4d, fault offset 0x0003fc16,

process id 0xb84, application start time 0xinfocard.exe0.

 

System errors:

=============

Error: (10/16/2013 06:59:59 AM) (Source: Service Control Manager) (User: )

Description: SeaPort

Error: (10/16/2013 06:59:59 AM) (Source: Service Control Manager) (User: )

Description: Windows Live Family Safety Service

Error: (10/16/2013 06:53:21 AM) (Source: Print) (User: NT AUTHORITY)

Description: The print spooler failed to share printer EPSON WP-4535 Series with shared resource name EPSON. Error 1. The printer cannot be used by others on the network.

Error: (10/16/2013 06:53:02 AM) (Source: Service Control Manager) (User: )

Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (10/16/2013 06:53:02 AM) (Source: Service Control Manager) (User: )

Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing Service%%1058

Error: (10/16/2013 06:53:02 AM) (Source: Service Control Manager) (User: )

Description: Net.Pipe Listener Adapterwas

Error: (10/16/2013 06:53:02 AM) (Source: Service Control Manager) (User: )

Description: Net.Msmq Listener Adaptermsmq

Error: (10/16/2013 06:53:02 AM) (Source: Service Control Manager) (User: )

Description: Windows CardSpace%%1053

Error: (10/16/2013 06:53:02 AM) (Source: Service Control Manager) (User: )

Description: 30000Windows CardSpace

Error: (10/15/2013 10:45:55 PM) (Source: Service Control Manager) (User: )

Description: Apache2.21 (0x1)

 

Microsoft Office Sessions:

=========================

Error: (10/16/2013 01:34:40 PM) (Source: Windows Search Service)(User: )

Description: Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\LES_NEW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#P.JWPCDN.COM\SETTINGS.SOL

Error: (10/16/2013 01:34:40 PM) (Source: Windows Search Service)(User: )

Description: Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\LES_NEW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#P.JWPCDN.COM\SETTINGS.SOL

Error: (10/16/2013 11:19:49 AM) (Source: SideBySide)(User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"J:\HitmanPro_x64.exe

Error: (10/16/2013 09:02:26 AM) (Source: Windows Search Service)(User: )

Description: Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\LES_NEW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2PK4C39R\S7G3.SCENE7.COM\S7_STORAGE_INIT.SXX

Error: (10/16/2013 09:02:22 AM) (Source: Windows Search Service)(User: )

Description: Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\LES_NEW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S7G3.SCENE7.COM\SETTINGS.SOL

Error: (10/16/2013 09:02:22 AM) (Source: Windows Search Service)(User: )

Description: Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\LES_NEW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S7G3.SCENE7.COM\SETTINGS.SOL

Error: (10/16/2013 06:52:07 AM) (Source: Application Error)(User: )

Description: infocard.exe3.0.4506.21234858c450KERNEL32.dll6.0.6002.187045065ccb6e0434f4d0003fc16ab001ceca33d7c052cd

Error: (10/16/2013 06:51:46 AM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (10/15/2013 10:31:49 PM) (Source: Application Error)(User: )

Description: infocard.exe3.0.4506.21234858c450KERNEL32.dll6.0.6002.187045065ccb6e0434f4d0003fc1685801cec9edf289b95a

Error: (10/15/2013 10:23:16 PM) (Source: Application Error)(User: )

Description: infocard.exe3.0.4506.21234858c450KERNEL32.dll6.0.6002.187045065ccb6e0434f4d0003fc16b8401cec9ecc1face7a

 

CodeIntegrity Errors:

===================================

Date: 2013-10-16 11:20:12.141

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume10\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 11:20:10.955

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume10\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 11:20:09.839

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume10\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 11:20:08.223

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume10\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 11:20:06.764

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume10\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 11:20:04.923

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume10\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 11:20:03.795

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume10\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 11:20:02.229

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume10\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 11:20:00.982

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume10\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 11:19:59.719

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume10\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

 

==================== Memory info ===========================

Percentage of memory in use: 58%

Total physical RAM: 3005.76 MB

Available physical RAM: 1234.47 MB

Total Pagefile: 6246 MB

Available Pagefile: 4115.6 MB

Total Virtual: 2047.88 MB

Available Virtual: 1889.2 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.97 GB) (Free:31.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: D8000000)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

That file doesn't seem to be on the system, lets check:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefindwsr30zt32.dll 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

It's there, can you manually find/delete it??
You may have to enable hidden files to see it:
http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

C:\Users\Les_New\AppData\Local\wsr30zt32.dll

If not..please do this:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.
 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Well, despite the wsr30z32.dll having been deleted (and I did check beforehand), MWB located it again and deleted it.

(Incidentally, there's a dfl30z32.dll sitting in AppData\Local, which was 'last modified' a few minutes ago. I haven't done anything with that.)

MWB log attached.

mbam-log-2013-10-17 (17-30-56).txt

Link to post
Share on other sites

ComboFix log attached. It warned me that I was running MS Security Essentials. MSSE was not actually running, as a program or as a process listed in task manager (or, indeed, as a program listed in the control panel) - so there was nothing I could actually turn off.

Anyway, CFix seems to have done quite a bit of work.

ComboFix.txt

Link to post
Share on other sites

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

Then............

Please run a free online scan with the ESET Online Scanner (it may take a while to run)

Note: You will need to use Internet Explorer for this scan.

First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start

Wait for the scan to finish

If threats were found

Click on "list of threats found"

Click on "export to text file" and save it as ESET SCAN and save to the desktop

Click on back

Put a checkmark in "Uninstall application on close"

Click on finish

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

MBAR logs attached, along with two ESET logs. I ran this twice as well because it hung for several hours both times at '99% finished' on schema.dat.

Internet and firewall working, but not Windows Update.

Thanks.

mbar-log-2013-10-18 (18-00-00).txt

system-log.txt

mbar-log-2013-10-18 (16-25-50).txt

ESET SCAN2.txt

ESET SCAN 1.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.