Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS Security Essentials won't start


  • This topic is locked This topic is locked
16 replies to this topic

#1 jumpymonkey9

jumpymonkey9

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 16 July 2012 - 09:21 AM

I was recently having my google search results redirected in Firefox, along with random tabs opening. At the same time I noticed MS Security Essentials was not running. I tried to click "Start Now" but I get an error saying "Couldn't start the Security Essentials service. The specified service does not exist as an installed service. Error code 0x80070424." I installed and ran Malwarebytes Anti-Malware, and it found 2 things: Rootkit.0Access and Trojan.Dropper.BCMiner. I quarantined and then deleted them. I am not getting the google redirects anymore, but MSE still won't start.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Lee at 23:32:09 on 2012-07-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9821 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Lee\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Workspace\workspaceupdate.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\X3watch\x3watch.exe
C:\Users\Lee\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Program Files (x86)\Extensis\Portfolio 8.5\Portfolio Express.exe
C:\Users\Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\CrashPlan\CrashPlanDesktop.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=make
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Akamai NetSession Interface] "C:\Users\Lee\AppData\Local\Akamai\netsession_win.exe"
uRun: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Starfield Updater] "C:\Program Files (x86)\Workspace\workspaceupdate.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Lee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PORTFO~1.LNK - C:\Program Files (x86)\Extensis\Portfolio 8.5\Portfolio Express.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{592DB855-7E79-416D-BC39-459F1CBBF885} : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\8puqwbuf.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo (SSL)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Lee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Mozilla\plugins\npwbe64.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [2012-3-26 152576]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-2-21 1168680]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-4-4 96768]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-1-11 8704]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-6 1262400]
R2 rtpMIDIService;rtpMIDIService;C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2011-7-1 1131008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-3-20 175520]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys --> C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-11-2 131912]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-15 22:16:54 -------- d-----w- C:\$RECYCLE.BIN
2012-07-15 22:02:05 98816 ----a-w- C:\Windows\sed.exe
2012-07-15 22:02:05 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-15 22:02:05 256000 ----a-w- C:\Windows\PEV.exe
2012-07-15 22:02:05 208896 ----a-w- C:\Windows\MBR.exe
2012-07-15 22:01:43 -------- d-----w- C:\comfix
2012-07-15 21:41:35 -------- d-----w- C:\Users\Lee\AppData\Roaming\Malwarebytes
2012-07-15 21:41:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-15 21:41:25 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-15 21:41:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-15 18:54:12 -------- d-----w- C:\Program Files (x86)\Citrix
2012-07-14 22:31:08 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-14 18:45:24 -------- d-----w- C:\ProgramData\Celartem
2012-07-14 18:44:08 -------- d-----w- C:\ProgramData\Extensis
2012-07-14 18:43:47 -------- d-----w- C:\Users\Lee\AppData\Roaming\Extensis
2012-07-14 18:43:41 -------- d-----w- C:\Program Files (x86)\Extensis
2012-07-14 18:41:30 -------- d-----w- C:\ProgramData\{8D44CB76-5F9A-48E7-9DB0-586CC25172B6}
2012-07-14 16:04:52 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A3ED48B-DA5D-49B5-A3B2-EADB23D7B070}\mpengine.dll
2012-07-13 04:22:01 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 19:48:01 -------- d-----w- C:\Users\Lee\AppData\Roaming\TeraCopy
2012-07-11 19:47:46 -------- d-----w- C:\Program Files\TeraCopy
2012-07-11 17:55:30 -------- d-----w- C:\Users\Lee\Library
2012-07-11 17:55:29 -------- d-----w- C:\Users\Lee\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2012-07-11 17:55:22 -------- d-----w- C:\Program Files (x86)\YNAB 4
2012-07-11 12:57:55 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-03 16:02:36 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18520421-1348-4F9E-8D47-D2B76BB3E7CA}\gapaengine.dll
2012-07-02 03:53:16 -------- d-----w- C:\Program Files (x86)\Tobias Erichsen
2012-06-30 21:57:59 -------- d-----w- C:\Users\Lee\AppData\Roaming\Digital Rebellion
2012-06-30 00:37:22 -------- d-----w- C:\Program Files (x86)\Digital Rebellion
2012-06-29 23:49:16 -------- d-----w- C:\ProgramData\ALM
2012-06-27 18:51:16 -------- d-----w- C:\Users\Lee\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-06-27 18:51:13 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-06-21 12:00:48 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 12:00:30 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 12:00:10 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 12:00:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 18:26:24 -------- d-----w- C:\ProgramData\Contour Design
2012-06-20 18:26:24 -------- d-----w- C:\Program Files (x86)\Contour Shuttle
2012-06-20 18:26:24 -------- d-----w- C:\Program Files (x86)\Common Files\Contour Design
2012-06-19 16:03:32 -------- d-----w- C:\Users\Lee\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
2012-06-19 16:02:28 -------- d-----w- C:\Users\Lee\AppData\Roaming\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1
2012-06-19 16:02:27 -------- d-----w- C:\Program Files (x86)\pomodairo
2012-06-19 15:52:38 -------- d-----w- C:\Program Files (x86)\focus booster
.
==================== Find3M ====================
.
2012-07-13 22:07:21 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 22:07:21 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-05-01 01:23:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 23:35:09.38 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,458 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:26 AM

Posted 16 July 2012 - 04:46 PM

Please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#3 jumpymonkey9

jumpymonkey9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 16 July 2012 - 11:40 PM

Thank you for your quick response.

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 17-07-2012 00:21:17
Running from J:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe" [303104 2011-02-14] (Tiger Green Productions LLC)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe [118784 2011-02-14] (Contour Design, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated)
HKU\Lee\...\Run: [Akamai NetSession Interface] "C:\Users\Lee\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Lee\...\Run: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [119104 2011-07-07] (johnsadventures.com)
HKU\Lee\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Lee\...\Run: [Starfield Updater] "C:\Program Files (x86)\Workspace\workspaceupdate.exe" [34496 2012-05-02] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 209.18.47.61 209.18.47.62
Startup: C:\Users\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk
ShortcutTarget: Portfolio Express 8.5.lnk -> C:\Program Files (x86)\Extensis\Portfolio 8.5\Portfolio Express.exe (Extensis, Inc.)
Startup: C:\Users\Lee\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Lee\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-03] (Akamai Technologies, Inc)
2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
2 CrashPlanService; "C:\Program Files (x86)\CrashPlan\CrashPlanService.exe" [152576 2012-03-26] (CrashPlan)
2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1168680 2012-05-17] (Starfield Technologies)
2 Freemake Improver; "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [96768 2012-04-02] (Freemake)
2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [8704 2011-12-30] (Microsoft)
3 InstallShield Licensing Service; "C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe" [78536 2012-05-12] (Macrovision )
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 rtpMIDIService; "C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe" [1131008 2011-07-01] (Tobias Erichsen)
2 ShuttleEngine; "C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe" -run [86016 2011-02-14] (Contour Design, Inc.)
2 WysePocketCloud; "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe" [175520 2012-03-20] ()

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-04] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [13368 2009-07-06] ()
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 pfc; C:\Windows\SysWow64\Drivers\pfc.sys [10368 2005-11-02] (Padus, Inc.)
3 teVirtualMIDI64; C:\Windows\System32\Drivers\teVirtualMIDI64.sys [28160 2011-06-26] (Tobias Erichsen)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
3 ALSysIO; \??\C:\Users\Lee\AppData\Local\Temp\ALSysIO64.sys [x]
3 catchme; \??\C:\comfix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-16 10:35 - 2012-07-16 10:35 - 00000000 ____D C:\Users\Public\Documents\sun
2012-07-16 10:31 - 2012-07-16 10:31 - 00000000 ____D C:\Users\Lee\Desktop\OpenOffice.org 3.4 (en-US) Installation Files
2012-07-16 10:27 - 2012-07-16 10:31 - 151801119 ____A C:\Users\Lee\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
2012-07-15 19:38 - 2012-07-15 19:38 - 00024026 ____A C:\Users\Lee\Desktop\DDS.txt
2012-07-15 19:36 - 2012-07-15 19:36 - 00016144 ____A C:\Users\Lee\Desktop\Attach.txt
2012-07-15 19:30 - 2012-07-15 19:30 - 00607260 ____R (Swearware) C:\Users\Lee\Desktop\dds.scr
2012-07-15 14:22 - 2012-07-15 14:22 - 00027319 ____A C:\ComboFix.txt
2012-07-15 14:02 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-15 14:02 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-15 14:02 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-15 14:02 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-15 14:02 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-15 14:02 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-15 14:02 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-15 14:02 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-15 14:01 - 2012-07-15 14:22 - 00000000 ____D C:\comfix
2012-07-15 13:41 - 2012-07-15 13:41 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-15 13:41 - 2012-07-15 13:41 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Malwarebytes
2012-07-15 13:41 - 2012-07-15 13:41 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-15 13:41 - 2012-07-15 13:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-15 13:41 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-15 13:39 - 2012-07-15 13:40 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Lee\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-15 13:33 - 2012-07-15 14:22 - 00000000 ____D C:\Qoobox
2012-07-15 13:33 - 2012-07-15 14:21 - 00000000 ____D C:\Windows\erdnt
2012-07-15 13:29 - 2012-07-15 13:29 - 04579346 ____R (Swearware) C:\Users\Lee\Desktop\comfix.exe
2012-07-15 13:20 - 2012-07-15 13:22 - 17039840 ____A (Microsoft Corporation) C:\Users\Lee\Downloads\Windows-KB890830-x64-V4.10.exe
2012-07-15 13:19 - 2012-07-02 23:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-07-15 13:17 - 2012-07-15 13:18 - 16373192 ____A (Microsoft Corporation) C:\Users\Lee\Downloads\Windows-KB890830-V4.10.exe
2012-07-15 10:54 - 2012-07-15 10:54 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-07-14 16:32 - 2012-07-14 16:32 - 03594744 ____A (Piriform Ltd) C:\Users\Lee\Downloads\dfsetup210.exe
2012-07-14 14:31 - 2012-07-14 14:31 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-14 10:45 - 2012-07-14 10:45 - 00000000 ____D C:\Users\All Users\Celartem
2012-07-14 10:44 - 2012-07-14 13:10 - 00000000 ____D C:\Users\All Users\Extensis
2012-07-14 10:44 - 2012-07-14 10:44 - 00001016 ____A C:\Users\Public\Desktop\Portfolio 8.5.lnk
2012-07-14 10:43 - 2012-07-14 13:10 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Extensis
2012-07-14 10:43 - 2012-07-14 10:43 - 00000000 ____D C:\Program Files (x86)\Extensis
2012-07-14 10:41 - 2012-07-14 10:41 - 00000000 ____D C:\Users\All Users\{8D44CB76-5F9A-48E7-9DB0-586CC25172B6}
2012-07-14 10:40 - 2012-07-14 10:40 - 00000000 ____D C:\Users\Lee\Downloads\Portfolio-8-5-6-W
2012-07-14 08:33 - 2012-07-14 08:34 - 117076615 ____A C:\Users\Lee\Downloads\Portfolio-8-5-6-W.zip
2012-07-11 11:48 - 2012-07-11 11:50 - 00000000 ____D C:\Users\Lee\AppData\Roaming\TeraCopy
2012-07-11 11:47 - 2012-07-11 11:47 - 00000000 ____D C:\Program Files\TeraCopy
2012-07-11 11:46 - 2012-07-11 11:46 - 02941072 ____A (Code Sector ) C:\Users\Lee\Downloads\teracopy.exe
2012-07-11 09:55 - 2012-07-11 09:55 - 00000983 ____A C:\Users\Lee\Desktop\YNAB 4.lnk
2012-07-11 09:55 - 2012-07-11 09:55 - 00000000 ____D C:\Users\Lee\Library
2012-07-11 09:55 - 2012-07-11 09:55 - 00000000 ____D C:\Users\Lee\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2012-07-11 09:55 - 2012-07-11 09:55 - 00000000 ____D C:\Program Files (x86)\YNAB 4
2012-07-11 09:53 - 2012-07-11 09:53 - 17878928 ____A (YouNeedABudget.com ) C:\Users\Lee\Downloads\YNAB 4_4.0.941_Setup.exe
2012-07-11 04:57 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 04:54 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 04:54 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 04:54 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 04:54 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 04:54 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 04:54 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 04:54 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 04:54 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 04:54 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 04:54 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 04:54 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 04:54 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 04:54 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 04:54 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 04:54 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 04:54 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 04:54 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 04:54 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 04:54 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 04:54 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 04:54 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 04:54 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 04:54 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 04:54 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 04:54 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 04:54 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 04:54 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 04:54 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 04:53 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 04:53 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 04:53 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 04:53 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 04:53 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 04:53 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 04:53 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 04:53 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 04:53 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 04:53 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 04:53 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 04:53 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 04:53 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 04:53 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 04:53 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 04:53 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 04:53 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 04:53 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 04:53 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-07 05:17 - 2007-12-31 22:31 - 1237628046 ____A C:\Users\Lee\Desktop\080101-000.wav
2012-07-06 06:16 - 2012-07-06 06:16 - 00012167 ____A C:\Users\Lee\Desktop\Media Schedule(11).xlsx
2012-07-05 10:45 - 2012-07-15 10:59 - 00001456 ____A C:\Users\Lee\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-07-05 08:40 - 2012-07-05 08:41 - 18783857 ____A (ImageMagick Studio LLC ) C:\Users\Lee\Downloads\ImageMagick-6.7.8-1-Q16-windows-x64-dll.exe
2012-07-03 10:12 - 2012-07-03 10:12 - 03311152 ____A C:\Users\Lee\Downloads\PFPortChecker.exe
2012-07-03 09:20 - 2012-07-03 09:25 - 121488936 ____A (iZotope, Inc. ) C:\Users\Lee\Downloads\iZotope_RX_Setup_v2_10.exe
2012-07-01 19:53 - 2012-07-01 19:53 - 00002033 ____A C:\Users\Public\Desktop\rtpMIDI.lnk
2012-07-01 19:53 - 2012-07-01 19:53 - 00000000 ____D C:\Program Files (x86)\Tobias Erichsen
2012-07-01 19:52 - 2012-07-01 19:52 - 01684728 ____A C:\Users\Lee\Downloads\rtpMIDI_1_0_7_222.zip
2012-07-01 19:52 - 2012-07-01 19:52 - 00000000 ____D C:\Users\Lee\Downloads\rtpMIDI_1_0_7_222
2012-06-30 13:57 - 2012-06-30 13:57 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Digital Rebellion
2012-06-29 16:37 - 2012-06-29 16:37 - 00000000 ____D C:\Program Files (x86)\Digital Rebellion
2012-06-29 16:36 - 2012-06-29 16:36 - 00000000 ____D C:\Users\Lee\Downloads\Post_Haste_Win
2012-06-29 16:22 - 2012-06-29 16:22 - 04868737 ____A C:\Users\Lee\Downloads\Post_Haste_Win.zip
2012-06-29 15:49 - 2012-06-29 15:49 - 00000000 ____D C:\Users\All Users\ALM
2012-06-27 10:52 - 2012-07-15 19:10 - 00000000 ____D C:\Users\Lee\Desktop\CS6 Trial
2012-06-27 10:51 - 2012-06-27 10:51 - 00000000 ____D C:\Users\Lee\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-06-27 10:51 - 2012-06-27 10:51 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2012-06-21 04:00 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 04:00 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 04:00 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 04:00 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 04:00 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 04:00 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 04:00 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 04:00 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 04:00 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 10:26 - 2012-06-20 10:26 - 00000000 ____D C:\Users\All Users\Contour Design
2012-06-20 10:26 - 2012-06-20 10:26 - 00000000 ____D C:\Program Files (x86)\Contour Shuttle
2012-06-19 08:03 - 2012-06-19 08:03 - 00000000 ____D C:\Users\Lee\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
2012-06-19 08:02 - 2012-06-19 08:03 - 00004096 ____A C:\Users\Lee\pomodairo-1.1.db
2012-06-19 08:02 - 2012-06-19 08:02 - 00000881 ____A C:\Users\Public\Desktop\pomodairo.lnk
2012-06-19 08:02 - 2012-06-19 08:02 - 00000000 ____D C:\Users\Lee\AppData\Roaming\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1
2012-06-19 08:02 - 2012-06-19 08:02 - 00000000 ____D C:\Program Files (x86)\pomodairo
2012-06-19 07:52 - 2012-06-19 07:52 - 00000921 ____A C:\Users\Public\Desktop\focus booster.lnk
2012-06-19 07:52 - 2012-06-19 07:52 - 00000000 ____D C:\Program Files (x86)\focus booster
2012-06-17 04:37 - 2012-06-17 04:37 - 00288680 ____A C:\Windows\Minidump\061712-31465-01.dmp


============ 3 Months Modified Files ========================

2012-07-16 20:14 - 2012-04-03 08:18 - 00014671 ____A C:\Windows\setupact.log
2012-07-16 20:13 - 2012-05-02 07:41 - 00043293 ____A C:\Windows\offSyncService.log
2012-07-16 20:13 - 2011-04-05 14:43 - 00208040 ____A C:\Users\Lee\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-16 20:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-16 20:13 - 2009-07-13 20:45 - 11572816 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-16 20:11 - 2011-05-17 13:06 - 01766352 ____A C:\Windows\WindowsUpdate.log
2012-07-16 20:11 - 2009-07-13 21:13 - 00782742 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-16 20:07 - 2012-04-03 08:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-16 10:31 - 2012-07-16 10:27 - 151801119 ____A C:\Users\Lee\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
2012-07-16 09:37 - 2011-12-09 18:51 - 00000021 ____A C:\Windows\SurCode.INI
2012-07-16 06:10 - 2009-07-13 20:45 - 00015376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-16 06:10 - 2009-07-13 20:45 - 00015376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-15 19:38 - 2012-07-15 19:38 - 00024026 ____A C:\Users\Lee\Desktop\DDS.txt
2012-07-15 19:36 - 2012-07-15 19:36 - 00016144 ____A C:\Users\Lee\Desktop\Attach.txt
2012-07-15 19:30 - 2012-07-15 19:30 - 00607260 ____R (Swearware) C:\Users\Lee\Desktop\dds.scr
2012-07-15 14:22 - 2012-07-15 14:22 - 00027319 ____A C:\ComboFix.txt
2012-07-15 14:16 - 2012-04-03 08:18 - 00005960 ____A C:\Windows\PFRO.log
2012-07-15 14:16 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-15 14:15 - 2009-07-13 18:34 - 66060288 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-07-15 14:15 - 2009-07-13 18:34 - 20185088 ____A C:\Windows\System32\config\SYSTEM.bak
2012-07-15 14:15 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-07-15 14:15 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-07-15 14:15 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-07-15 13:41 - 2012-07-15 13:41 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-15 13:40 - 2012-07-15 13:39 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Lee\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-15 13:29 - 2012-07-15 13:29 - 04579346 ____R (Swearware) C:\Users\Lee\Desktop\comfix.exe
2012-07-15 13:22 - 2012-07-15 13:20 - 17039840 ____A (Microsoft Corporation) C:\Users\Lee\Downloads\Windows-KB890830-x64-V4.10.exe
2012-07-15 13:18 - 2012-07-15 13:17 - 16373192 ____A (Microsoft Corporation) C:\Users\Lee\Downloads\Windows-KB890830-V4.10.exe
2012-07-15 10:59 - 2012-07-05 10:45 - 00001456 ____A C:\Users\Lee\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-07-14 16:32 - 2012-07-14 16:32 - 03594744 ____A (Piriform Ltd) C:\Users\Lee\Downloads\dfsetup210.exe
2012-07-14 10:44 - 2012-07-14 10:44 - 00001016 ____A C:\Users\Public\Desktop\Portfolio 8.5.lnk
2012-07-14 09:54 - 2011-06-03 11:28 - 00002548 ____A C:\Users\Lee\Desktop\Bills.txt
2012-07-14 08:34 - 2012-07-14 08:33 - 117076615 ____A C:\Users\Lee\Downloads\Portfolio-8-5-6-W.zip
2012-07-13 14:07 - 2012-04-03 08:34 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-13 14:07 - 2011-05-19 06:36 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 11:46 - 2012-07-11 11:46 - 02941072 ____A (Code Sector ) C:\Users\Lee\Downloads\teracopy.exe
2012-07-11 09:55 - 2012-07-11 09:55 - 00000983 ____A C:\Users\Lee\Desktop\YNAB 4.lnk
2012-07-11 09:53 - 2012-07-11 09:53 - 17878928 ____A (YouNeedABudget.com ) C:\Users\Lee\Downloads\YNAB 4_4.0.941_Setup.exe
2012-07-08 09:07 - 2009-07-13 21:08 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-06 06:16 - 2012-07-06 06:16 - 00012167 ____A C:\Users\Lee\Desktop\Media Schedule(11).xlsx
2012-07-05 20:28 - 2011-12-09 16:19 - 00353960 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-07-05 08:41 - 2012-07-05 08:40 - 18783857 ____A (ImageMagick Studio LLC ) C:\Users\Lee\Downloads\ImageMagick-6.7.8-1-Q16-windows-x64-dll.exe
2012-07-04 20:43 - 2011-04-23 09:35 - 00007606 ____A C:\Users\Lee\AppData\Local\Resmon.ResmonCfg
2012-07-03 10:12 - 2012-07-03 10:12 - 03311152 ____A C:\Users\Lee\Downloads\PFPortChecker.exe
2012-07-03 09:46 - 2012-07-15 13:41 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 09:25 - 2012-07-03 09:20 - 121488936 ____A (iZotope, Inc. ) C:\Users\Lee\Downloads\iZotope_RX_Setup_v2_10.exe
2012-07-02 23:19 - 2011-04-05 15:13 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-02 23:13 - 2012-07-15 13:19 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-07-01 19:53 - 2012-07-01 19:53 - 00002033 ____A C:\Users\Public\Desktop\rtpMIDI.lnk
2012-07-01 19:52 - 2012-07-01 19:52 - 01684728 ____A C:\Users\Lee\Downloads\rtpMIDI_1_0_7_222.zip
2012-06-29 16:22 - 2012-06-29 16:22 - 04868737 ____A C:\Users\Lee\Downloads\Post_Haste_Win.zip
2012-06-23 17:21 - 2011-08-02 06:29 - 00000132 ____A C:\Users\Lee\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-19 08:03 - 2012-06-19 08:02 - 00004096 ____A C:\Users\Lee\pomodairo-1.1.db
2012-06-19 08:02 - 2012-06-19 08:02 - 00000881 ____A C:\Users\Public\Desktop\pomodairo.lnk
2012-06-19 07:52 - 2012-06-19 07:52 - 00000921 ____A C:\Users\Public\Desktop\focus booster.lnk
2012-06-17 04:37 - 2012-06-17 04:37 - 00288680 ____A C:\Windows\Minidump\061712-31465-01.dmp
2012-06-17 04:37 - 2012-04-07 06:04 - 453775536 ____A C:\Windows\MEMORY.DMP
2012-06-15 19:19 - 2012-06-15 19:19 - 00000976 ____A C:\Users\UpdatusUser\Desktop\Doom3.lnk
2012-06-15 19:10 - 2012-06-15 19:10 - 00000343 ____A C:\Windows\doom3.ini
2012-06-11 19:08 - 2012-07-11 04:57 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 02:50 - 2012-06-10 02:50 - 00288624 ____A C:\Windows\Minidump\061012-31730-01.dmp
2012-06-09 08:07 - 2011-04-26 16:47 - 00001456 ____A C:\Users\Lee\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-06-09 07:14 - 2012-06-08 09:21 - 00000185 ____A C:\Users\Lee\Desktop\Memorizing James.txt
2012-06-08 21:43 - 2012-07-11 04:53 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 04:53 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 14:00 - 2012-06-08 14:00 - 00333400 ____A C:\Users\Lee\Downloads\JogoBoxInstaller.exe
2012-06-08 11:05 - 2011-11-19 11:11 - 00000833 ____A C:\Users\Public\Desktop\Klok2.lnk
2012-06-06 10:37 - 2011-07-24 10:10 - 00001016 ____A C:\Users\Lee\Desktop\Dropbox.lnk
2012-06-06 06:43 - 2012-06-06 06:41 - 168454136 ____A (NVIDIA Corporation) C:\Users\Lee\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-06-05 22:06 - 2012-07-11 04:53 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 04:53 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 04:53 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 04:53 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 04:53 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 04:53 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 20:36 - 2012-06-04 20:36 - 05565454 ____A C:\Users\Lee\Downloads\mari0-win.zip
2012-06-04 10:43 - 2012-06-04 10:38 - 16574016 ____A (Mozilla) C:\Users\Lee\Downloads\Firefox Setup 13.0.exe
2012-06-02 14:19 - 2012-06-21 04:00 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 04:00 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 04:00 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 04:00 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 04:00 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 04:00 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 04:00 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 04:00 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 04:00 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 04:54 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 04:54 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 04:54 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 04:54 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 04:54 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 04:54 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 04:54 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 04:54 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 04:54 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 04:54 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 04:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 04:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 04:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 04:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 04:54 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 04:54 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 04:54 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 04:54 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 04:54 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 04:54 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 04:54 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 04:54 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 04:54 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 04:54 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 04:54 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 04:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 04:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 04:54 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 04:53 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 04:53 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 04:53 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 04:53 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 04:53 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 04:53 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 04:53 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 04:53 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 04:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 12:11 - 2012-05-18 12:08 - 00000759 ____A C:\Windows\DirectX.log
2012-05-28 09:47 - 2012-05-12 21:20 - 00014308 ____A C:\Users\Lee\Desktop\Katie.txt
2012-05-25 10:07 - 2012-05-25 10:07 - 00000885 ____A C:\Users\Lee\Desktop\diskmgmt.msc - Shortcut.lnk
2012-05-25 08:46 - 2012-05-25 08:46 - 00262144 ____A C:\Windows\Minidump\052512-22885-01.dmp
2012-05-24 20:40 - 2012-05-24 20:39 - 05849320 ____A (Digiarty ) C:\Users\Lee\Downloads\winx-bd-decrypter.exe
2012-05-15 02:48 - 2012-06-06 06:44 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-06-06 06:44 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-05-15 02:48 - 2012-06-06 06:44 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-05-15 02:48 - 2012-02-09 18:43 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-05-15 02:48 - 2011-10-10 11:44 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2011-10-10 11:44 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2011-10-10 11:44 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2011-10-10 11:44 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-10-10 11:44 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2011-10-10 11:44 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2011-10-10 11:44 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-10-10 11:44 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:48 - 2011-04-05 14:40 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 01:29 - 2012-06-06 06:45 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-05-15 01:29 - 2011-01-07 16:49 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2011-01-07 16:48 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2011-01-07 16:48 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2011-01-07 16:48 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2011-01-07 16:49 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 22:21 - 2012-05-14 22:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 09:41 - 2012-05-14 09:41 - 05917258 ____A C:\Users\Lee\Downloads\powertab.zip
2012-05-12 20:48 - 2012-05-12 20:48 - 00002757 ____A C:\Users\Public\Desktop\Launch SMS iCD.lnk
2012-05-04 03:06 - 2012-06-12 19:51 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-12 19:50 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-12 19:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 19:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-12 19:50 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-01 06:12 - 2012-05-01 06:12 - 21111200 ____A (Wyse Technology) C:\Users\Lee\Downloads\PocketCloud Windows Companion_v2.4.12.exe
2012-04-30 21:40 - 2012-06-12 19:51 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 17:23 - 2012-04-30 17:23 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-30 17:23 - 2012-04-30 17:23 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-30 17:23 - 2012-04-30 17:23 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-30 17:23 - 2011-04-05 16:07 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-29 09:33 - 2012-03-19 11:26 - 00000240 ____A C:\Users\Lee\Desktop\New Text Document (3).txt
2012-04-27 19:55 - 2012-06-12 19:50 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 07:29 - 2011-12-17 06:42 - 00796400 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-27 07:29 - 2011-12-17 06:42 - 00001945 ____A C:\Windows\epplauncher.mif
2012-04-26 21:23 - 2012-04-26 21:23 - 00000967 ____A C:\Users\UpdatusUser\Desktop\Osada.lnk
2012-04-26 05:15 - 2012-04-26 05:15 - 06118990 ____A (LIGHTNING UK!) C:\Users\Lee\Downloads\SetupImgBurn_2.5.7.0.exe
2012-04-25 21:41 - 2012-06-12 19:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 19:51 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 19:51 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-12 19:50 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 19:50 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 19:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 19:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 19:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 19:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 21:01 - 2012-04-19 21:01 - 00291872 ____A C:\Windows\Minidump\042012-17612-01.dmp

ZeroAccess:
C:\Windows\Installer\{d7835bf6-1843-eead-c368-36aa4f744506}
C:\Windows\Installer\{d7835bf6-1843-eead-c368-36aa4f744506}\L
C:\Windows\Installer\{d7835bf6-1843-eead-c368-36aa4f744506}\U

ZeroAccess:
C:\Users\Lee\AppData\Local\{d7835bf6-1843-eead-c368-36aa4f744506}
C:\Users\Lee\AppData\Local\{d7835bf6-1843-eead-c368-36aa4f744506}\L
C:\Users\Lee\AppData\Local\{d7835bf6-1843-eead-c368-36aa4f744506}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 12279.11 MB
Available physical RAM: 11260.68 MB
Total Pagefile: 12277.26 MB
Available Pagefile: 11258.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:721.29 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (G-Speed Q) (Fixed) (Total:2794.27 GB) (Free:2060.06 GB) NTFS
4 Drive g: (GRMCPRXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
5 Drive h: (Hitachi) (Fixed) (Total:465.76 GB) (Free:81.41 GB) NTFS
7 Drive j: (SPINRITE V6) (Removable) (Total:0.44 GB) (Free:0.43 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (Drive2) (Fixed) (Total:931.51 GB) (Free:446.91 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 931 GB 0 B
Disk 2 Online 2794 GB 0 B *
Disk 3 Online 465 GB 1024 KB
Disk 4 No Media 0 B 0 B
Disk 5 Online 495 MB 1344 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Drive2 NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Reserved 128 MB 17 KB
Partition 2 Primary 2794 GB 129 MB

==================================================================================

Disk: 2
Partition 1
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0000000000000000

There is no volume associated with this partition.

==================================================================================

Disk: 2
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E G-Speed Q NTFS Partition 2794 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H Hitachi NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 447 MB 31 KB
Partition 0 Primary 47 MB 447 MB

==================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J SPINRITE V6 FAT Removable 447 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-10 04:11

======================= End Of Log ==========================




Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-17 00:24:46
Running from J:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-07-15 14:21] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,458 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:26 AM

Posted 17 July 2012 - 10:18 AM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\Installer\{d7835bf6-1843-eead-c368-36aa4f744506}
C:\Users\Lee\AppData\Local\{d7835bf6-1843-eead-c368-36aa4f744506}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Please delete the copy of ComboFix that you have on your desktop and download a fresh copy from the link below, make sure your security programs are disabled and run it, post the resulting log

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#5 jumpymonkey9

jumpymonkey9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 17 July 2012 - 01:36 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-17 13:56:09 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\Installer\{d7835bf6-1843-eead-c368-36aa4f744506} moved successfully.
C:\Users\Lee\AppData\Local\{d7835bf6-1843-eead-c368-36aa4f744506} moved successfully.

==== End of Fixlog ====



ComboFix 12-07-16.01 - Lee 07/17/2012 14:07:15.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.10268 [GMT -4:00]
Running from: c:\users\Lee\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\jna1107663053019398282.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 18:20 . 2012-07-17 18:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-17 18:20 . 2012-07-17 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 08:20 . 2012-07-17 08:21 -------- d-----w- C:\FRST
2012-07-15 22:01 . 2012-07-15 22:22 -------- d-----w- C:\comfix
2012-07-15 21:41 . 2012-07-15 21:41 -------- d-----w- c:\users\Lee\AppData\Roaming\Malwarebytes
2012-07-15 21:41 . 2012-07-15 21:41 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 21:41 . 2012-07-15 21:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 21:41 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 18:54 . 2012-07-15 18:54 -------- d-----w- c:\program files (x86)\Citrix
2012-07-14 22:31 . 2012-07-14 22:31 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-14 18:45 . 2012-07-14 18:45 -------- d-----w- c:\programdata\Celartem
2012-07-14 18:44 . 2012-07-14 21:10 -------- d-----w- c:\programdata\Extensis
2012-07-14 18:43 . 2012-07-14 21:10 -------- d-----w- c:\users\Lee\AppData\Roaming\Extensis
2012-07-14 18:43 . 2012-07-14 18:43 -------- d-----w- c:\program files (x86)\Extensis
2012-07-14 18:41 . 2012-07-14 18:41 -------- d-----w- c:\programdata\{8D44CB76-5F9A-48E7-9DB0-586CC25172B6}
2012-07-14 16:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A3ED48B-DA5D-49B5-A3B2-EADB23D7B070}\mpengine.dll
2012-07-13 04:22 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 19:48 . 2012-07-11 19:50 -------- d-----w- c:\users\Lee\AppData\Roaming\TeraCopy
2012-07-11 19:47 . 2012-07-11 19:47 -------- d-----w- c:\program files\TeraCopy
2012-07-11 17:55 . 2012-07-11 17:55 -------- d-----w- c:\users\Lee\Library
2012-07-11 17:55 . 2012-07-11 17:55 -------- d-----w- c:\users\Lee\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2012-07-11 17:55 . 2012-07-11 17:55 -------- d-----w- c:\program files (x86)\YNAB 4
2012-07-11 12:57 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 16:02 . 2012-02-10 22:27 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18520421-1348-4F9E-8D47-D2B76BB3E7CA}\gapaengine.dll
2012-07-02 03:53 . 2012-07-02 03:53 -------- d-----w- c:\program files (x86)\Tobias Erichsen
2012-06-30 21:57 . 2012-06-30 21:57 -------- d-----w- c:\users\Lee\AppData\Roaming\Digital Rebellion
2012-06-30 00:37 . 2012-06-30 00:37 -------- d-----w- c:\program files (x86)\Digital Rebellion
2012-06-29 23:49 . 2012-06-29 23:49 -------- d-----w- c:\programdata\ALM
2012-06-27 18:51 . 2012-06-27 18:51 -------- d-----w- c:\users\Lee\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-06-27 18:51 . 2012-06-27 18:51 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-06-21 12:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 12:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 12:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 12:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 12:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 12:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 12:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 12:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 12:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 18:26 . 2012-06-20 18:26 -------- d-----w- c:\program files (x86)\Contour Shuttle
2012-06-20 18:26 . 2012-06-20 18:26 -------- d-----w- c:\programdata\Contour Design
2012-06-20 18:26 . 2012-06-20 18:26 -------- d-----w- c:\program files (x86)\Common Files\Contour Design
2012-06-19 16:03 . 2012-06-19 16:03 -------- d-----w- c:\users\Lee\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
2012-06-19 16:02 . 2012-06-19 16:02 -------- d-----w- c:\users\Lee\AppData\Roaming\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1
2012-06-19 16:02 . 2012-06-19 16:02 -------- d-----w- c:\program files (x86)\pomodairo
2012-06-19 15:52 . 2012-06-19 15:52 -------- d-----w- c:\program files (x86)\focus booster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 22:07 . 2012-04-03 16:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-13 22:07 . 2011-05-19 14:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-06-06 14:44 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-06-06 14:44 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-06 14:44 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-06 14:44 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-06 14:44 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-06 14:44 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-06 14:44 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-06 14:44 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-06 14:44 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-06 14:44 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-06 14:44 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-06-06 14:44 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-06 14:44 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-06-06 14:44 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-06 14:44 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-06-06 14:44 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-06 14:44 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-06 14:44 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-02-10 02:43 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-10-10 19:44 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-10-10 19:44 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-10-10 19:44 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-10-10 19:44 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-10-10 19:44 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-10-10 19:44 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-10-10 19:44 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-04-05 22:40 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2011-01-08 00:48 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-01-08 00:48 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-01-08 00:48 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-06-06 14:45 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-01-08 00:49 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-01-08 00:49 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-13 03:51 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-13 03:50 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 03:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 03:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-13 03:50 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-13 03:51 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-05-01 01:23 . 2011-04-06 00:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-28 03:55 . 2012-06-13 03:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 03:51 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 03:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 03:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 03:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 03:50 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 03:50 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 03:50 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_22.16.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-05 22:30 . 2012-07-17 18:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-05 22:30 . 2012-07-15 22:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-16 18:34 . 2012-07-16 18:34 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.19.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 63488 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.22.0__ce2cb7e279207b9e\cli_cppuhelper.dll
- 2012-07-15 22:16 . 2012-07-15 22:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-17 18:22 . 2012-07-17 18:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-15 22:16 . 2012-07-15 22:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-17 18:22 . 2012-07-17 18:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-16 18:34 . 2012-07-16 18:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\19.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.22.0__ce2cb7e279207b9e\cli_ure.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2009-07-14 05:01 . 2012-07-17 18:21 736204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-04-11 14:11 . 2008-04-11 14:11 233472 c:\windows\Installer\f68476.msi
+ 2012-07-16 18:34 . 2012-07-16 18:34 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.8.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 905216 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.8.0__ce2cb7e279207b9e\cli_oootypes.dll
+ 2012-04-19 06:53 . 2012-04-19 06:53 3121152 c:\windows\Installer\f69128.msi
+ 2011-04-05 23:17 . 2012-07-17 18:21 41434553 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2267121213-2034121084-4060978374-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Lee\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"BackgroundSwitcher"="c:\program files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2011-07-07 119104]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Starfield Updater"="c:\program files (x86)\Workspace\workspaceupdate.exe" [2012-05-02 34496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"x3watch"="c:\program files (x86)\X3watch\x3watch.exe" [2011-02-14 303104]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Contour Shuttle Device Helper"="c:\program files (x86)\Contour Shuttle\ShuttleHelper.exe" [2011-02-14 118784]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
.
c:\users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files (x86)\CrashPlan\CrashPlanTray.exe [2012-3-26 217088]
Portfolio Express 8.5.lnk - c:\program files (x86)\Extensis\Portfolio 8.5\Portfolio Express.exe [2011-8-25 3280896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-03-20 175520]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-12-10 131912]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-30 117520]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-06 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files (x86)\CrashPlan\CrashPlanService.exe [2012-03-26 152576]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2012-05-17 1168680]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-04-02 96768]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-30 8704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2011-07-01 1131008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 ALSysIO;ALSysIO;c:\users\Lee\AppData\Local\Temp\ALSysIO64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [2011-06-27 28160]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-26 16:21 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-26 16:21 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=make
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\8puqwbuf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:30,b3,2e,7e,0a,39,0f,06,f3,6f,81,c3,41,07,7c,fa,83,cc,f8,50,68,
80,36,0f,ff,1b,5e,79,44,a1,fc,44,15,d1,73,3d,bf,fe,e3,d6,f2,8a,53,ff,7d,4f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2012-07-17 14:29:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 18:29
ComboFix2.txt 2012-07-15 22:22
.
Pre-Run: 781,924,548,608 bytes free
Post-Run: 786,476,363,776 bytes free
.
- - End Of File - - 5B3F34F5A98309821F53697114191242

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,458 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:26 AM

Posted 17 July 2012 - 01:45 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#7 jumpymonkey9

jumpymonkey9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 17 July 2012 - 10:51 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lee :: LEE_EDITCOMPY [administrator]

7/17/2012 3:03:52 PM
mbam-log-2012-07-17 (15-03-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233170
Time elapsed: 1 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Qoobox\Quarantine\C\Users\Lee\AppData\Local\{d7835bf6-1843-eead-c368-36aa4f744506}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d7835bf6-1843-eead-c368-36aa4f744506}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d7835bf6-1843-eead-c368-36aa4f744506}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d7835bf6-1843-eead-c368-36aa4f744506}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
C:\Users\Lee\Downloads\cnet2_JoyToKey_en_5_0_3_zip.exe a variant of Win32/InstallCore.D application
E:\Artwork\Websites\WordPress Themes\black-bible.zip PHP/Kryptik.AB trojan
E:\Artwork\Websites\WordPress Themes\gins.zip PHP/Kryptik.AB trojan
E:\Artwork\Websites\WordPress Themes\StudioPress_Orange.zip PHP/Kryptik.AB trojan
E:\Artwork\Websites\WordPress Themes\black-bible\black-bible\footer.php PHP/Kryptik.AB trojan
E:\Artwork\Websites\WordPress Themes\gins\gins\footer.php PHP/Kryptik.AB trojan
E:\Artwork\Websites\WordPress Themes\StudioPress_Orange\StudioPress_Orange\footer.php PHP/Kryptik.AB trojan

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,458 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:26 AM

Posted 18 July 2012 - 10:46 AM

Please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Lee\Downloads\cnet2_JoyToKey_en_5_0_3_zip.exe 
E:\Artwork\Websites\WordPress Themes\black-bible.zip 
E:\Artwork\Websites\WordPress Themes\gins.zip 
E:\Artwork\Websites\WordPress Themes\StudioPress_Orange.zip 
E:\Artwork\Websites\WordPress Themes\black-bible\black-bible\footer.php 
E:\Artwork\Websites\WordPress Themes\gins\gins\footer.php 
E:\Artwork\Websites\WordPress Themes\StudioPress_Orange\StudioPress_Orange\footer.php 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT


Please advise how the computer is running now and if there are any outstanding issues
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#9 jumpymonkey9

jumpymonkey9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 18 July 2012 - 11:26 AM

Hi, I installed Java, and I'm posting the ComboFix log, but I still can't start MS Security Essentials. It's still giving me the same "The specified service does not exist as an installed service" when I open it and click "Start Now". Do I need to uninstall and reinstall it? I'll wait for your response. Thank you!

ComboFix 12-07-18.04 - Lee 07/18/2012 11:55:39.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.10102 [GMT -4:00]
Running from: c:\users\Lee\Desktop\ComboFix.exe
Command switches used :: c:\users\Lee\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Lee\Downloads\cnet2_JoyToKey_en_5_0_3_zip.exe"
"e:\artwork\Websites\WordPress Themes\black-bible.zip"
"e:\artwork\Websites\WordPress Themes\black-bible\black-bible\footer.php"
"e:\artwork\Websites\WordPress Themes\gins.zip"
"e:\artwork\Websites\WordPress Themes\gins\gins\footer.php"
"e:\artwork\Websites\WordPress Themes\StudioPress_Orange.zip"
"e:\artwork\Websites\WordPress Themes\StudioPress_Orange\StudioPress_Orange\footer.php"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lee\Downloads\cnet2_JoyToKey_en_5_0_3_zip.exe
c:\windows\TEMP\jna1638154874449879843.dll
e:\artwork\Websites\WordPress Themes\black-bible.zip
e:\artwork\Websites\WordPress Themes\black-bible\black-bible\footer.php
e:\artwork\Websites\WordPress Themes\gins.zip
e:\artwork\Websites\WordPress Themes\gins\gins\footer.php
e:\artwork\Websites\WordPress Themes\StudioPress_Orange.zip
e:\artwork\Websites\WordPress Themes\StudioPress_Orange\StudioPress_Orange\footer.php
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 16:05 . 2012-07-18 16:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-18 16:05 . 2012-07-18 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 19:08 . 2012-07-17 19:08 -------- d-----w- c:\program files (x86)\ESET
2012-07-17 08:20 . 2012-07-17 08:21 -------- d-----w- C:\FRST
2012-07-15 22:01 . 2012-07-15 22:22 -------- d-----w- C:\comfix
2012-07-15 21:41 . 2012-07-15 21:41 -------- d-----w- c:\users\Lee\AppData\Roaming\Malwarebytes
2012-07-15 21:41 . 2012-07-15 21:41 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 21:41 . 2012-07-15 21:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 21:41 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 18:54 . 2012-07-15 18:54 -------- d-----w- c:\program files (x86)\Citrix
2012-07-14 22:31 . 2012-07-14 22:31 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-14 18:45 . 2012-07-14 18:45 -------- d-----w- c:\programdata\Celartem
2012-07-14 18:44 . 2012-07-14 21:10 -------- d-----w- c:\programdata\Extensis
2012-07-14 18:43 . 2012-07-14 21:10 -------- d-----w- c:\users\Lee\AppData\Roaming\Extensis
2012-07-14 18:43 . 2012-07-14 18:43 -------- d-----w- c:\program files (x86)\Extensis
2012-07-14 18:41 . 2012-07-14 18:41 -------- d-----w- c:\programdata\{8D44CB76-5F9A-48E7-9DB0-586CC25172B6}
2012-07-14 16:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A3ED48B-DA5D-49B5-A3B2-EADB23D7B070}\mpengine.dll
2012-07-13 04:22 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 19:48 . 2012-07-11 19:50 -------- d-----w- c:\users\Lee\AppData\Roaming\TeraCopy
2012-07-11 19:47 . 2012-07-11 19:47 -------- d-----w- c:\program files\TeraCopy
2012-07-11 17:55 . 2012-07-11 17:55 -------- d-----w- c:\users\Lee\Library
2012-07-11 17:55 . 2012-07-11 17:55 -------- d-----w- c:\users\Lee\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2012-07-11 17:55 . 2012-07-11 17:55 -------- d-----w- c:\program files (x86)\YNAB 4
2012-07-11 12:57 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:53 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-03 16:02 . 2012-02-10 22:27 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18520421-1348-4F9E-8D47-D2B76BB3E7CA}\gapaengine.dll
2012-07-02 03:53 . 2012-07-02 03:53 -------- d-----w- c:\program files (x86)\Tobias Erichsen
2012-06-30 21:57 . 2012-06-30 21:57 -------- d-----w- c:\users\Lee\AppData\Roaming\Digital Rebellion
2012-06-30 00:37 . 2012-06-30 00:37 -------- d-----w- c:\program files (x86)\Digital Rebellion
2012-06-29 23:49 . 2012-06-29 23:49 -------- d-----w- c:\programdata\ALM
2012-06-27 18:51 . 2012-06-27 18:51 -------- d-----w- c:\users\Lee\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-06-27 18:51 . 2012-06-27 18:51 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-06-21 12:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 12:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 12:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 12:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 12:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 12:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 12:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 12:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 12:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 18:26 . 2012-06-20 18:26 -------- d-----w- c:\program files (x86)\Contour Shuttle
2012-06-20 18:26 . 2012-06-20 18:26 -------- d-----w- c:\programdata\Contour Design
2012-06-20 18:26 . 2012-06-20 18:26 -------- d-----w- c:\program files (x86)\Common Files\Contour Design
2012-06-19 16:03 . 2012-06-19 16:03 -------- d-----w- c:\users\Lee\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
2012-06-19 16:02 . 2012-06-19 16:02 -------- d-----w- c:\users\Lee\AppData\Roaming\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1
2012-06-19 16:02 . 2012-06-19 16:02 -------- d-----w- c:\program files (x86)\pomodairo
2012-06-19 15:52 . 2012-06-19 15:52 -------- d-----w- c:\program files (x86)\focus booster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 22:07 . 2012-04-03 16:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-13 22:07 . 2011-05-19 14:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 07:19 . 2011-04-05 23:13 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-05-15 10:48 . 2012-06-06 14:44 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-06-06 14:44 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-06 14:44 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-06 14:44 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-06 14:44 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-06 14:44 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-06 14:44 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-06 14:44 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-06 14:44 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-06 14:44 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-06 14:44 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-06-06 14:44 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-06 14:44 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-06-06 14:44 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-06 14:44 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-06-06 14:44 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-06 14:44 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-06 14:44 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-02-10 02:43 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-10-10 19:44 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-10-10 19:44 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-10-10 19:44 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-10-10 19:44 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-10-10 19:44 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-10-10 19:44 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-10-10 19:44 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-04-05 22:40 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2011-01-08 00:48 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-01-08 00:48 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-01-08 00:48 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-06-06 14:45 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-01-08 00:49 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-01-08 00:49 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-13 03:51 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-13 03:50 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 03:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 03:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-13 03:50 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-13 03:51 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-05-01 01:23 . 2011-04-06 00:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-28 03:55 . 2012-06-13 03:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 03:51 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 03:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 03:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 03:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 03:50 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 03:50 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 03:50 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_22.16.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-05 22:30 . 2012-07-18 16:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-05 22:30 . 2012-07-15 22:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-16 18:34 . 2012-07-16 18:34 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.19.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 63488 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.22.0__ce2cb7e279207b9e\cli_cppuhelper.dll
- 2012-07-15 22:16 . 2012-07-15 22:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-18 16:06 . 2012-07-18 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-15 22:16 . 2012-07-15 22:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-18 16:06 . 2012-07-18 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-16 18:34 . 2012-07-16 18:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\19.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.22.0__ce2cb7e279207b9e\cli_ure.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2009-07-14 05:01 . 2012-07-18 16:05 736204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-04-11 14:11 . 2008-04-11 14:11 233472 c:\windows\Installer\f68476.msi
+ 2012-07-16 18:34 . 2012-07-16 18:34 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.8.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2012-07-16 18:34 . 2012-07-16 18:34 905216 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.8.0__ce2cb7e279207b9e\cli_oootypes.dll
+ 2012-04-19 06:53 . 2012-04-19 06:53 3121152 c:\windows\Installer\f69128.msi
+ 2011-04-05 23:17 . 2012-07-18 16:06 41483192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2267121213-2034121084-4060978374-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Lee\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"BackgroundSwitcher"="c:\program files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2011-07-07 119104]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Starfield Updater"="c:\program files (x86)\Workspace\workspaceupdate.exe" [2012-05-02 34496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"x3watch"="c:\program files (x86)\X3watch\x3watch.exe" [2011-02-14 303104]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Contour Shuttle Device Helper"="c:\program files (x86)\Contour Shuttle\ShuttleHelper.exe" [2011-02-14 118784]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
.
c:\users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files (x86)\CrashPlan\CrashPlanTray.exe [2012-3-26 217088]
Portfolio Express 8.5.lnk - c:\program files (x86)\Extensis\Portfolio 8.5\Portfolio Express.exe [2011-8-25 3280896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-03-20 175520]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-12-10 131912]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-30 117520]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-06 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files (x86)\CrashPlan\CrashPlanService.exe [2012-03-26 152576]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2012-05-17 1168680]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-04-02 96768]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-30 8704]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2011-07-01 1131008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 ALSysIO;ALSysIO;c:\users\Lee\AppData\Local\Temp\ALSysIO64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [2011-06-27 28160]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-26 16:21 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-26 16:21 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=make
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\8puqwbuf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:30,b3,2e,7e,0a,39,0f,06,f3,6f,81,c3,41,07,7c,fa,83,cc,f8,50,68,
80,36,0f,ff,1b,5e,79,44,a1,fc,44,15,d1,73,3d,bf,fe,e3,d6,f2,8a,53,ff,7d,4f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Contour Shuttle\ShuttleEngine.exe
c:\program files (x86)\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2012-07-18 12:13:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 16:13
ComboFix2.txt 2012-07-17 18:29
ComboFix3.txt 2012-07-15 22:22
.
Pre-Run: 784,140,378,112 bytes free
Post-Run: 784,901,414,912 bytes free
.
- - End Of File - - 6BB3FC37617E702A81216FF50E19805A

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,458 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:26 AM

Posted 18 July 2012 - 11:30 AM

yes, uninstall it completely, then re-install it, let me know how that goes
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#11 jumpymonkey9

jumpymonkey9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 18 July 2012 - 11:59 AM

That did the trick. Thank you so much for your help!

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,458 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:26 AM

Posted 18 July 2012 - 12:02 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the DDS and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#13 jumpymonkey9

jumpymonkey9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 18 July 2012 - 01:44 PM

Now that MSE is working, what's the best way to turn it off in order to uninstall Combofix?

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,458 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:26 AM

Posted 18 July 2012 - 02:22 PM

open the user interface > click on the "settings" tab > click on "real time protection" > uncheck "turn on real time protection (recommended)" > click save changes.

Now ComboFix should uninstall without a hitch

Edited by CatByte, 19 July 2012 - 10:42 AM.

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#15 jumpymonkey9

jumpymonkey9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 19 July 2012 - 09:54 AM

Everything is looking good. Thank you for your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users