Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

live essential platinum virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 DianneMillen

DianneMillen

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 22 June 2012 - 05:54 PM

I only have one computer and it is crippled. It reboots every 2 minutes after running malwarebytes to remove virus. I have a Linux bootable Cd. I can get into my network. I'm now using my kindle fire to communicate. Can I please get some assistance?

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:38 AM

Posted 22 June 2012 - 07:04 PM

Boot the PC into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 DianneMillen

DianneMillen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 22 June 2012 - 07:13 PM

I'll try. Even in safe without network it reboots. I'll download from Linux mint boot.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:38 AM

Posted 22 June 2012 - 07:14 PM

I'll try. Even in safe without network it reboots. I'll download from Linux mint boot.

I think we may have better option.Let me ask a malware response team member to assist you.

good luck

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:38 AM

Posted 22 June 2012 - 07:33 PM

:welcome:

Before we start, please read the following suggestions:

  • Do not download and run tools unless instructed.

    We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.


  • Do not attach logs or use code boxes unless instructed, just copy and paste the text on your reply.

    Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read them in your post.


  • Please read every post completely before doing anything.

    Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

  • Please provide feedback about your experience as we go.

    A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.


NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: Save the instructions in notepad or print them if necessary, so you can have access to these, should you require to go offline during the cleanup process.


Lets give it a try. You will need a USB Flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:38 AM

Posted 22 June 2012 - 07:36 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 DianneMillen

DianneMillen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 22 June 2012 - 07:52 PM

I can't or don't know how to save file to usher from Linux so launched in safe w networking and safe too but they get stuck on drivers/classpnp.sys. I can still boot to Linux.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:38 AM

Posted 22 June 2012 - 08:30 PM

Is there a Repair my computer option in the Advanced Menu?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 DianneMillen

DianneMillen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 22 June 2012 - 08:31 PM

I figured out how to save it to my flash drive and ran the scan. While the scan was running I got a popup The file or directory c:\windows\ntblog.txt is corrupt or unreadable. Please run chkdsk utility. Hopefully I didn't screw something up. Here is the body of the text file:

Scan result of Farbar Recovery Scan Tool Version: 22-06-2012

Ran by SYSTEM at 22-06-2012 18:07:55

Running from G:\

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001



========================== Registry (Whitelisted) =============



HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15960096 2009-03-06] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2009-03-06] (NVIDIA Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2008-09-19] (Sonic Solutions)

HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46368 2009-08-27] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [29984 2009-08-27] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [377 2012-06-22] ()

HKLM-x32\...\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe [1365280 2009-08-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe [62752 2009-08-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-05-03] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)

HKU\Dianne\...\Run: [MemDesktopToolApp] "C:\Program Files (x86)\Quicken Medical Expense Manager\MemDesktopToolApp.exe" -winstartup [75040 2007-10-08] (Intuit Inc.)

HKU\Dianne\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-23] (Google Inc.)

HKU\Dianne\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)

HKU\Dianne\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\Dianne\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount [33120 2010-08-20] (Alcohol Soft Development Team)

HKU\Dianne\...\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe [2164256 2011-10-26] (Fitbit, Inc.)

HKU\Dianne\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [955792 2012-05-03] (Samsung)

HKU\Dianne\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-05-03] ()

HKU\Dianne.HOME\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-23] (Google Inc.)

HKU\Dianne.HOME\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)

HKU\Dianne.HOME\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount [33120 2010-08-20] (Alcohol Soft Development Team)

HKU\Jeff\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-23] (Google Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Hardcopy.LNK

ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk

ShortcutTarget: PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)



==================== Services (Whitelisted) ======



4 atashost; "C:\Windows\SysWOW64\atashost.exe" [43912 2011-11-18] (WebEx Communications, Inc.)

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)

4 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)

4 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)

4 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()

4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2009-08-27] (Nuance Communications, Inc.)

4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)

3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]



========================== Drivers (Whitelisted) =============



2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)

3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn64.sys [11264 2009-04-20] (Hewlett-Packard Development Company, L.P.)

3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.sys [40976 2009-06-17] (Logitech, Inc.)

1 SASDIFSV; \??\C:\Users\DIANNE~1.HOM\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Users\DIANNE~1.HOM\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-11-27] (Duplex Secure Ltd.)

3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()

3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] ()

3 cpuz132; \??\C:\Users\DIANNE~1.HOM\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]



========================== NetSvcs (Whitelisted) ===========





============ One Month Created Files and Folders ==============



2012-06-22 16:41 - 2012-06-22 16:39 - 01424539 ____A C:\Users\Dianne\Desktop\FRST64.exe

2012-06-22 16:23 - 2012-06-20 13:11 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\Dianne\Desktop\TDSSKiller.exe

2012-06-22 10:08 - 2012-06-22 10:08 - 00000000 __SHD C:\found.000

2012-06-22 09:52 - 2012-06-22 09:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.270B238B7A57B91A

2012-06-22 09:52 - 2012-06-22 09:52 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ofnbdjex.sys

2012-06-22 09:47 - 2012-06-22 09:47 - 00000000 ____D C:\Users\Dianne\AppData\Local\{86F1D7E1-378F-40BC-BE01-968B7D37382C}

2012-06-22 09:47 - 2012-06-22 09:47 - 00000000 ____D C:\Users\Dianne\AppData\Local\{0ECE9A59-8210-4A46-8795-681AD39693B1}

2012-06-22 09:33 - 2012-06-22 09:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9112E9A3E65034B1

2012-06-22 09:27 - 2012-06-22 09:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9ECE51E7499E18FF

2012-06-22 09:27 - 2012-06-22 09:27 - 00001843 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-06-22 09:27 - 2012-03-06 16:04 - 00337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-06-22 09:27 - 2012-03-06 16:02 - 00053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-06-22 09:27 - 2012-03-06 16:01 - 00059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-06-22 09:27 - 2012-03-06 16:01 - 00024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-06-22 09:23 - 2012-06-22 09:27 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-06-22 09:23 - 2012-06-22 09:23 - 74761776 ____A C:\Users\Dianne\Desktop\avast_free_antivirus_setup.exe

2012-06-22 09:23 - 2012-06-22 09:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6C02F356AC13BF8

2012-06-22 09:23 - 2012-03-06 16:15 - 00258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-06-22 09:23 - 2012-03-06 16:04 - 00819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-06-22 09:23 - 2012-03-06 16:01 - 00069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-06-22 09:22 - 2012-06-22 09:27 - 00000000 ____D C:\Users\All Users\AVAST Software

2012-06-22 09:22 - 2012-06-22 09:22 - 00000000 ____D C:\Program Files\AVAST Software

2012-06-22 09:22 - 2012-03-06 16:15 - 00201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-06-22 09:22 - 2012-03-06 16:15 - 00041184 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-06-22 08:11 - 2012-06-22 08:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31FF55653E717E04

2012-06-22 08:06 - 2012-06-22 08:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9B584A73B3E8EFB8

2012-06-22 08:05 - 2012-06-22 08:05 - 00001684 ____A C:\Users\Dianne\Desktop\FixExec.txt

2012-06-22 07:56 - 2012-06-22 07:49 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Dianne\Desktop\FixExec.exe

2012-06-21 20:15 - 2012-06-21 20:15 - 00000000 ____D C:\Users\Dianne\AppData\Local\{C16AB6EC-87FD-4C6A-8E66-0270AE2E304C}

2012-06-21 20:15 - 2012-06-21 20:15 - 00000000 ____D C:\Users\Dianne\AppData\Local\{67BC6E7E-ADCF-452E-8553-87CF4F2F7075}

2012-06-21 20:08 - 2012-06-21 20:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC7A251C0EC2CFC0

2012-06-21 20:06 - 2012-06-21 20:06 - 00000000 ____D C:\Users\Dianne\AppData\Local\{464167EC-7A27-4FE1-9AEC-078F5C8F8F24}

2012-06-21 20:00 - 2012-06-21 20:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8002741FF9F8D8DA

2012-06-21 19:54 - 2012-06-21 19:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6381A411946814B8

2012-06-21 19:50 - 2012-06-21 19:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB4E128938D18353

2012-06-21 19:05 - 2012-06-21 19:05 - 00000000 ____D C:\Users\Dianne\AppData\Local\{D76B5DD9-739E-443D-A588-92C529EB073C}

2012-06-21 19:05 - 2012-06-21 19:05 - 00000000 ____D C:\Users\Dianne\AppData\Local\{334EE724-CEF2-4614-9CA5-CBEF14E3A987}

2012-06-18 20:07 - 2012-06-18 20:08 - 00000000 ____D C:\Users\Dianne\AppData\Local\{24E518AD-D618-477A-8280-3C48F11DB222}

2012-06-18 20:07 - 2012-06-18 20:07 - 00000000 ____D C:\Users\Dianne\AppData\Local\{F0588EF3-4F9F-448C-9071-18D1A2E9EA17}

2012-06-17 10:00 - 2012-06-17 10:00 - 00000000 ____D C:\Users\Dianne\AppData\Local\{07E8F09F-D76A-4DA2-9EEC-8DD6CC7E5F6B}

2012-06-16 14:56 - 2012-06-16 17:31 - 00000000 ____D C:\Program Files\Microsoft Security Client

2012-06-16 14:56 - 2012-06-16 17:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2012-06-16 14:44 - 2012-06-16 14:45 - 00000000 ____D C:\Users\Dianne\AppData\Local\{F0101FAD-C719-4BB3-9C2F-7057922A6B60}

2012-06-16 13:12 - 2012-06-16 17:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-16 13:12 - 2012-06-16 17:26 - 00000000 ____D C:\Users\Dianne\AppData\Roaming\Malwarebytes

2012-06-16 13:12 - 2012-06-16 17:25 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-06-16 13:12 - 2012-06-16 13:12 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-06-16 13:12 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-16 13:10 - 2012-06-16 13:10 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Dianne\Desktop\mbam-setup-1.61.0.1400.exe

2012-06-16 13:05 - 2012-06-16 13:05 - 00000357 ____A C:\rkill.log

2012-06-16 10:18 - 2012-06-16 17:31 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-06-16 10:02 - 2012-06-22 09:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-06-16 10:02 - 2012-06-16 17:31 - 00000000 ____D C:\Windows\System32\Macromed

2012-06-16 10:02 - 2012-06-16 10:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-06-16 09:59 - 2012-06-16 09:59 - 00000000 ____D C:\Users\All Users\F4D55EFF0003FDF509DD47FEB4EB2331

2012-06-14 17:47 - 2012-06-14 17:48 - 00000000 ____D C:\Users\Dianne\AppData\Local\{A8FE4209-F5A7-462D-A8A5-369B47478279}

2012-06-13 02:02 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-13 02:02 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-13 02:02 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-13 02:01 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-13 02:01 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-13 02:01 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-13 02:01 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-13 02:01 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-13 02:01 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-13 02:01 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-13 02:01 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-13 02:01 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-13 02:01 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-13 02:01 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-13 02:01 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-13 02:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-13 02:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-13 02:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-13 02:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-13 02:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-13 02:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-13 02:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-13 02:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-13 02:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-13 02:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-13 02:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-13 02:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-13 02:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-12 14:44 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-12 14:44 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-06-12 14:44 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-06-12 14:44 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-06-12 14:44 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-06-12 14:44 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2012-06-12 14:44 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-06-12 14:44 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-06-12 14:44 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-06-12 14:44 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-06-12 14:43 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-06-12 14:43 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-06-12 14:43 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-06-12 14:43 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-06-12 14:43 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-06-12 14:43 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-06-12 14:43 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll

2012-06-12 14:43 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2012-06-04 16:45 - 2012-06-04 16:45 - 00000000 ____D C:\Users\Dianne\AppData\Local\{9060C5D4-CC54-4051-AA38-AD7BB5581EF5}

2012-06-04 16:45 - 2012-06-04 16:45 - 00000000 ____D C:\Users\Dianne\AppData\Local\{28DD87C2-7C7B-4874-A2D5-71E9B107C8F6}

2012-05-31 19:10 - 2012-05-31 19:10 - 00000000 ____D C:\Users\Dianne\AppData\Local\{BDEEDC77-F5E8-4490-BFE3-B931CDDC394B}

2012-05-31 19:10 - 2012-05-31 19:10 - 00000000 ____D C:\Users\Dianne\AppData\Local\{29A0C685-9370-40AA-9BC6-A7D64A1DC6A1}

2012-05-31 18:27 - 2012-05-31 18:27 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-05-28 10:35 - 2012-05-28 10:36 - 00000000 ____D C:\Users\Dianne\AppData\Local\{F41879D4-CB82-433B-9476-380644375F58}

2012-05-28 10:35 - 2012-05-28 10:35 - 00000000 ____D C:\Users\Dianne\AppData\Local\{2AB1F952-1FAD-4C90-BAD7-BFCAE402FA0E}





============ 3 Months Modified Files and Folders =============



2012-06-22 18:08 - 2012-06-22 18:07 - 00000000 ____D C:\FRST

2012-06-22 16:39 - 2012-06-22 16:41 - 01424539 ____A C:\Users\Dianne\Desktop\FRST64.exe

2012-06-22 10:08 - 2012-06-22 10:08 - 00000000 __SHD C:\found.000

2012-06-22 09:52 - 2012-06-22 09:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.270B238B7A57B91A

2012-06-22 09:52 - 2012-06-22 09:52 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ofnbdjex.sys

2012-06-22 09:47 - 2012-06-22 09:47 - 00000000 ____D C:\Users\Dianne\AppData\Local\{86F1D7E1-378F-40BC-BE01-968B7D37382C}

2012-06-22 09:47 - 2012-06-22 09:47 - 00000000 ____D C:\Users\Dianne\AppData\Local\{0ECE9A59-8210-4A46-8795-681AD39693B1}

2012-06-22 09:40 - 2010-05-21 19:31 - 00000000 ____D C:\Users\Dianne\Tracing

2012-06-22 09:38 - 2012-03-27 20:08 - 00000474 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job

2012-06-22 09:37 - 2012-06-16 10:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-06-22 09:37 - 2010-02-02 18:58 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-06-22 09:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-06-22 09:36 - 2009-07-13 20:51 - 00055812 ____A C:\Windows\setupact.log

2012-06-22 09:33 - 2012-06-22 09:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9112E9A3E65034B1

2012-06-22 09:27 - 2012-06-22 09:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9ECE51E7499E18FF

2012-06-22 09:27 - 2012-06-22 09:27 - 00001843 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-06-22 09:27 - 2012-06-22 09:23 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-06-22 09:27 - 2012-06-22 09:22 - 00000000 ____D C:\Users\All Users\AVAST Software

2012-06-22 09:23 - 2012-06-22 09:23 - 74761776 ____A C:\Users\Dianne\Desktop\avast_free_antivirus_setup.exe

2012-06-22 09:23 - 2012-06-22 09:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6C02F356AC13BF8

2012-06-22 09:22 - 2012-06-22 09:22 - 00000000 ____D C:\Program Files\AVAST Software

2012-06-22 08:11 - 2012-06-22 08:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31FF55653E717E04

2012-06-22 08:06 - 2012-06-22 08:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9B584A73B3E8EFB8

2012-06-22 08:05 - 2012-06-22 08:05 - 00001684 ____A C:\Users\Dianne\Desktop\FixExec.txt

2012-06-22 07:49 - 2012-06-22 07:56 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Dianne\Desktop\FixExec.exe

2012-06-21 20:15 - 2012-06-21 20:15 - 00000000 ____D C:\Users\Dianne\AppData\Local\{C16AB6EC-87FD-4C6A-8E66-0270AE2E304C}

2012-06-21 20:15 - 2012-06-21 20:15 - 00000000 ____D C:\Users\Dianne\AppData\Local\{67BC6E7E-ADCF-452E-8553-87CF4F2F7075}

2012-06-21 20:08 - 2012-06-21 20:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC7A251C0EC2CFC0

2012-06-21 20:07 - 2009-08-16 11:32 - 01974764 ____A C:\Windows\WindowsUpdate.log

2012-06-21 20:06 - 2012-06-21 20:06 - 00000000 ____D C:\Users\Dianne\AppData\Local\{464167EC-7A27-4FE1-9AEC-078F5C8F8F24}

2012-06-21 20:00 - 2012-06-21 20:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8002741FF9F8D8DA

2012-06-21 19:59 - 2010-02-02 18:58 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-06-21 19:57 - 2011-02-15 17:48 - 00000000 ____D C:\users\Administrator

2012-06-21 19:57 - 2011-01-14 16:49 - 00000000 ____D C:\users\Jeff

2012-06-21 19:57 - 2009-09-20 10:57 - 00000000 ____D C:\users\Dianne.HOME

2012-06-21 19:57 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV

2012-06-21 19:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2012-06-21 19:54 - 2012-06-21 19:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6381A411946814B8

2012-06-21 19:50 - 2012-06-21 19:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB4E128938D18353

2012-06-21 19:46 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe

2012-06-21 19:27 - 2010-01-03 13:10 - 00000000 ____D C:\Program Files (x86)\Windows Live

2012-06-21 19:06 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-06-21 19:06 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-06-21 19:05 - 2012-06-21 19:05 - 00000000 ____D C:\Users\Dianne\AppData\Local\{D76B5DD9-739E-443D-A588-92C529EB073C}

2012-06-21 19:05 - 2012-06-21 19:05 - 00000000 ____D C:\Users\Dianne\AppData\Local\{334EE724-CEF2-4614-9CA5-CBEF14E3A987}

2012-06-21 19:00 - 2009-08-16 12:05 - 00000000 ____D C:\users\Dianne

2012-06-20 13:11 - 2012-06-22 16:23 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\Dianne\Desktop\TDSSKiller.exe

2012-06-18 20:08 - 2012-06-18 20:07 - 00000000 ____D C:\Users\Dianne\AppData\Local\{24E518AD-D618-477A-8280-3C48F11DB222}

2012-06-18 20:07 - 2012-06-18 20:07 - 00000000 ____D C:\Users\Dianne\AppData\Local\{F0588EF3-4F9F-448C-9071-18D1A2E9EA17}

2012-06-17 10:00 - 2012-06-17 10:00 - 00000000 ____D C:\Users\Dianne\AppData\Local\{07E8F09F-D76A-4DA2-9EEC-8DD6CC7E5F6B}

2012-06-16 17:31 - 2012-06-16 14:56 - 00000000 ____D C:\Program Files\Microsoft Security Client

2012-06-16 17:31 - 2012-06-16 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2012-06-16 17:31 - 2012-06-16 13:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-16 17:31 - 2012-06-16 10:18 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-06-16 17:31 - 2012-06-16 10:02 - 00000000 ____D C:\Windows\System32\Macromed

2012-06-16 17:31 - 2011-12-14 03:22 - 00000000 ____D C:\Windows\rescache

2012-06-16 17:31 - 2009-08-21 19:54 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2012-06-16 17:31 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media

2012-06-16 17:26 - 2012-06-16 13:12 - 00000000 ____D C:\Users\Dianne\AppData\Roaming\Malwarebytes

2012-06-16 17:26 - 2012-05-18 17:34 - 00000000 ____D C:\Users\Dianne\AppData\Local\Samsung

2012-06-16 17:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2012-06-16 17:25 - 2012-06-16 13:12 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-06-16 14:56 - 2011-02-08 18:04 - 00001945 ____A C:\Windows\epplauncher.mif

2012-06-16 14:56 - 2009-08-23 08:50 - 00763826 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-06-16 14:45 - 2012-06-16 14:44 - 00000000 ____D C:\Users\Dianne\AppData\Local\{F0101FAD-C719-4BB3-9C2F-7057922A6B60}

2012-06-16 14:41 - 2009-08-16 13:26 - 00097768 ____A C:\Windows\PFRO.log

2012-06-16 13:12 - 2012-06-16 13:12 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-06-16 13:10 - 2012-06-16 13:10 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Dianne\Desktop\mbam-setup-1.61.0.1400.exe

2012-06-16 13:05 - 2012-06-16 13:05 - 00000357 ____A C:\rkill.log

2012-06-16 10:02 - 2012-06-16 10:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-06-16 10:02 - 2011-09-15 16:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-06-16 10:01 - 2012-01-11 04:13 - 00000000 __SHD C:\Users\Dianne\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

2012-06-16 09:59 - 2012-06-16 09:59 - 00000000 ____D C:\Users\All Users\F4D55EFF0003FDF509DD47FEB4EB2331

2012-06-14 17:48 - 2012-06-14 17:47 - 00000000 ____D C:\Users\Dianne\AppData\Local\{A8FE4209-F5A7-462D-A8A5-369B47478279}

2012-06-13 02:55 - 2009-07-13 20:45 - 00511160 ____A C:\Windows\System32\FNTCACHE.DAT

2012-06-13 02:33 - 2009-08-16 12:48 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-06-13 02:29 - 2009-07-13 21:13 - 00764046 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-13 02:18 - 2009-09-20 10:42 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-06-11 19:00 - 2011-07-11 20:05 - 00002342 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-06-04 16:45 - 2012-06-04 16:45 - 00000000 ____D C:\Users\Dianne\AppData\Local\{9060C5D4-CC54-4051-AA38-AD7BB5581EF5}

2012-06-04 16:45 - 2012-06-04 16:45 - 00000000 ____D C:\Users\Dianne\AppData\Local\{28DD87C2-7C7B-4874-A2D5-71E9B107C8F6}

2012-06-04 16:44 - 2009-08-23 09:19 - 00000000 ____D C:\Users\All Users\Adobe

2012-06-03 20:02 - 2009-08-21 19:54 - 00000000 ____D C:\Users\Dianne\AppData\Roaming\Adobe

2012-05-31 19:10 - 2012-05-31 19:10 - 00000000 ____D C:\Users\Dianne\AppData\Local\{BDEEDC77-F5E8-4490-BFE3-B931CDDC394B}

2012-05-31 19:10 - 2012-05-31 19:10 - 00000000 ____D C:\Users\Dianne\AppData\Local\{29A0C685-9370-40AA-9BC6-A7D64A1DC6A1}

2012-05-31 18:27 - 2012-05-31 18:27 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-05-31 18:26 - 2010-11-05 17:23 - 00000000 ____D C:\Program Files (x86)\Adobe

2012-05-31 18:25 - 2009-08-23 09:17 - 00000000 ____D C:\Users\Dianne\AppData\Local\Adobe

2012-05-28 10:36 - 2012-05-28 10:35 - 00000000 ____D C:\Users\Dianne\AppData\Local\{F41879D4-CB82-433B-9476-380644375F58}

2012-05-28 10:35 - 2012-05-28 10:35 - 00000000 ____D C:\Users\Dianne\AppData\Local\{2AB1F952-1FAD-4C90-BAD7-BFCAE402FA0E}

2012-05-27 00:33 - 2009-12-02 18:36 - 00000000 ____D C:\mIRC-TCKG5

2012-05-18 22:12 - 2012-05-18 20:30 - 00000000 ____D C:\Users\Dianne\Documents\SelfMV

2012-05-18 20:31 - 2012-05-18 20:31 - 00000000 ____D C:\Program Files (x86)\MyFree Codec

2012-05-18 20:31 - 2012-05-18 20:30 - 00005120 ____A C:\Users\Dianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-05-18 17:57 - 2012-05-18 17:57 - 00000000 ____D C:\Users\Dianne\AppData\Local\{4E6B71F8-0990-4179-8405-EBA730AD845E}

2012-05-18 17:57 - 2012-05-18 17:56 - 00000000 ____D C:\Users\Dianne\AppData\Local\{5079A162-9F31-41E1-A26F-40C64BEBDADE}

2012-05-18 17:34 - 2012-05-18 17:34 - 00000000 ____D C:\Users\Dianne\Documents\samsung

2012-05-18 17:34 - 2012-05-18 17:34 - 00000000 ____D C:\Users\Dianne\AppData\Roaming\Samsung

2012-05-18 17:33 - 2012-05-18 17:33 - 00001955 ____A C:\Users\Public\Desktop\Samsung Kies.lnk

2012-05-18 17:28 - 2012-05-18 17:24 - 00000000 ____D C:\Users\All Users\Samsung

2012-05-18 17:28 - 2012-05-18 17:24 - 00000000 ____D C:\Program Files (x86)\Samsung

2012-05-18 17:26 - 2012-05-18 17:26 - 00000000 ____D C:\Program Files (x86)\MarkAny

2012-05-18 17:25 - 2009-08-16 17:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2012-05-18 17:22 - 2012-05-18 17:22 - 00000000 ____D C:\Users\Dianne\AppData\Local\Downloaded Installations

2012-05-18 17:07 - 2012-05-18 17:07 - 00000000 ____D C:\Users\Dianne\AppData\Local\{D3B1FAEE-3ADB-41A3-B967-CC346AEEAC2D}

2012-05-18 17:07 - 2012-05-18 17:07 - 00000000 ____D C:\Users\Dianne\AppData\Local\{671AFBDE-40D8-4990-9545-E84070436AB7}

2012-05-17 18:47 - 2012-06-13 02:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-05-17 18:16 - 2012-06-13 02:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-05-17 18:06 - 2012-06-13 02:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-05-17 17:59 - 2012-06-13 02:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-17 17:59 - 2012-06-13 02:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-05-17 17:58 - 2012-06-13 02:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-05-17 17:58 - 2012-06-13 02:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-05-17 17:56 - 2012-06-13 02:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-17 17:56 - 2011-02-12 17:51 - 00000000 ____D C:\Users\Dianne\AppData\Local\CutePDF Writer

2012-05-17 17:55 - 2012-06-13 02:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-05-17 17:55 - 2012-06-13 02:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-05-17 17:54 - 2012-06-13 02:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-05-17 17:51 - 2012-06-13 02:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-05-17 17:51 - 2012-06-13 02:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-05-17 17:47 - 2012-06-13 02:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-05-17 15:11 - 2012-06-13 02:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-05-17 14:48 - 2012-06-13 02:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-05-17 14:45 - 2012-06-13 02:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-05-17 14:36 - 2012-06-13 02:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-05-17 14:35 - 2012-06-13 02:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-05-17 14:35 - 2012-06-13 02:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-05-17 14:33 - 2012-06-13 02:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-05-17 14:31 - 2012-06-13 02:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-05-17 14:29 - 2012-06-13 02:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-05-17 14:29 - 2012-06-13 02:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-05-17 14:27 - 2012-06-13 02:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-05-17 14:25 - 2012-06-13 02:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-05-17 14:24 - 2012-06-13 02:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-05-17 14:20 - 2012-06-13 02:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-05-14 17:32 - 2012-06-12 14:44 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-05-12 11:30 - 2012-05-12 11:30 - 00000000 ____D C:\Users\Dianne\AppData\Local\{3A377027-E519-4D84-BDFA-5B431BEB30B2}

2012-05-12 11:30 - 2012-05-12 11:30 - 00000000 ____D C:\Users\Dianne\AppData\Local\{2759CD8A-B5E3-4BEA-9CFE-8032D5EE4987}

2012-05-11 02:54 - 2010-09-21 18:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2012-05-11 02:02 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal

2012-05-06 12:10 - 2012-05-06 12:10 - 00000000 ____D C:\Users\Dianne\AppData\Local\{89FC159D-07A9-4F26-985C-6F4115C62410}

2012-05-06 12:10 - 2012-05-06 12:10 - 00000000 ____D C:\Users\Dianne\AppData\Local\{0613BF78-9F07-45A3-BA2B-B9AC7AD6BAA0}

2012-05-06 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2012-05-04 03:06 - 2012-06-12 14:44 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 02:03 - 2012-06-12 14:44 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 02:03 - 2012-06-12 14:44 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-02 18:56 - 2009-10-04 14:33 - 00000000 ____D C:\Program Files (x86)\Quicken

2012-05-02 18:54 - 2011-03-27 17:59 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-05-02 18:53 - 2012-05-02 18:52 - 00000000 ____D C:\Users\Dianne\AppData\Local\{55E55EC9-4DF6-47BC-AD0A-3B801FF6DFD8}

2012-05-02 18:52 - 2012-05-02 18:52 - 00000000 ____D C:\Users\Dianne\AppData\Local\{440B2F47-75D0-4528-A2E5-600207AECFDC}

2012-04-30 21:40 - 2012-06-12 14:44 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-29 18:26 - 2012-04-27 10:04 - 00000000 ____D C:\Users\Dianne\AppData\Roaming\.oit

2012-04-27 21:32 - 2012-06-12 14:44 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2012-04-27 19:55 - 2012-06-12 14:44 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-27 13:03 - 2011-09-14 17:27 - 00000000 ____D C:\PFS6.1HD_TMP

2012-04-27 10:04 - 2012-04-27 10:04 - 00000276 ___AH C:\Users\Dianne\Documents\PP11Thumbs.ptn

2012-04-27 10:04 - 2012-04-27 10:04 - 00000026 ___AH C:\Users\Dianne\Documents\maxdesk.ini2

2012-04-25 21:41 - 2012-06-12 14:44 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-25 21:41 - 2012-06-12 14:44 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-25 21:34 - 2012-06-12 14:44 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-23 21:37 - 2012-06-12 14:43 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 21:37 - 2012-06-12 14:43 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 21:37 - 2012-06-12 14:43 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-23 20:36 - 2012-06-12 14:43 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-23 20:36 - 2012-06-12 14:43 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-23 20:36 - 2012-06-12 14:43 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-04-14 09:58 - 2007-04-17 06:25 - 00000000 ____D C:\KBStudio

2012-04-12 18:47 - 2012-04-11 18:46 - 00000000 ____D C:\Users\Dianne\AppData\Local\{BC3CCCA9-C19D-40AB-A3F6-D911BE1340D3}

2012-04-12 18:47 - 2011-02-08 20:19 - 00000000 ____D C:\Users\Dianne\AppData\Local\Windows Live

2012-04-11 02:16 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2012-04-09 20:12 - 2012-04-09 20:12 - 00000000 ____D C:\Users\All Users\Fitbit

2012-04-09 20:12 - 2012-04-09 20:11 - 00000000 ____D C:\Program Files (x86)\Fitbit

2012-04-09 20:10 - 2012-04-09 20:10 - 01927240 ____A (Fitbit, Inc. ) C:\Users\Dianne\Downloads\Fitbit-Uploader-For-Windows-2.1.0.exe

2012-04-07 14:40 - 2009-07-13 23:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents

2012-04-07 14:40 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2012-04-07 14:40 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices

2012-04-07 14:40 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2012-04-07 14:40 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender

2012-04-07 14:40 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker

2012-04-07 14:40 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar

2012-04-07 14:40 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices

2012-04-07 14:40 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2012-04-07 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System

2012-04-07 12:57 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll

2012-04-07 12:57 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll

2012-04-07 12:40 - 2012-04-07 12:40 - 00000000 ____D C:\Windows\System32\SPReview

2012-04-07 12:37 - 2012-04-07 12:37 - 00000000 ____D C:\Windows\System32\EventProviders

2012-04-07 12:17 - 2012-04-07 12:17 - 00000000 ____D C:\Users\Dianne\AppData\Local\{23B39582-D079-43E6-9694-5A6961430874}

2012-04-07 04:31 - 2012-06-12 14:43 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll

2012-04-07 03:26 - 2012-06-12 14:43 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2012-04-04 14:56 - 2012-06-16 13:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-03-30 03:35 - 2012-05-10 10:53 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-03-27 20:43 - 2012-03-27 20:08 - 00000000 ____D C:\Users\Dianne\AppData\Roaming\SmartDraw

2012-03-27 20:09 - 2012-03-27 20:09 - 00001010 ____A C:\Users\Dianne\Desktop\SmartDraw 2012.lnk

2012-03-27 20:09 - 2012-03-27 20:09 - 00000000 ____D C:\Users\Dianne\Documents\SmartDraw

2012-03-27 20:08 - 2012-03-27 20:08 - 00000980 ____A C:\Users\Public\Desktop\SmartDraw 2012.lnk

2012-03-27 20:08 - 2012-03-27 20:08 - 00000000 ____D C:\Users\Dianne\AppData\System

2012-03-27 20:08 - 2012-03-27 20:06 - 00000000 ____D C:\Program Files (x86)\SmartDraw 2012

2012-03-27 20:02 - 2012-03-27 20:02 - 00538200 ____A C:\Users\Dianne\Downloads\smartdraw_XV_RGD77_setup.exe



ZeroAccess:

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@

C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@



ZeroAccess:

C:\Users\Dianne\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

C:\Users\Dianne\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

C:\Users\Dianne\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L

C:\Users\Dianne\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U



========================= Known DLLs (Whitelisted) ============





========================= Bamital & volsnap Check ============



C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



==================== EXE ASSOCIATION =====================



HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK



========================= Memory info ======================



Percentage of memory in use: 24%

Total physical RAM: 2046.05 MB

Available physical RAM: 1549.82 MB

Total Pagefile: 2046.05 MB

Available Pagefile: 1530.08 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB



======================= Partitions =========================



1 Drive c: (OS) (Fixed) (Total:104.19 GB) (Free:35.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:111.79 GB) (Free:34.16 GB) NTFS

3 Drive e: (HP_RECOVERY) (Fixed) (Total:7.6 GB) (Free:1.08 GB) NTFS

5 Drive g: () (Removable) (Total:3.7 GB) (Free:3.61 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS



Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 111 GB 1024 KB

Disk 1 Online 111 GB 1024 KB

Disk 2 Online 3799 MB 0 B



Partitions of Disk 0:

===============



Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 104 GB 31 KB

Partition 2 Primary 7781 MB 104 GB



======================================================================================================



Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes



Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C OS NTFS Partition 104 GB Healthy



======================================================================================================



Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No



Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 E HP_RECOVERY NTFS Partition 7781 MB Healthy



======================================================================================================



Partitions of Disk 1:

===============



Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 111 GB 31 KB



======================================================================================================



Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No



Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D DATA NTFS Partition 111 GB Healthy



======================================================================================================



Partitions of Disk 2:

===============



Partition ### Type Size Offset

------------- ---------------- ------- -------

* Partition 1 Primary 3799 MB 0 B



======================================================================================================



Disk: 2

There is no partition selected.



There is no partition selected.

Please select a partition and try again.



======================================================================================================



==========================================================



Last Boot: 2012-06-07 23:38



======================= End Of Log ==========================

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:38 AM

Posted 22 June 2012 - 08:42 PM

It is infected with Zero Access. We will need to search for Services.exe first.

Run FRST as you did before.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 DianneMillen

DianneMillen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 22 June 2012 - 09:08 PM

Not much information:

Farbar Recovery Scan Tool Version: 22-06-2012

Ran by SYSTEM at 2012-06-22 18:46:56

Running from G:\



================== Search: "services.exe" ===================



C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB



C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2012-06-21 19:46] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06



====== End Of Search ======

#12 DianneMillen

DianneMillen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 22 June 2012 - 10:09 PM

I know I can't be too expectant from available help but it's been an hour and a half. Should I just wait until tomorrow?

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:38 AM

Posted 22 June 2012 - 11:32 PM

Download the enclosed file. [attachment=125417:fixlist.txt]

Save it next to FRST in the USB drive.

Run FRST as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

If successful, boot in Normal Mode. If able to do so, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 DianneMillen

DianneMillen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 06 August 2012 - 03:50 PM

I was so disgusted with my computer that I totally ignored it - successfully - for quite some time. I've been paying bills manually, reading email on my Kindle and basically stepping back in time. Today I brought home my work laptop and decided it was time to tame the beast. I have performed the instructions recently sent to me and I am running the combofix scan now. I will post the results.

#15 DianneMillen

DianneMillen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 06 August 2012 - 04:55 PM

My computer appears to have been resusitated. Here are the results: (Oh, BTW, system date was set back for an unsuccessful symatec scan a few weeks ago. I need to get that back up to date)

The only think I ask now is how do I know my computer is safe for using secure logon/purchase/bank transactions again?




ComboFix 12-08-05.02 - Dianne 02/10/2011 13:49:21.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.963 [GMT -7:00]
Running from: c:\users\Dianne\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dianne\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
c:\users\Dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\Dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1E8058BF-3CAE-4326-ADE9-D8729438F529}.xps
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.
.
2012-06-23 02:07 . 2012-06-23 02:09 -------- d-----w- C:\FRST
2012-06-22 18:08 . 2012-06-22 18:08 -------- d-----w- C:\found.000
2012-06-22 17:27 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-22 17:27 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-22 17:27 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-22 17:27 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-22 17:23 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-22 17:23 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-22 17:23 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 17:22 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-22 17:22 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-22 17:22 . 2012-06-22 17:27 -------- d-----w- c:\programdata\AVAST Software
2012-06-22 17:22 . 2012-06-22 17:22 -------- d-----w- c:\program files\AVAST Software
2012-06-22 03:12 . 2012-06-22 03:12 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18ECCEEF-7DBC-4187-939B-61BA4B77DB9A}\gapaengine.dll
2012-06-22 03:10 . 2012-06-18 10:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{137F187D-7C00-4295-A2F8-0D3D10ADE2B8}\mpengine.dll
2012-06-16 22:56 . 2012-06-17 01:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-16 22:56 . 2012-06-17 01:31 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-16 21:12 . 2012-06-17 01:26 -------- d-----w- c:\users\Dianne\AppData\Roaming\Malwarebytes
2012-06-16 21:12 . 2012-06-17 01:25 -------- d-----w- c:\programdata\Malwarebytes
2012-06-16 21:12 . 2012-06-17 01:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-16 21:12 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 18:18 . 2012-06-17 01:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-16 18:02 . 2012-06-16 18:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-16 18:02 . 2012-06-17 01:31 -------- d-----w- c:\windows\system32\Macromed
2012-06-16 17:59 . 2012-06-16 17:59 -------- d-----w- c:\programdata\F4D55EFF0003FDF509DD47FEB4EB2331
2012-06-13 10:02 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-13 10:02 . 2012-05-18 01:51 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-13 10:02 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-12 22:44 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 22:44 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 22:44 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 22:44 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 22:44 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 22:44 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 22:44 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 22:44 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 22:44 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-12 22:44 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 22:43 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 22:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 22:43 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 22:43 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 22:43 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 22:43 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 22:43 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 22:43 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-05-19 04:31 . 2012-05-19 04:31 -------- d-----w- c:\program files (x86)\MyFree Codec
2012-05-19 02:07 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-05-19 02:07 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-05-19 01:40 . 2012-05-19 01:40 -------- d-----w- c:\windows\SysWow64\System32
2012-05-19 01:34 . 2012-06-17 01:26 -------- d-----w- c:\users\Dianne\AppData\Local\Samsung
2012-05-19 01:34 . 2012-05-19 01:34 -------- d-----w- c:\users\Dianne\AppData\Roaming\Samsung
2012-05-19 01:27 . 2011-11-29 23:39 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-05-19 01:26 . 2012-05-19 01:26 -------- d-----w- c:\program files (x86)\MarkAny
2012-05-19 01:26 . 2011-11-29 23:38 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-05-19 01:24 . 2012-05-19 01:28 -------- d-----w- c:\program files (x86)\Samsung
2012-05-19 01:24 . 2012-05-19 01:28 -------- d-----w- c:\programdata\Samsung
2012-05-19 01:22 . 2012-05-19 01:22 -------- d-----w- c:\users\Dianne\AppData\Local\Downloaded Installations
2012-05-10 18:54 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 18:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 18:53 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 18:53 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 18:53 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 18:53 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 18:53 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 18:53 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 18:53 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-04-27 18:04 . 2012-04-30 02:26 -------- d-----w- c:\users\Dianne\AppData\Roaming\.oit
2012-04-11 10:04 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:04 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:04 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 10:04 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:04 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:04 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 10:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 04:12 . 2012-04-10 04:12 -------- d-----w- c:\programdata\Fitbit
2012-04-10 04:11 . 2012-04-10 04:12 -------- d-----w- c:\program files (x86)\Fitbit
2012-04-10 04:11 . 2011-12-01 12:46 31976 ----a-w- c:\windows\system32\drivers\SiLib.sys
2012-04-10 04:11 . 2011-12-01 12:46 26856 ----a-w- c:\windows\system32\drivers\SiUSBXp.sys
2012-04-07 20:40 . 2012-04-07 20:40 -------- d-----w- c:\windows\system32\SPReview
2012-04-07 20:37 . 2012-04-07 20:37 -------- d-----w- c:\windows\system32\EventProviders
2012-03-28 04:08 . 2012-03-28 04:43 -------- d-----w- c:\users\Dianne\AppData\Roaming\SmartDraw
2012-03-28 04:06 . 2012-03-28 04:08 -------- d-----w- c:\program files (x86)\SmartDraw 2012
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 07:15 . 2012-06-10 08:00 -------- d-----w- c:\users\Dianne\AppData\Local\Diagnostics
2012-03-13 20:44 . 2010-11-20 11:07 162816 ----a-w- c:\windows\system32\rdpudd.dll
2012-03-13 20:44 . 2010-11-20 11:03 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-03-13 20:44 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 20:44 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 20:44 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-09 01:50 . 2012-03-09 01:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-07 01:40 . 2012-03-07 01:40 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-16 00:46 . 2012-01-04 10:44 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-02-16 00:45 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 00:45 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 00:45 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 00:45 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 00:45 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 00:45 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 00:45 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-01-14 20:18 . 2011-08-31 09:34 4200024 ----a-w- c:\windows\SysWow64\cdintf400.dll
2012-01-11 12:13 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 12:13 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 12:13 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 12:13 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 12:13 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:13 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 12:13 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:13 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-12-19 21:45 . 2011-12-19 21:45 -------- d-----w- c:\users\Dianne\AppData\Roaming\Blackberry Desktop
2011-12-19 21:41 . 2011-12-21 19:31 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-12-19 21:41 . 2011-12-19 21:41 -------- d--h--w- c:\programdata\Common Files
2011-12-19 21:28 . 2011-12-19 21:28 -------- d-----w- c:\program files (x86)\MagicBerry
2011-12-14 11:22 . 2012-06-17 01:31 -------- d-----w- c:\windows\rescache
2011-12-13 21:27 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 21:25 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 21:25 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-13 21:21 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 21:21 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-06 02:09 . 2011-12-06 02:14 -------- d-----w- c:\users\Dianne\AppData\Local\Quicken WillMaker Plus 2010
2011-12-06 02:09 . 2008-01-30 23:36 90112 ----a-w- c:\windows\unvise32.exe
2011-12-06 02:09 . 2011-12-06 02:09 -------- d-----w- c:\users\Dianne\AppData\Roaming\Quicken WillMaker
2011-12-06 02:09 . 2011-12-06 02:09 -------- d-----w- c:\program files (x86)\Quicken WillMaker Plus 2010
2011-12-06 02:02 . 2011-12-06 02:02 -------- d-----w- c:\users\Dianne\AppData\Roaming\Roxio
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 10:18 . 2009-09-20 18:42 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-04-07 20:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-07 20:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-31 12:44 . 2009-10-04 16:39 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-10-27 07:17 . 2011-10-27 07:17 10 ----a-w- c:\windows\Fonts\wfonts.key
2011-07-16 04:26 . 2011-08-11 03:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-03-04 06:19 . 2011-04-27 16:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 16:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-01-11 00:53 . 2011-01-11 00:53 328704 ----a-w- c:\windows\system32\services.exe.EE8298EC934D543B
2011-01-07 22:39 . 2011-01-07 22:39 80720 ----a-w- c:\windows\SysWow64\mfcm100u.dll
2011-01-07 22:39 . 2011-01-07 22:39 80208 ----a-w- c:\windows\SysWow64\mfcm100.dll
2011-01-07 22:39 . 2011-01-07 22:39 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll
2011-01-07 22:39 . 2011-01-07 22:39 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll
2011-01-07 22:39 . 2011-01-07 22:39 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll
2011-01-07 22:39 . 2011-01-07 22:39 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll
2011-01-07 22:39 . 2011-01-07 22:39 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll
2011-01-07 22:39 . 2011-01-07 22:39 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll
2011-01-07 22:39 . 2011-01-07 22:39 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll
2011-01-07 22:39 . 2011-01-07 22:39 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll
2011-01-07 22:39 . 2011-01-07 22:39 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll
2011-01-07 22:39 . 2011-01-07 22:39 4368720 ----a-w- c:\windows\SysWow64\mfc100u.dll
2011-01-07 22:39 . 2011-01-07 22:39 4342600 ----a-w- c:\windows\SysWow64\mfc100.dll
2011-01-07 22:39 . 2011-01-07 22:39 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll
2011-01-07 22:39 . 2011-01-07 22:39 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2011-01-07 22:39 . 2011-01-07 22:39 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll
2011-01-07 22:39 . 2011-01-07 22:39 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll
2011-01-07 22:39 . 2011-01-07 22:39 137544 ----a-w- c:\windows\SysWow64\atl100.dll
2011-01-02 16:39 . 2011-01-02 16:39 328704 ----a-w- c:\windows\system32\services.exe.0DB1110D570A7463
2011-01-02 16:30 . 2011-01-02 16:30 328704 ----a-w- c:\windows\system32\services.exe.631D53749F7B2301
2011-01-02 16:05 . 2011-01-02 16:05 328704 ----a-w- c:\windows\system32\services.exe.3321B321F1946B08
2011-01-02 05:54 . 2011-01-02 05:54 328704 ----a-w- c:\windows\system32\services.exe.9350C2718B89D26E
2010-11-20 12:18 . 2011-04-27 16:58 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-11-20 12:18 . 2011-06-07 01:33 2175488 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-20 09:57 . 2009-07-14 07:43 51712 ----a-w- c:\windows\system32\vmictimeprovider.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MemDesktopToolApp"="c:\program files (x86)\Quicken Medical Expense Manager\MemDesktopToolApp.exe" [2007-10-09 75040]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-23 39408]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2011-10-27 2164256]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2009-08-28 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2009-08-28 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe" [2009-08-25 1365280]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDFViewerPlus\RegistryController.exe" [2009-08-25 62752]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2009-8-18 1298432]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-10-1 1207312]
PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-9-13 174064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\users\DIANNE~1.HOM\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\DIANNE~1.HOM\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2011-12-01 26856]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-11-18 43912]
R4 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2011-10-27 788000]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-08-28 144672]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 18:02]
.
2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 02:58]
.
2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 02:58]
.
2011-02-10 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-03-28 18:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 15960096]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 82464]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file)
WebBrowser-{3303E956-2A3A-48E0-BE39-2E0EF11A2F44} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-10 14:17:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-10 21:17
.
Pre-Run: 44,472,193,024 bytes free
Post-Run: 48,962,121,728 bytes free
.
- - End Of File - - 20E74ACA1A83AD707E54F700F221A1A0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users