Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Virus


  • This topic is locked This topic is locked
30 replies to this topic

#1 Ssmartinez55

Ssmartinez55

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 02 July 2012 - 06:58 PM

Hello All,


My computer is infected with a sirefef virus. I was receiving help for it here: http://www.bleepingcomputer.com/forums/topic458946.html and it was recommended that advanced tools would be needed. I followed the instructions and backed-up my computer, however, I was not able to enable a firewall. My computer would not allow it. Logs are below and attached. Thanks in an advance for all you do and for your help, it is much appreciated.

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by ssmartinez55 at 18:45:49 on 2012-07-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.2618 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup Gravity\cbVSCService11.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Cobian Backup Gravity\Cobian.exe
C:\Program Files\Cobian Backup Gravity\cbInterface.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z002&form=ZGAPHP
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\SSMART~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{824B91B3-762C-48E0-9B83-E1FFC1D2F497} : DhcpNameServer = 192.168.1.254
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} -
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ssmartinez55\AppData\Roaming\Mozilla\Firefox\Profiles\dtykz75s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z002&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM1&o=15491&locale=en_US&apn_uid=FB5C4DE6-6EC3-42FA-AF49-F9645DDA17A7&apn_ptnrs=HE&apn_sauid=A9254D4B-48BE-4FC4-93F2-62A792F48401&apn_dtid=YYYYYYYYUS&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ssmartinez55\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\ssmartinez55\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\ssmartinez55\AppData\Roaming\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSr64.exe --> C:\Windows\system32\AERTSr64.exe [?]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files\Cobian Backup Gravity\cbVSCService11.exe [2012-7-2 67584]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca9cb8b754af85;Google Update Service (gupdate1ca9cb8b754af85);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-24 133104]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-24 133104]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-02 11:25:28 -------- d-----w- C:\Program Files\Cobian Backup Gravity
2012-07-01 21:13:49 61440 ----a-w- C:\Windows\SysWow64\drivers\splbv.sys
2012-07-01 13:18:34 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-30 18:54:49 -------- d-----w- C:\Windows\pss
2012-06-30 18:43:56 50392 ----a-w- C:\Windows\System32\drivers\ajnnrvou.sys
2012-06-30 18:11:28 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6B8E794-CA13-4E82-81F8-729FA5A3EC38}\offreg.dll
2012-06-30 18:10:44 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DDADE35-A235-49D3-A95E-B08FEDE3E7D0}\gapaengine.dll
2012-06-30 18:10:08 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6B8E794-CA13-4E82-81F8-729FA5A3EC38}\mpengine.dll
2012-06-30 17:59:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-30 17:59:10 -------- d-----w- C:\Program Files\CCleaner
2012-06-30 17:59:08 -------- d-----w- C:\Users\ssmartinez55\AppData\Roaming\Malwarebytes
2012-06-30 17:58:28 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-30 17:57:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 17:57:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-30 17:57:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-30 17:57:43 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-06-24 21:12:40 -------- d-----w- C:\mfe
2012-06-24 21:09:58 -------- d-----w- C:\Program Files (x86)\Citrix
2012-06-24 21:09:46 103784 ----a-w- C:\Users\ssmartinez55\GoToAssistDownloadHelper.exe
2012-06-24 21:09:15 -------- d-----w- C:\Users\ssmartinez55\AppData\Local\Apps
2012-06-24 21:09:14 -------- d-----w- C:\Users\ssmartinez55\AppData\Local\Deployment
2012-06-14 03:26:52 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 03:26:51 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 03:26:44 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 03:26:44 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-14 03:26:44 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 03:26:44 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 03:26:44 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 03:26:44 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-11 12:01:07 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-06-11 12:00:03 -------- d-----w- C:\Users\ssmartinez55\AppData\Roaming\TP
.
==================== Find3M ====================
.
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 20:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-05 15:10:27 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 15:10:27 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 15:10:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
============= FINISH: 18:48:39.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 02 July 2012 - 11:40 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 03 July 2012 - 06:31 AM

Hi Gringo!

Here are the results of Security Check. Running ComboFix now and will post log.

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 24
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (3.5.11) Firefox out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 03 July 2012 - 06:50 AM

How long should it take for a log to be produced after running Combofix? It runs and then nothing happens. I've run it twice.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 03 July 2012 - 07:16 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]

Edited by gringo_pr, 03 July 2012 - 07:17 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 03 July 2012 - 08:24 AM

Hi Gringo!

I will do as you instructed when I get home today from work. This sounds pretty serious! ACK! Thanks for your help!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 03 July 2012 - 08:39 AM

just read everything first so you have an idea of what we are going to do


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 03 July 2012 - 03:15 PM

Here is the FRST.txt log. Computer running ok but keeping trying to redirect me to random sites in Mozilla by adding tab for random sites that I did not request.


Scan result of Farbar Recovery Scan Tool Version: 03-07-2012
Ran by SYSTEM at 03-07-2012 14:59:11
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [137240 2008-05-05] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [202264 2008-05-05] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [165400 2008-05-05] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2114376 2008-03-03] (CANON INC.)
HKLM\...\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1164584 2010-09-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\ssmartinez55\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-06-11] (Google Inc.)
HKU\ssmartinez55\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\ssmartinez55\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\ssmartinez55\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 AERTFilters; C:\Windows\System32\AERTSr64.exe [86016 2008-07-17] (Andrea Electronics Corporation)
2 cbVSCService11; C:\Program Files\Cobian Backup Gravity\cbVSCService11.exe [67584 2012-06-29] (CobianSoft, Luis Cobian)
2 gupdate1ca9cb8b754af85; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2010-01-23] (Google Inc.)
4 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 Themes; C:\Windows\SysWow64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

========================== Drivers (Whitelisted) =============

3 CAXHWBS2; C:\Windows\System32\Drivers\CAXHWBS2.sys [411136 2008-07-01] (Conexant Systems, Inc.)
3 PAC7302; C:\Windows\System32\Drivers\PAC7302.sys [527872 2007-11-08] (PixArt Imaging Inc.)
3 cpuz132; \??\C:\Users\SSMART~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
0 viuwys; C:\Windows\System32\drivers\splbv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-03 03:46 - 2012-07-03 03:48 - 00000000 ____D C:\Windows\erdnt
2012-07-03 03:45 - 2012-07-03 03:45 - 04568951 ____R (Swearware) C:\Users\ssmartinez55\Desktop\ComboFix(2).exe
2012-07-03 03:32 - 2012-07-03 04:06 - 00000000 ___SD C:\32788R22FWJFW
2012-07-03 03:32 - 2012-07-03 03:34 - 00000000 ____D C:\Qoobox
2012-07-03 03:32 - 2012-07-03 03:32 - 04568951 ____R (Swearware) C:\Users\ssmartinez55\Downloads\ComboFix.exe
2012-07-03 03:30 - 2012-07-03 03:30 - 00001144 ____A C:\Users\ssmartinez55\Desktop\checkup.txt
2012-07-03 02:45 - 2012-07-03 02:45 - 00881475 ____A C:\Users\ssmartinez55\Desktop\SecurityCheck.exe
2012-07-02 15:50 - 2012-07-02 15:50 - 00032264 ____A C:\Users\ssmartinez55\Desktop\Attach.txt
2012-07-02 15:49 - 2012-07-02 15:49 - 00025325 ____A C:\Users\ssmartinez55\Desktop\DDS.txt
2012-07-02 15:45 - 2012-07-02 15:45 - 00607260 ____R (Swearware) C:\Users\ssmartinez55\Downloads\dds(3).scr
2012-07-02 15:36 - 2012-07-02 15:36 - 00607260 ____A (Swearware) C:\Users\ssmartinez55\Downloads\dds(2).scr
2012-07-02 15:32 - 2012-07-02 15:32 - 00607260 ____R (Swearware) C:\Users\ssmartinez55\Downloads\dds.scr
2012-07-02 15:26 - 2012-07-02 15:26 - 00000000 ____A C:\Users\ssmartinez55\defogger_reenable
2012-07-02 15:25 - 2012-07-02 15:25 - 00050477 ____A C:\Users\ssmartinez55\Downloads\Defogger.exe
2012-07-02 03:25 - 2012-07-02 03:25 - 00000000 ____D C:\Program Files\Cobian Backup Gravity
2012-07-02 03:20 - 2012-07-02 03:22 - 19619328 ____A (Luis Cobian, CobianSoft) C:\Users\ssmartinez55\Downloads\cbSetup.exe
2012-07-01 14:01 - 2012-07-01 14:02 - 00004649 ____A C:\Users\ssmartinez55\Desktop\aswMBR_2.txt
2012-07-01 13:21 - 2012-07-01 13:21 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR (5).exe
2012-07-01 13:13 - 2012-07-01 13:13 - 00061440 ____A C:\Windows\SysWOW64\Drivers\splbv.sys
2012-07-01 13:13 - 2012-07-01 13:13 - 00000196 ____A C:\Windows\SysWOW64\qocgdgp.txt
2012-07-01 09:42 - 2012-07-01 09:42 - 00165376 ____A C:\Users\ssmartinez55\Downloads\SystemLook_x64 (2).exe
2012-07-01 09:42 - 2012-07-01 09:42 - 00165376 ____A C:\Users\ssmartinez55\Downloads\SystemLook_x64 (1).exe
2012-07-01 09:36 - 2012-07-01 09:36 - 00724952 ____A C:\Users\ssmartinez55\Downloads\avenger.zip
2012-07-01 09:34 - 2012-07-01 10:13 - 00003274 ____A C:\Users\ssmartinez55\Downloads\SystemLook.txt
2012-07-01 09:34 - 2012-07-01 09:34 - 00165376 ____A C:\Users\ssmartinez55\Downloads\SystemLook_x64.exe
2012-07-01 08:50 - 2012-07-01 14:02 - 00000512 ____A C:\Users\ssmartinez55\Desktop\MBR.dat
2012-07-01 08:50 - 2012-07-01 08:50 - 00002220 ____A C:\Users\ssmartinez55\Desktop\aswMBR.txt
2012-07-01 08:26 - 2012-07-01 08:26 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR (4).exe
2012-07-01 08:25 - 2012-07-01 08:25 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR (3).exe
2012-07-01 08:24 - 2012-07-01 08:24 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR (2).exe
2012-07-01 08:24 - 2012-07-01 08:24 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR (1).exe
2012-07-01 05:18 - 2012-07-01 05:18 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-01 05:17 - 2012-07-01 05:18 - 02322184 ____A (ESET) C:\Users\ssmartinez55\Downloads\esetsmartinstaller_enu.exe
2012-07-01 05:14 - 2012-07-01 05:14 - 00000480 ____A C:\Users\ssmartinez55\Downloads\aswMBR.txt
2012-07-01 05:12 - 2012-07-01 05:12 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR.exe
2012-07-01 05:07 - 2012-07-01 05:08 - 02134616 ____A (Kaspersky Lab ZAO) C:\Users\ssmartinez55\Downloads\tdsskiller (1).exe
2012-07-01 05:06 - 2012-07-01 05:06 - 00005442 ____A C:\Users\ssmartinez55\Downloads\FSS.txt
2012-07-01 05:05 - 2012-07-01 05:05 - 00340645 ____A C:\Users\ssmartinez55\Downloads\FSS.exe
2012-06-30 12:15 - 2012-06-30 12:15 - 00138120 ____A (ESET) C:\Users\ssmartinez55\Downloads\ESETSirefefRemover.exe
2012-06-30 12:05 - 2012-06-30 12:05 - 00294216 ____A C:\Users\ssmartinez55\Downloads\gmer.zip
2012-06-30 11:59 - 2012-06-30 11:59 - 02134616 ____A (Kaspersky Lab ZAO) C:\Users\ssmartinez55\Downloads\tdsskiller.exe
2012-06-30 10:59 - 2012-06-30 11:00 - 00152536 ____A C:\Users\ssmartinez55\Downloads\kavremvr 2012-06-30 13-59-54 (pid 4532).log
2012-06-30 10:59 - 2012-06-30 10:59 - 03772856 ____A (Kaspersky Lab ZAO) C:\Users\ssmartinez55\Downloads\kavremover.exe
2012-06-30 10:59 - 2012-06-30 10:59 - 03178400 ____A (McAfee, Inc.) C:\Users\ssmartinez55\Downloads\MCPR (1).exe
2012-06-30 10:58 - 2012-06-30 10:58 - 03178400 ____A (McAfee, Inc.) C:\Users\ssmartinez55\Downloads\MCPR.exe
2012-06-30 10:54 - 2012-06-30 10:54 - 00000000 ____D C:\Windows\pss
2012-06-30 10:43 - 2012-06-30 10:43 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ajnnrvou.sys
2012-06-30 10:00 - 2012-06-30 10:00 - 00002154 ____A C:\Windows\epplauncher.mif
2012-06-30 09:59 - 2012-06-30 09:59 - 00000772 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-30 09:59 - 2012-06-30 09:59 - 00000000 ____D C:\Users\ssmartinez55\AppData\Roaming\Malwarebytes
2012-06-30 09:59 - 2012-06-30 09:59 - 00000000 ____D C:\Program Files\CCleaner
2012-06-30 09:59 - 2012-06-30 09:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-30 09:58 - 2012-06-30 09:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-30 09:58 - 2012-06-30 09:58 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-30 09:57 - 2012-06-30 09:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-30 09:57 - 2012-06-30 09:57 - 03862112 ____A (Piriform Ltd) C:\Users\ssmartinez55\Downloads\ccsetup319.exe
2012-06-30 09:57 - 2012-06-30 09:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-30 09:57 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 09:57 - 2010-04-06 00:34 - 00345984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-06-30 09:56 - 2012-06-30 09:56 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\ssmartinez55\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-30 09:55 - 2012-06-30 09:55 - 12621696 ____A (Microsoft Corporation) C:\Users\ssmartinez55\Downloads\mseinstall (1).exe
2012-06-30 09:53 - 2012-06-30 09:53 - 10288512 ____A (Microsoft Corporation) C:\Users\ssmartinez55\Downloads\mseinstall.exe
2012-06-24 13:12 - 2012-06-24 13:12 - 00000000 ____D C:\mfe
2012-06-24 13:09 - 2012-06-24 13:09 - 00103784 ____A C:\Users\ssmartinez55\GoToAssistDownloadHelper.exe
2012-06-24 13:09 - 2012-06-24 13:09 - 00000000 ____D C:\Users\ssmartinez55\AppData\Local\Deployment
2012-06-24 13:09 - 2012-06-24 13:09 - 00000000 ____D C:\Users\ssmartinez55\AppData\Local\Apps\2.0
2012-06-24 13:09 - 2012-06-24 13:09 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-06-18 19:38 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 19:38 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 19:38 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-18 19:38 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 19:38 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 19:38 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 19:38 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-18 19:38 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 19:38 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 19:38 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-18 19:38 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 19:38 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-18 19:38 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 19:38 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-14 00:20 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 00:20 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 00:20 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 00:20 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 00:20 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 00:20 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 00:20 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 00:20 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 00:20 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 00:20 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 00:20 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 00:20 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 00:20 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 00:20 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 00:20 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 00:20 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 00:20 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 00:20 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 00:20 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 00:20 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 00:20 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 00:20 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 00:20 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 00:20 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 00:20 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 00:20 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 00:20 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 00:20 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 19:26 - 2012-05-15 12:15 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 19:26 - 2012-05-01 06:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 19:26 - 2012-04-23 08:25 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 19:26 - 2012-04-23 08:25 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 19:26 - 2012-04-23 08:25 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 19:26 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 19:26 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 19:26 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-11 04:01 - 2012-06-30 09:59 - 00722690 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-11 04:01 - 2012-06-18 00:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-06-11 04:01 - 2012-06-11 04:01 - 00000000 ____D C:\Program Files\Microsoft Office
2012-06-11 04:00 - 2012-06-11 04:04 - 00000000 ____D C:\Users\ssmartinez55\AppData\Roaming\TP


============ 3 Months Modified Files ========================

2012-07-03 11:53 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-03 11:53 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-03 11:52 - 2009-03-10 20:50 - 01383310 ____A C:\Windows\WindowsUpdate.log
2012-07-03 11:52 - 2006-11-02 07:42 - 00032528 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-03 11:52 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-03 11:51 - 2006-11-02 07:27 - 00183143 ____A C:\Windows\setupact.log
2012-07-03 11:50 - 2012-04-07 15:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-03 11:50 - 2010-01-23 21:59 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-03 03:45 - 2012-07-03 03:45 - 04568951 ____R (Swearware) C:\Users\ssmartinez55\Desktop\ComboFix(2).exe
2012-07-03 03:32 - 2012-07-03 03:32 - 04568951 ____R (Swearware) C:\Users\ssmartinez55\Downloads\ComboFix.exe
2012-07-03 03:30 - 2012-07-03 03:30 - 00001144 ____A C:\Users\ssmartinez55\Desktop\checkup.txt
2012-07-03 02:54 - 2010-01-23 21:58 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-03 02:45 - 2012-07-03 02:45 - 00881475 ____A C:\Users\ssmartinez55\Desktop\SecurityCheck.exe
2012-07-02 15:50 - 2012-07-02 15:50 - 00032264 ____A C:\Users\ssmartinez55\Desktop\Attach.txt
2012-07-02 15:49 - 2012-07-02 15:49 - 00025325 ____A C:\Users\ssmartinez55\Desktop\DDS.txt
2012-07-02 15:45 - 2012-07-02 15:45 - 00607260 ____R (Swearware) C:\Users\ssmartinez55\Downloads\dds(3).scr
2012-07-02 15:36 - 2012-07-02 15:36 - 00607260 ____A (Swearware) C:\Users\ssmartinez55\Downloads\dds(2).scr
2012-07-02 15:34 - 2006-11-02 04:46 - 00707842 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 15:32 - 2012-07-02 15:32 - 00607260 ____R (Swearware) C:\Users\ssmartinez55\Downloads\dds.scr
2012-07-02 15:29 - 2010-01-23 21:48 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-02 15:26 - 2012-07-02 15:26 - 00000000 ____A C:\Users\ssmartinez55\defogger_reenable
2012-07-02 15:25 - 2012-07-02 15:25 - 00050477 ____A C:\Users\ssmartinez55\Downloads\Defogger.exe
2012-07-02 15:11 - 2010-08-09 14:00 - 00000424 ____A C:\Windows\Tasks\Final Media Player Update Checker.job
2012-07-02 03:49 - 2009-05-24 14:10 - 00008722 ____A C:\Users\ssmartinez55\AppData\Roaming\wklnhst.dat
2012-07-02 03:22 - 2012-07-02 03:20 - 19619328 ____A (Luis Cobian, CobianSoft) C:\Users\ssmartinez55\Downloads\cbSetup.exe
2012-07-01 14:02 - 2012-07-01 14:01 - 00004649 ____A C:\Users\ssmartinez55\Desktop\aswMBR_2.txt
2012-07-01 14:02 - 2012-07-01 08:50 - 00000512 ____A C:\Users\ssmartinez55\Desktop\MBR.dat
2012-07-01 13:21 - 2012-07-01 13:21 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR (5).exe
2012-07-01 13:13 - 2012-07-01 13:13 - 00061440 ____A C:\Windows\SysWOW64\Drivers\splbv.sys
2012-07-01 13:13 - 2012-07-01 13:13 - 00000196 ____A C:\Windows\SysWOW64\qocgdgp.txt
2012-07-01 10:13 - 2012-07-01 09:34 - 00003274 ____A C:\Users\ssmartinez55\Downloads\SystemLook.txt
2012-07-01 09:42 - 2012-07-01 09:42 - 00165376 ____A C:\Users\ssmartinez55\Downloads\SystemLook_x64 (2).exe
2012-07-01 09:42 - 2012-07-01 09:42 - 00165376 ____A C:\Users\ssmartinez55\Downloads\SystemLook_x64 (1).exe
2012-07-01 09:39 - 2008-05-30 20:09 - 00731136 ____A C:\Users\ssmartinez55\Desktop\avenger.exe
2012-07-01 09:36 - 2012-07-01 09:36 - 00724952 ____A C:\Users\ssmartinez55\Downloads\avenger.zip
2012-07-01 09:34 - 2012-07-01 09:34 - 00165376 ____A C:\Users\ssmartinez55\Downloads\SystemLook_x64.exe
2012-07-01 08:50 - 2012-07-01 08:50 - 00002220 ____A C:\Users\ssmartinez55\Desktop\aswMBR.txt
2012-07-01 08:26 - 2012-07-01 08:26 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR (4).exe
2012-07-01 08:25 - 2012-07-01 08:25 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR (3).exe
2012-07-01 08:24 - 2012-07-01 08:24 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR (2).exe
2012-07-01 08:24 - 2012-07-01 08:24 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR (1).exe
2012-07-01 05:18 - 2012-07-01 05:17 - 02322184 ____A (ESET) C:\Users\ssmartinez55\Downloads\esetsmartinstaller_enu.exe
2012-07-01 05:14 - 2012-07-01 05:14 - 00000480 ____A C:\Users\ssmartinez55\Downloads\aswMBR.txt
2012-07-01 05:12 - 2012-07-01 05:12 - 04731392 ____A (AVAST Software) C:\Users\ssmartinez55\Downloads\aswMBR.exe
2012-07-01 05:08 - 2012-07-01 05:07 - 02134616 ____A (Kaspersky Lab ZAO) C:\Users\ssmartinez55\Downloads\tdsskiller (1).exe
2012-07-01 05:06 - 2012-07-01 05:06 - 00005442 ____A C:\Users\ssmartinez55\Downloads\FSS.txt
2012-07-01 05:05 - 2012-07-01 05:05 - 00340645 ____A C:\Users\ssmartinez55\Downloads\FSS.exe
2012-06-30 12:15 - 2012-06-30 12:15 - 00138120 ____A (ESET) C:\Users\ssmartinez55\Downloads\ESETSirefefRemover.exe
2012-06-30 12:05 - 2012-06-30 12:05 - 00294216 ____A C:\Users\ssmartinez55\Downloads\gmer.zip
2012-06-30 11:59 - 2012-06-30 11:59 - 02134616 ____A (Kaspersky Lab ZAO) C:\Users\ssmartinez55\Downloads\tdsskiller.exe
2012-06-30 11:21 - 2008-01-20 19:26 - 00659598 ____A C:\Windows\PFRO.log
2012-06-30 11:00 - 2012-06-30 10:59 - 00152536 ____A C:\Users\ssmartinez55\Downloads\kavremvr 2012-06-30 13-59-54 (pid 4532).log
2012-06-30 10:59 - 2012-06-30 10:59 - 03772856 ____A (Kaspersky Lab ZAO) C:\Users\ssmartinez55\Downloads\kavremover.exe
2012-06-30 10:59 - 2012-06-30 10:59 - 03178400 ____A (McAfee, Inc.) C:\Users\ssmartinez55\Downloads\MCPR (1).exe
2012-06-30 10:58 - 2012-06-30 10:58 - 03178400 ____A (McAfee, Inc.) C:\Users\ssmartinez55\Downloads\MCPR.exe
2012-06-30 10:43 - 2012-06-30 10:43 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ajnnrvou.sys
2012-06-30 10:00 - 2012-06-30 10:00 - 00002154 ____A C:\Windows\epplauncher.mif
2012-06-30 09:59 - 2012-06-30 09:59 - 00000772 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-30 09:59 - 2012-06-11 04:01 - 00722690 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-30 09:58 - 2012-06-30 09:58 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-30 09:57 - 2012-06-30 09:57 - 03862112 ____A (Piriform Ltd) C:\Users\ssmartinez55\Downloads\ccsetup319.exe
2012-06-30 09:56 - 2012-06-30 09:56 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\ssmartinez55\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-30 09:55 - 2012-06-30 09:55 - 12621696 ____A (Microsoft Corporation) C:\Users\ssmartinez55\Downloads\mseinstall (1).exe
2012-06-30 09:53 - 2012-06-30 09:53 - 10288512 ____A (Microsoft Corporation) C:\Users\ssmartinez55\Downloads\mseinstall.exe
2012-06-26 03:52 - 2010-02-06 08:45 - 00001736 ___AH C:\Users\ssmartinez55\Documents\Default.rdp
2012-06-24 13:12 - 2006-11-02 07:25 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2012-06-24 13:12 - 2006-11-02 07:25 - 00000174 __ASH C:\Users\Public\desktop.ini
2012-06-24 13:12 - 2006-11-02 07:25 - 00000174 __ASH C:\users\desktop.ini
2012-06-24 13:12 - 2006-11-02 07:25 - 00000174 __ASH C:\Program Files (x86)\desktop.ini
2012-06-24 13:09 - 2012-06-24 13:09 - 00103784 ____A C:\Users\ssmartinez55\GoToAssistDownloadHelper.exe
2012-06-14 00:41 - 2006-11-02 07:21 - 00293552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 00:12 - 2006-11-02 04:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-13 16:13 - 2012-05-01 15:55 - 00081408 ____A C:\Users\ssmartinez55\Documents\Sandra Martinez - References.wps
2012-06-02 14:19 - 2012-06-18 19:38 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 19:38 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 19:38 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-18 19:38 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 19:38 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 19:38 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-18 19:38 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-18 19:38 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 19:38 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-18 19:38 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 12:19 - 2012-06-18 19:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:19 - 2012-06-18 19:38 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 12:15 - 2012-06-18 19:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 12:12 - 2012-06-18 19:38 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-05-21 22:26 - 2012-05-21 22:26 - 00097792 ____A C:\Users\ssmartinez55\Documents\Sandra Martinez Mar 2012 - Times New Roman.wps
2012-05-20 16:16 - 2012-05-20 16:16 - 00137728 ____A C:\Users\ssmartinez55\Desktop\Jessica Daniels.wps
2012-05-20 16:01 - 2011-08-16 04:27 - 00004325 ____A C:\Users\ssmartinez55\Desktop\Jessica Daniels.rtf
2012-05-19 03:58 - 2011-08-23 09:48 - 00016384 ____A C:\Users\ssmartinez55\Documents\Marco Marco Resume.wps
2012-05-17 18:47 - 2012-06-14 00:20 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 00:20 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 00:20 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 00:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 00:20 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 00:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 00:20 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 00:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 00:20 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 00:20 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 00:20 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 00:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 00:20 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 00:20 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 00:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 00:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 00:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 00:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 00:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 00:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 00:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 00:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 00:20 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 00:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 00:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 00:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 00:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 12:15 - 2012-06-13 19:26 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-08 20:08 - 2012-05-08 19:44 - 00080384 ____A C:\Users\ssmartinez55\Desktop\Cover Letter.wps
2012-05-07 04:11 - 2011-02-05 16:41 - 00001866 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-07 03:57 - 2012-05-07 03:57 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-07 03:19 - 2012-05-07 03:19 - 00001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-06 13:23 - 2012-01-10 21:07 - 00028160 ____A C:\Users\ssmartinez55\Documents\W & T Documentation.wps
2012-05-05 07:10 - 2012-04-14 06:15 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 07:10 - 2012-04-07 15:58 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 07:10 - 2012-04-07 15:58 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-01 06:29 - 2012-06-13 19:26 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-23 08:25 - 2012-06-13 19:26 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:25 - 2012-06-13 19:26 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:25 - 2012-06-13 19:26 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 08:00 - 2012-06-13 19:26 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 08:00 - 2012-06-13 19:26 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 08:00 - 2012-06-13 19:26 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 12:12 - 2012-03-27 07:06 - 00098816 ____A C:\Users\ssmartinez55\Documents\Sandra Martinez Mar 2012.wps
2012-04-18 15:38 - 2012-04-14 13:09 - 00625720 ____A C:\Users\ssmartinez55\Desktop\~2011 Martinez M Form 1040 Individual Tax Return.tax2011
2012-04-08 14:41 - 2009-06-14 16:13 - 00000732 ____A C:\Users\ssmartinez55\AppData\Local\d3d9caps64.dat

ZeroAccess:
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\@
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\L
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\U
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\L\00000004.@
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\L\1afb2d56
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\L\201d3dde
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\L\55490ac4
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\U\00000004.@
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\U\00000008.@
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\U\000000cb.@
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\U\80000000.@
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\U\80000032.@
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\U\80000064.@

ZeroAccess:
C:\Users\ssmartinez55\AppData\Local\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}
C:\Users\ssmartinez55\AppData\Local\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\@
C:\Users\ssmartinez55\AppData\Local\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\L
C:\Users\ssmartinez55\AppData\Local\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-10-20 15:26] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 4084.27 MB
Available physical RAM: 3637.68 MB
Total Pagefile: 3955.91 MB
Available Pagefile: 3616.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:265.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (CLIP) (Removable) (Total:3.6 GB) (Free:3.6 GB) FAT32
4 Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.11 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 3697 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 15 GB 40 MB
Partition 3 Primary 451 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3693 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E CLIP FAT32 Removable 3693 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-03 03:48

======================= End Of Log ==========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 03 July 2012 - 05:05 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 04 July 2012 - 04:51 AM

Hi Gringo!

Here is the Search.txt log

Farbar Recovery Scan Tool Version: 03-07-2012
Ran by SYSTEM at 2012-07-03 22:44:50
Running from D:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-10-20 15:26] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-10-20 15:26] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2009-10-20 15:26] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe
[2009-10-20 15:26] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

====== End Of Search ======

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 04 July 2012 - 12:29 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}
C:\Users\ssmartinez55\AppData\Local\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 04 July 2012 - 01:16 PM

Hi Gringo! Happy 4th to you!

Here is the fixlog.txt log. The computer no longer seems to be redirecting me and opening extra tabs to random sites. :-)

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-07-2012
Ran by SYSTEM at 2012-07-04 13:08:23 Run:1
Running from D:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18} moved successfully.
C:\Users\ssmartinez55\AppData\Local\{32cdf5bc-c246-7a32-fdc7-b857729bdc18} moved successfully.

==== End of Fixlog ====

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 04 July 2012 - 01:51 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 04 July 2012 - 03:24 PM

The program seems to be stalled at Stage 48. It has not produced a report for me yet. Should I just give it more time?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 04 July 2012 - 03:46 PM

give it till the top of the hour and let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users