Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Reboots Every Minute


  • This topic is locked This topic is locked
8 replies to this topic

#1 suddenmuse

suddenmuse

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 01 August 2012 - 12:42 PM

Good Morning,

This morning I logged into my computer and it opened up to a fake antivirus program called "Live Security Platinum". I was able to remove it (though I don't know if I was able to do that entirely). After rebooting, I immediately attempted to run Microsoft Security Essentials to find that it wouldn't run. I uninstalled and reinstalled it. I left it to update/scan and when I returned, the PC had rebooted. Shortly after I logged in, a message appeared "Windows has encountered a critical problem and will restart automatically in one minute. Please safe your work." And true to it's word, it reboots in a minute. It continues to reboot each time I start up my computer which makes it incredibly difficult to do anything about the problem. When I get a quick look at the scan MSE was able to perform, it shows multiple entries for a trojan "sirefef".

I've tried a few different solutions, but not come up with any success and plenty of frustration.

OS: Windows 7 64 bit

Your prompt attention is appreciated.

Suddenmuse


----

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 01-08-2012 10:49:44
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [] [x]
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\LogMeInRemoteUser\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Mandy Dawson\...\Run: [AdobeBridge] [x]
HKU\Staff\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
Tcpip\..\Interfaces\{7F97EF10-6A0F-4BD5-8BE3-31D547957188}: [NameServer]192.168.101.1,192.168.101.254
Startup: C:\Users\Mandy Dawson\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

4 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [69632 2010-11-24] (Adobe Systems)
2 atashost; "C:\Windows\SysWOW64\atashost.exe" [133944 2011-11-28] (Cisco WebEx LLC)
4 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [6128720 2011-01-06] (AVG Technologies CZ, s.r.o.)
4 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [265400 2010-10-22] (AVG Technologies CZ, s.r.o.)
4 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-08-04] ()
2 EpServiceFunction; C:\Windows\SysWOW64\FunctionService.exe [903680 2010-06-10] ()
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-12] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-12] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [157264 2010-08-19] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [27216 2010-09-13] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [35920 2010-08-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [308304 2010-12-08] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41040 2010-09-07] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [30288 2010-09-07] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [382032 2010-11-12] (AVG Technologies CZ, s.r.o.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
3 cpuz132; \??\C:\Users\MANDYD~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: websensecpmcommunicationagent -> No ServiceDLL Path.
NETSVC: MR97310_USB_DUAL_CAMERA -> No ServiceDLL Path.
NETSVC: se45unic -> No ServiceDLL Path.

============ One Month Created Files and Folders ==============

2012-08-01 10:49 - 2012-08-01 10:49 - 00000000 ____D C:\FRST
2012-08-01 08:23 - 2012-08-01 08:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.748E52246A79BCCC
2012-08-01 08:23 - 2012-08-01 08:23 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\whnnggyv.sys
2012-08-01 08:18 - 2012-08-01 08:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD0537730FBA2841
2012-08-01 08:14 - 2012-08-01 08:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6A331BF0AAAC699
2012-08-01 08:12 - 2012-08-01 08:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61FCBAD46550DA5F
2012-08-01 08:09 - 2012-08-01 08:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.002780B5A8CD739C
2012-08-01 08:06 - 2012-08-01 08:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27F9BA511B59A390
2012-08-01 08:03 - 2012-08-01 08:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8635B1A72F5EBC0B
2012-08-01 08:00 - 2012-08-01 08:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29D77F92A7F0A72F
2012-08-01 07:58 - 2012-08-01 07:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B104C9D950B899C3
2012-08-01 07:54 - 2012-08-01 07:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50317FE43EEE5D32
2012-08-01 07:52 - 2012-08-01 07:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A4AABE08C6B07B5
2012-08-01 07:52 - 2012-08-01 07:52 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lemdrmmw.sys
2012-08-01 07:49 - 2012-08-01 07:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.381E6D03BCCC5464
2012-08-01 07:46 - 2012-08-01 07:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.869167E1EB21E3EA
2012-08-01 07:43 - 2012-08-01 07:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE34331A8CE8D979
2012-08-01 07:41 - 2012-08-01 07:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.470797769A35D044
2012-08-01 07:38 - 2012-08-01 07:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAAE4D3DFAF04852
2012-08-01 07:31 - 2012-08-01 07:31 - 00000190 ____A C:\Users\Mandy Dawson\Desktop\New shortcut.lnk
2012-08-01 07:26 - 2012-08-01 07:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A3BE1D5B49E6A3B0
2012-08-01 07:24 - 2012-08-01 07:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD5A8F6DE8C7E24C
2012-08-01 07:18 - 2012-08-01 07:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F627A16BBBC2DAD0
2012-08-01 07:13 - 2012-08-01 07:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CD97CC0414F91F4
2012-08-01 07:07 - 2012-08-01 07:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BC392DA4B8BFD01
2012-08-01 06:38 - 2012-08-01 06:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-01 06:38 - 2012-08-01 06:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-01 06:36 - 2012-08-01 07:58 - 00000041 ____A C:\Windows\TImageListHandler.ini
2012-08-01 06:27 - 2012-08-01 07:57 - 00000044 ____A C:\Windows\iltwain.ini
2012-07-31 18:17 - 2012-07-31 18:17 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{F6A21A34-E3AB-4FD8-BA6A-52BE721B2D26}
2012-07-31 18:17 - 2012-07-31 18:17 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{E6916919-AF22-4223-BE41-E7FF7A653F04}
2012-07-31 13:52 - 2012-07-31 14:04 - 07715443 ____A C:\Users\Mandy Dawson\Desktop\bc.psd
2012-07-31 06:16 - 2012-07-31 06:16 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{628D3AC2-BAF6-470C-A631-C06CF5F6833F}
2012-07-31 06:16 - 2012-07-31 06:16 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{0F4DA235-A6FA-4E7B-BD55-C6101EA0C6E7}
2012-07-30 18:16 - 2012-07-30 18:16 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{FBE4F6D0-1884-4348-A820-DC0E1A09EDEF}
2012-07-30 18:16 - 2012-07-30 18:16 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{21DABE0D-15A7-49A3-9CF9-35BE48D88216}
2012-07-30 06:15 - 2012-07-30 06:16 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{82BD6D80-432B-403A-8542-76B6F1817C83}
2012-07-30 06:15 - 2012-07-30 06:15 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{D5B56B45-E8C3-412B-9AAA-F9CBDC284CBF}
2012-07-29 18:15 - 2012-07-29 18:15 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{DA9BF4E2-706C-4FED-877E-4981CBE3E604}
2012-07-29 18:15 - 2012-07-29 18:15 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{75FEF18C-8A42-42BE-805E-24380F041303}
2012-07-29 06:15 - 2012-07-29 06:15 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{B5BC15A9-285F-45B3-81F0-029A6710EC71}
2012-07-29 06:14 - 2012-07-29 06:14 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{4C67E1A4-BABF-4CB9-B31D-AE02F86A5B3A}
2012-07-28 18:14 - 2012-07-28 18:14 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{794731E5-FF49-4429-8074-79ECBE6F6935}
2012-07-28 18:14 - 2012-07-28 18:14 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{1A3E2785-E36F-4595-9104-8EF09DF53C6D}
2012-07-28 06:14 - 2012-07-28 06:14 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{802F3E4A-D0E3-4319-969D-CCFFE8EDB223}
2012-07-28 06:13 - 2012-07-28 06:14 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{58C94CC8-72A6-4975-8788-B04C89434083}
2012-07-27 18:13 - 2012-07-27 18:13 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{4366E60B-74A2-41C5-8F2B-334A43894231}
2012-07-27 18:13 - 2012-07-27 18:13 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{3138D4AA-1879-40F0-99D5-EAFE4ADD6E9C}
2012-07-27 06:13 - 2012-07-27 06:13 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{DEE772DC-E029-4068-9B85-DB18E8D7FC58}
2012-07-27 06:12 - 2012-07-27 06:13 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{6E8DF9E3-4A57-41B2-8EFB-264CC1BA81B2}
2012-07-27 06:12 - 2012-07-27 06:12 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{E0CE4244-0131-4F2C-873D-846CDE906D80}
2012-07-27 06:12 - 2012-07-27 06:12 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{1E8A3516-3A08-4008-83B5-21422F80FB47}
2012-07-26 14:58 - 2012-07-26 14:58 - 10418843 ____A C:\Users\Mandy Dawson\Desktop\JDA_Banner_SM.eps
2012-07-26 09:49 - 2012-07-26 09:49 - 01461740 ____A C:\Users\Mandy Dawson\Desktop\JDA_Banner_SM.rar
2012-07-26 09:08 - 2012-07-26 09:35 - 104394353 ____A C:\Users\Mandy Dawson\Downloads\nav_03.mp4.zip
2012-07-26 08:47 - 2012-07-26 09:06 - 69420664 ____A C:\Users\Mandy Dawson\Downloads\nav_02.mp4.zip
2012-07-26 08:39 - 2012-07-26 09:37 - 09476429 ____A C:\Users\Mandy Dawson\Downloads\nav_01.mp4.zip
2012-07-26 06:50 - 2012-07-26 06:51 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{C10172A2-F214-4DF6-83D1-919B7CF7C52A}
2012-07-26 06:50 - 2012-07-26 06:50 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{D34132F5-9B69-4DA2-85AD-D9EF26E1BE1F}
2012-07-25 18:50 - 2012-07-25 18:50 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{33099E8C-C4A4-4D5E-9B5E-3923297D7036}
2012-07-25 18:50 - 2012-07-25 18:50 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{07D04CE3-6405-4D5F-B8AB-557A8A6D421C}
2012-07-25 13:49 - 2012-07-25 14:20 - 123607767 ____A C:\Users\Mandy Dawson\Downloads\mag_01.mp4.zip
2012-07-25 13:13 - 2012-04-18 08:38 - 00000000 ____D C:\Users\Mandy Dawson\Desktop\JDA_Web
2012-07-25 07:28 - 2012-07-26 09:48 - 04028623 ____A C:\Users\Mandy Dawson\Desktop\JDA_Banner_SM.psd
2012-07-25 06:50 - 2012-07-25 06:50 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{18BA2487-623A-41CA-BFF1-516C087CA96E}
2012-07-25 06:49 - 2012-07-25 06:50 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{49FC3D90-79E5-4889-AA47-03826C4A69DE}
2012-07-24 18:49 - 2012-07-24 18:49 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{E2121EF7-AB81-4791-9406-469DE3CBD4C6}
2012-07-24 18:49 - 2012-07-24 18:49 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{50EEA4CD-EA8E-4827-9F9E-BDCF4E21659C}
2012-07-24 11:36 - 2012-07-24 11:36 - 02858652 ____A C:\Users\Mandy Dawson\Desktop\JDA_Banner.psd
2012-07-24 11:36 - 2012-07-24 11:36 - 00690380 ____A C:\Users\Mandy Dawson\Desktop\JDA_Banner.zip
2012-07-24 06:49 - 2012-07-24 06:49 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{8228A650-02FB-4A83-A0C3-5D4F04FF2987}
2012-07-24 06:48 - 2012-07-24 06:49 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{FA29EA59-11A7-453B-B032-11A711721868}
2012-07-23 18:48 - 2012-07-23 18:48 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{489F82F9-2E6C-4245-AF0B-C93F082F2E33}
2012-07-23 18:48 - 2012-07-23 18:48 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{0B5D1AE5-4702-4777-BAC4-3FE749862356}
2012-07-23 06:48 - 2012-07-23 06:48 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{0E9A01B0-9A4B-46C0-8266-C25182F934A7}
2012-07-23 06:47 - 2012-07-23 06:48 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{4C0BA40B-7E3E-4B4C-ABC7-16D5501C008B}
2012-07-22 18:47 - 2012-07-22 18:47 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{C7478164-7274-4C8F-B261-0B4F1E05AA05}
2012-07-22 18:47 - 2012-07-22 18:47 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{7DA7E847-354A-4970-B121-1A265BC910AF}
2012-07-22 06:47 - 2012-07-22 06:47 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{AE7D7513-2D53-433A-8031-E9B06F4EEF45}
2012-07-22 06:46 - 2012-07-22 06:47 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{9D9F6218-8EC4-43E4-8C92-AE9FF6454F39}
2012-07-21 19:06 - 2012-08-01 06:06 - 00000360 ____A C:\Windows\Tasks\HPCeeScheduleForMandy Dawson.job
2012-07-21 18:46 - 2012-07-21 18:46 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{C05B8828-46AE-4F38-82E1-2424639BEE11}
2012-07-21 18:46 - 2012-07-21 18:46 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{6B958366-D3DF-402D-8AB1-56555C76A8FC}
2012-07-21 06:46 - 2012-07-21 06:46 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{C16D91FA-CB73-41DD-B1C2-0B0DCF2C47CC}
2012-07-21 06:46 - 2012-07-21 06:46 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{9DDA2784-9F04-46E5-A610-0909BAD16F4D}
2012-07-20 18:45 - 2012-07-20 18:45 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{DDBF808E-B6E2-454D-9E64-659D1A4E71FA}
2012-07-20 18:45 - 2012-07-20 18:45 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{4600A95C-13B0-401F-9F14-C681458DFC56}
2012-07-20 06:45 - 2012-07-20 06:45 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{90C8A9E2-3106-41FA-AF09-0FAE501FF489}
2012-07-20 06:45 - 2012-07-20 06:45 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{26CEF61F-BD52-4FA7-974E-4F003F272D76}
2012-07-19 18:44 - 2012-07-19 18:45 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{CB501299-9E72-4AD3-AA69-8B67F9BB8402}
2012-07-19 18:44 - 2012-07-19 18:44 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{7616620D-EF62-4E78-961A-1B06654C8CF8}
2012-07-19 06:44 - 2012-07-19 06:44 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{B98964BF-22C7-4554-AB1C-A43B05F97246}
2012-07-19 06:44 - 2012-07-19 06:44 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{53972878-8816-47A8-BD3D-E832266B8C92}
2012-07-18 18:43 - 2012-07-18 18:44 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{D7901FA5-1AE4-4351-94D9-3BA0007EDD55}
2012-07-18 18:43 - 2012-07-18 18:43 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{362D36D2-CA70-4AE6-8655-256410C1EE54}
2012-07-18 06:43 - 2012-07-18 06:43 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{C6D63DF8-1387-4B53-82AB-0957F5A72B2D}
2012-07-18 06:43 - 2012-07-18 06:43 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{55889654-0E0F-44BA-BEAE-EC8A794C0D2F}
2012-07-17 18:31 - 2012-07-17 18:31 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{D76D368F-3868-40DD-A83D-0C974EB2E8ED}
2012-07-17 18:31 - 2012-07-17 18:31 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{447C9DF6-56AB-4368-A1AD-94E76F0BF2E3}
2012-07-17 11:50 - 2012-07-18 14:13 - 06113280 ____A C:\Users\Mandy Dawson\Desktop\zurich_incident_analysis_tool_v1.4.xls
2012-07-17 11:37 - 2012-07-17 11:37 - 00495979 ____A C:\Users\Mandy Dawson\Downloads\zurich_incident_analysis_tool_v1.4.xlsm
2012-07-17 11:27 - 2012-07-17 11:27 - 00495951 ____A C:\Users\Mandy Dawson\Downloads\zurich_incident_analysis_tool_v1.4 (2).xlsm
2012-07-17 08:24 - 2012-07-17 08:26 - 05926400 ____A C:\Users\Mandy Dawson\Downloads\zurich_incident_analysis_tool_v1.4 (1).xls
2012-07-17 06:31 - 2012-07-17 06:31 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{3A64BE57-5E4D-4621-BB82-EEC767495D30}
2012-07-17 06:30 - 2012-07-17 06:31 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{5F60D97D-0429-4C1C-AA60-01ACCF1D6200}
2012-07-16 18:30 - 2012-07-16 18:30 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{ED6A4B77-1B35-4766-8E56-33EA00EAB7C8}
2012-07-16 18:30 - 2012-07-16 18:30 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{269715D0-2672-4527-B211-06BD73B25208}
2012-07-16 06:30 - 2012-07-16 06:30 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{248DA1DC-6EB1-441C-940C-4018AFD07AC1}
2012-07-16 06:30 - 2012-07-16 06:30 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{1FC26901-35C4-4B78-8646-CE9DB0EDF4A1}
2012-07-15 18:29 - 2012-07-15 18:29 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{3CC42465-452D-4D5F-9EDB-D1A0C69107EF}
2012-07-15 18:29 - 2012-07-15 18:29 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{1303398B-1B6A-422E-B7F8-CEB315C94749}
2012-07-15 06:29 - 2012-07-15 06:29 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{CFC2FE10-48BE-4F9C-94F8-4618582B0D8D}
2012-07-15 06:29 - 2012-07-15 06:29 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{67A6DA8A-D38E-4201-B4AA-22F0FFFA8C53}
2012-07-14 18:28 - 2012-07-14 18:29 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{1852F17D-BB33-4696-8836-D8F1CA291B6D}
2012-07-14 18:28 - 2012-07-14 18:28 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{6D2909AB-54CF-43FA-B06C-BC724EDFCA5A}
2012-07-14 06:28 - 2012-07-14 06:28 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{F3F30147-91F6-4926-960E-C46901FC937E}
2012-07-14 06:28 - 2012-07-14 06:28 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{CFD50041-7FFB-4F11-8E21-73EA500F892E}
2012-07-13 18:28 - 2012-07-13 18:28 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{DF34F7FB-2BFA-491B-B96A-8268A9A36FA3}
2012-07-13 18:27 - 2012-07-13 18:28 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{0F24F1DA-EF73-492A-AA09-CB9608DFD01E}
2012-07-13 06:27 - 2012-07-13 06:27 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{8EFC0549-C6B6-4B03-A05A-64ECFF217205}
2012-07-13 06:27 - 2012-07-13 06:27 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{49897804-9845-4B7C-8694-71EC848BA5A5}
2012-07-12 18:27 - 2012-07-12 18:27 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{72499919-827A-443D-9EDE-65CBF74A83B1}
2012-07-12 18:27 - 2012-07-12 18:27 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{57268FE5-C56C-402D-BEA0-96F7E4FCEA55}
2012-07-12 14:50 - 2012-07-12 14:50 - 00349572 ____A C:\Users\Mandy Dawson\Downloads\SBDigitalArts-BigBucks-HiResSampleSet.zip
2012-07-12 06:26 - 2012-07-12 06:26 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{7AC56D60-082B-492D-A45C-84B35D4E4926}
2012-07-12 06:26 - 2012-07-12 06:26 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{183873D7-62CB-4E1B-B788-E694C29BF48C}
2012-07-11 06:50 - 2012-07-11 06:50 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{C132E2B1-E685-4C90-BDA3-D550DBFE89DC}
2012-07-11 06:50 - 2012-07-11 06:50 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{7F8BC1FC-ED00-4445-B91C-4B93E6F2171F}
2012-07-11 06:16 - 2012-07-23 11:14 - 00000000 ____D C:\Users\Mandy Dawson\Desktop\JDA
2012-07-11 01:06 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 01:03 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 01:03 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 01:03 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 01:03 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 01:03 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 01:03 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 01:03 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 01:03 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 01:03 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 01:03 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 01:03 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 01:03 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 01:03 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 01:03 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 01:03 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 01:03 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 01:03 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 01:03 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 01:03 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 01:03 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 01:03 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 01:03 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 01:03 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 01:03 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 01:03 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 01:03 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 01:03 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 01:03 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 01:01 - 2012-07-11 01:01 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-10 23:34 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 23:34 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 23:34 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 23:34 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 23:34 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 23:34 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 23:34 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 23:34 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 23:34 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 23:34 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 23:34 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 23:34 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 23:34 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 23:34 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 23:34 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 18:49 - 2012-07-10 18:49 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{10D7EEC4-BDC5-47E5-AA52-5DF0D17ADD1A}
2012-07-10 18:49 - 2012-07-10 18:49 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{057D86F3-18DC-4690-9550-6C49547F55FC}
2012-07-10 08:01 - 2012-07-10 08:02 - 07093248 ____A C:\Users\Mandy Dawson\Documents\zurich_incident_analysis_tool_v1.4.xls
2012-07-10 06:49 - 2012-07-10 06:49 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{3D571FE3-19E8-42E4-86D3-8024721EA274}
2012-07-10 06:48 - 2012-07-10 06:49 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{5DFC219D-2D21-4A7E-947E-668A4B783806}
2012-07-09 18:48 - 2012-07-09 18:48 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{38124355-F24E-411D-9B2C-398481F2C0E1}
2012-07-09 18:48 - 2012-07-09 18:48 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{28F89580-2B59-4D48-A347-7F000ADA09BC}
2012-07-09 06:47 - 2012-07-09 06:48 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{62E21385-9834-44EB-A8D6-D7609C50E370}
2012-07-09 06:47 - 2012-07-09 06:47 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{78677B49-77B8-4B9A-9D7A-25AD975E7072}
2012-07-09 06:12 - 2012-07-09 06:13 - 00000000 ____D C:\Program Files\iTunes
2012-07-09 06:12 - 2012-07-09 06:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-07-09 06:12 - 2012-07-09 06:12 - 00000000 ____D C:\Program Files\iPod
2012-07-09 05:54 - 2012-07-09 05:54 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-07-08 18:47 - 2012-07-08 18:47 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{C38E446B-1E49-4A3D-B8C7-071916D182E6}
2012-07-08 18:47 - 2012-07-08 18:47 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{491D0AB6-5386-43A3-8EA7-52DF9C6F6A6B}
2012-07-08 06:47 - 2012-07-08 06:47 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{F0D0DA91-B5D8-4286-8574-2AA991DF18CC}
2012-07-08 06:46 - 2012-07-08 06:47 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{173F6649-9BB9-456B-8142-F91B6A190073}
2012-07-07 18:46 - 2012-07-07 18:46 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{EB887019-8EE0-486F-96AD-B8F306FF0326}
2012-07-07 18:46 - 2012-07-07 18:46 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{9202EDD9-F31C-412E-AC3D-F5A8AAFD0D89}
2012-07-07 06:46 - 2012-07-07 06:46 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{3FD09A7B-97BE-4D28-82E7-D466704E6EF2}
2012-07-07 06:45 - 2012-07-07 06:46 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{42254187-C895-47FC-8477-7EFEE6F741D6}
2012-07-06 18:45 - 2012-07-06 18:45 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{5E99F135-1D45-475E-86F0-78A683C545DF}
2012-07-06 18:45 - 2012-07-06 18:45 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{125857CB-EE23-4171-B0DD-0AFF6661EA1C}
2012-07-06 06:45 - 2012-07-06 06:45 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{C1A11F25-BCBF-4EBD-AE1D-A16DF149411D}
2012-07-06 06:45 - 2012-07-06 06:45 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{3EE358DB-F0E1-48C8-89FE-EA259AA8365D}
2012-07-05 18:44 - 2012-07-05 18:45 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{05230672-77C6-4BE5-BF74-DAED2959974C}
2012-07-05 18:44 - 2012-07-05 18:44 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{1670D61C-84BE-4665-8D02-5402F2CBD718}
2012-07-05 06:44 - 2012-07-05 06:44 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{5444C4D9-1C42-45FE-9BA1-5CB95E309CB2}
2012-07-05 06:43 - 2012-07-05 06:44 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{F72772A4-3A9B-4831-A337-394FE9BB462B}
2012-07-04 18:43 - 2012-07-04 18:43 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{C12515E9-7E98-4915-914C-4482E980E353}
2012-07-04 18:43 - 2012-07-04 18:43 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{5717F478-EAF7-4783-A796-1BE7D155A5D5}
2012-07-04 13:44 - 2012-07-04 13:45 - 00179555 ____A C:\Users\Mandy Dawson\Downloads\peol-960gridder-677b61a.zip
2012-07-04 13:15 - 2012-07-04 13:16 - 04148712 ____A C:\Users\Mandy Dawson\Downloads\nathansmith-960-Grid-System-b0c5b98.zip
2012-07-04 06:43 - 2012-07-04 06:43 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{76CE7BEF-E753-4263-B34A-FF4A7C212212}
2012-07-04 06:43 - 2012-07-04 06:43 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{72696366-F4F0-483D-A4DD-8A3EE71915ED}
2012-07-03 18:15 - 2012-07-03 18:15 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{F9B736E8-9E1C-41AA-9523-B2BB7435A617}
2012-07-03 18:15 - 2012-07-03 18:15 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{A6C7D87C-1415-4844-B3FD-162548E231DF}
2012-07-03 06:15 - 2012-07-03 06:15 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{E994AD9B-8BF3-4D54-AE22-8F7BE4353662}
2012-07-03 06:15 - 2012-07-03 06:15 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{06A2B0E2-79F8-49DD-B894-2A82B50B3DAC}
2012-07-02 18:14 - 2012-07-02 18:15 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{770DF41E-6C3A-4127-9C46-418D2132D4DA}
2012-07-02 18:14 - 2012-07-02 18:14 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{7CC7B1D1-C479-4005-8E15-3D4ABE56DD11}
2012-07-02 06:14 - 2012-07-02 06:14 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{BA66A840-A7CB-462D-9C0A-3E149567E252}
2012-07-02 06:14 - 2012-07-02 06:14 - 00000000 ____D C:\Users\Mandy Dawson\AppData\Local\{AF5CC9BB-217E-45BA-9B03-DCC319DFAA65}

============ 3 Months Modified Files ========================

2012-08-01 08:23 - 2012-08-01 08:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.748E52246A79BCCC
2012-08-01 08:23 - 2012-08-01 08:23 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\whnnggyv.sys
2012-08-01 08:22 - 2012-06-20 14:05 - 00012666 ____A C:\Windows\setupact.log
2012-08-01 08:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-01 08:20 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-01 08:18 - 2012-08-01 08:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD0537730FBA2841
2012-08-01 08:14 - 2012-08-01 08:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F6A331BF0AAAC699
2012-08-01 08:12 - 2012-08-01 08:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61FCBAD46550DA5F
2012-08-01 08:12 - 2012-04-09 08:02 - 00000956 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3612980087-3650618516-3365457895-1000UA.job
2012-08-01 08:09 - 2012-08-01 08:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.002780B5A8CD739C
2012-08-01 08:06 - 2012-08-01 08:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27F9BA511B59A390
2012-08-01 08:03 - 2012-08-01 08:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8635B1A72F5EBC0B
2012-08-01 08:00 - 2012-08-01 08:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29D77F92A7F0A72F
2012-08-01 07:58 - 2012-08-01 07:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B104C9D950B899C3
2012-08-01 07:58 - 2012-08-01 06:36 - 00000041 ____A C:\Windows\TImageListHandler.ini
2012-08-01 07:57 - 2012-08-01 06:27 - 00000044 ____A C:\Windows\iltwain.ini
2012-08-01 07:56 - 2012-05-14 06:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-01 07:54 - 2012-08-01 07:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50317FE43EEE5D32
2012-08-01 07:53 - 2010-08-19 15:19 - 00282188 ____A C:\Windows\PFRO.log
2012-08-01 07:52 - 2012-08-01 07:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A4AABE08C6B07B5
2012-08-01 07:52 - 2012-08-01 07:52 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lemdrmmw.sys
2012-08-01 07:49 - 2012-08-01 07:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.381E6D03BCCC5464
2012-08-01 07:46 - 2012-08-01 07:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.869167E1EB21E3EA
2012-08-01 07:43 - 2012-08-01 07:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE34331A8CE8D979
2012-08-01 07:41 - 2012-08-01 07:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.470797769A35D044
2012-08-01 07:41 - 2012-05-17 17:24 - 00452626 ____A C:\Windows\SysWOW64\debug.log
2012-08-01 07:38 - 2012-08-01 07:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAAE4D3DFAF04852
2012-08-01 07:36 - 2010-08-19 14:37 - 01544567 ____A C:\Windows\WindowsUpdate.log
2012-08-01 07:31 - 2012-08-01 07:31 - 00000190 ____A C:\Users\Mandy Dawson\Desktop\New shortcut.lnk
2012-08-01 07:26 - 2012-08-01 07:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A3BE1D5B49E6A3B0
2012-08-01 07:24 - 2012-08-01 07:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD5A8F6DE8C7E24C
2012-08-01 07:18 - 2012-08-01 07:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F627A16BBBC2DAD0
2012-08-01 07:13 - 2012-08-01 07:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CD97CC0414F91F4
2012-08-01 07:07 - 2012-08-01 07:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BC392DA4B8BFD01
2012-08-01 06:53 - 2012-06-26 05:55 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-01 06:38 - 2010-09-15 07:09 - 00805322 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-01 06:33 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-01 06:33 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-01 06:06 - 2012-07-21 19:06 - 00000360 ____A C:\Windows\Tasks\HPCeeScheduleForMandy Dawson.job
2012-07-31 14:12 - 2012-04-09 08:02 - 00000934 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3612980087-3650618516-3365457895-1000Core.job
2012-07-31 14:04 - 2012-07-31 13:52 - 07715443 ____A C:\Users\Mandy Dawson\Desktop\bc.psd
2012-07-31 11:07 - 2010-08-19 14:39 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2012-07-30 08:46 - 2012-05-08 14:23 - 00001456 ____A C:\Users\Mandy Dawson\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-07-27 01:52 - 2012-05-14 06:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-27 01:52 - 2011-10-06 06:12 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-26 14:58 - 2012-07-26 14:58 - 10418843 ____A C:\Users\Mandy Dawson\Desktop\JDA_Banner_SM.eps
2012-07-26 09:49 - 2012-07-26 09:49 - 01461740 ____A C:\Users\Mandy Dawson\Desktop\JDA_Banner_SM.rar
2012-07-26 09:48 - 2012-07-25 07:28 - 04028623 ____A C:\Users\Mandy Dawson\Desktop\JDA_Banner_SM.psd
2012-07-26 09:37 - 2012-07-26 08:39 - 09476429 ____A C:\Users\Mandy Dawson\Downloads\nav_01.mp4.zip
2012-07-26 09:35 - 2012-07-26 09:08 - 104394353 ____A C:\Users\Mandy Dawson\Downloads\nav_03.mp4.zip
2012-07-26 09:06 - 2012-07-26 08:47 - 69420664 ____A C:\Users\Mandy Dawson\Downloads\nav_02.mp4.zip
2012-07-26 08:24 - 2012-05-03 08:21 - 00000132 ____A C:\Users\Mandy Dawson\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-07-25 14:20 - 2012-07-25 13:49 - 123607767 ____A C:\Users\Mandy Dawson\Downloads\mag_01.mp4.zip
2012-07-24 11:36 - 2012-07-24 11:36 - 02858652 ____A C:\Users\Mandy Dawson\Desktop\JDA_Banner.psd
2012-07-24 11:36 - 2012-07-24 11:36 - 00690380 ____A C:\Users\Mandy Dawson\Desktop\JDA_Banner.zip
2012-07-18 14:13 - 2012-07-17 11:50 - 06113280 ____A C:\Users\Mandy Dawson\Desktop\zurich_incident_analysis_tool_v1.4.xls
2012-07-17 11:37 - 2012-07-17 11:37 - 00495979 ____A C:\Users\Mandy Dawson\Downloads\zurich_incident_analysis_tool_v1.4.xlsm
2012-07-17 11:27 - 2012-07-17 11:27 - 00495951 ____A C:\Users\Mandy Dawson\Downloads\zurich_incident_analysis_tool_v1.4 (2).xlsm
2012-07-17 08:26 - 2012-07-17 08:24 - 05926400 ____A C:\Users\Mandy Dawson\Downloads\zurich_incident_analysis_tool_v1.4 (1).xls
2012-07-12 20:03 - 2010-11-05 13:40 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-12 20:03 - 2010-11-05 13:40 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-12 20:03 - 2010-11-05 13:40 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-12 14:50 - 2012-07-12 14:50 - 00349572 ____A C:\Users\Mandy Dawson\Downloads\SBDigitalArts-BigBucks-HiResSampleSet.zip
2012-07-11 01:25 - 2009-07-13 20:45 - 05060064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 08:02 - 2012-07-10 08:01 - 07093248 ____A C:\Users\Mandy Dawson\Documents\zurich_incident_analysis_tool_v1.4.xls
2012-07-04 13:45 - 2012-07-04 13:44 - 00179555 ____A C:\Users\Mandy Dawson\Downloads\peol-960gridder-677b61a.zip
2012-07-04 13:16 - 2012-07-04 13:15 - 04148712 ____A C:\Users\Mandy Dawson\Downloads\nathansmith-960-Grid-System-b0c5b98.zip
2012-07-03 20:02 - 2010-08-19 15:19 - 00287084 ____N C:\Windows\Minidump\070312-22744-01.dmp
2012-06-27 07:52 - 2012-03-13 09:14 - 00034759 ____A C:\Users\Mandy Dawson\Desktop\NVC Employee Incident Form.xlsx
2012-06-26 07:35 - 2011-09-23 13:40 - 00002018 ___AH C:\Users\Mandy Dawson\Documents\Default.rdp
2012-06-26 05:56 - 2012-06-12 10:52 - 00000000 __ASH C:\Windows\System32\dds_log_ad13.cmd
2012-06-25 11:58 - 2009-07-13 21:13 - 00796658 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-21 09:42 - 2010-12-14 14:03 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-06-20 11:53 - 2012-06-20 11:53 - 00000363 ____A C:\Windows\DirectX.log
2012-06-20 11:34 - 2012-06-19 14:28 - 00242804 ____A C:\Users\Mandy Dawson\Downloads\businesscard-3.5inx2in-h-front.psd.zip
2012-06-14 08:37 - 2012-06-14 08:37 - 00018838 ____A C:\Users\Mandy Dawson\Downloads\thedayhascome-Fluid-Baseline-Grid-be5fa84.zip
2012-06-13 13:33 - 2010-08-19 14:39 - 00135992 ____A C:\Users\Mandy Dawson\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-12 07:15 - 2010-08-27 09:00 - 00001192 ____A C:\users\Mandy
2012-06-11 19:02 - 2012-07-11 01:06 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 08:03 - 2012-03-14 13:04 - 00078174 ____A C:\Users\Mandy Dawson\Documents\jdaaudit2012.eca
2012-06-08 21:30 - 2012-07-10 23:34 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 23:34 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-07-10 23:34 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 23:34 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 23:34 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 23:34 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-22 17:27 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 17:27 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 17:27 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 17:27 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 17:27 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 17:27 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 17:27 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 13:19 - 2012-06-22 17:26 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 13:15 - 2012-06-22 17:26 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 01:03 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 01:03 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 01:03 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 01:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 01:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 01:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 01:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 01:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 01:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 01:03 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 01:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 01:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 01:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 01:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 01:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 01:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 01:03 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 01:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 01:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 01:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 01:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 01:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 01:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 01:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 01:03 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 01:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 01:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 01:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-10 23:34 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-10 23:34 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-10 23:34 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-10 23:34 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-10 23:34 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-10 23:34 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-10 23:34 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-10 23:34 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-10 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-18 05:59 - 2010-11-05 13:40 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-18 05:59 - 2010-11-05 13:40 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll.000.bak
2012-05-17 13:30 - 2012-05-17 13:30 - 00000438 ____A C:\Users\Mandy Dawson\Documents\OutofTown.txt
2012-05-10 12:18 - 2012-05-10 12:18 - 00212008 ____A C:\Users\Mandy Dawson\Downloads\columnal-0.85.zip
2012-05-10 09:46 - 2012-05-10 09:46 - 00046434 ____A C:\Users\Mandy Dawson\Downloads\jonikorpi-Golden-Grid-System-df652de.zip
2012-05-09 11:32 - 2012-05-09 11:32 - 00026830 ____A C:\Users\Mandy Dawson\Downloads\dhgamache-Skeleton-6d07a65.zip
2012-05-09 07:20 - 2012-05-09 07:18 - 00014716 ____A C:\Users\Mandy Dawson\Downloads\eStmt_2012-04-20.txt
2012-05-09 07:19 - 2012-05-09 07:19 - 00014716 ____A C:\Users\Mandy Dawson\Downloads\eStmt_2012-04-20 (1).txt
2012-05-04 02:52 - 2012-06-12 12:37 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-12 12:37 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-12 12:37 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

ZeroAccess:
C:\Windows\Installer\{76723c1c-d726-601d-56be-142941fe48d9}
C:\Windows\Installer\{76723c1c-d726-601d-56be-142941fe48d9}\@
C:\Windows\Installer\{76723c1c-d726-601d-56be-142941fe48d9}\L
C:\Windows\Installer\{76723c1c-d726-601d-56be-142941fe48d9}\n
C:\Windows\Installer\{76723c1c-d726-601d-56be-142941fe48d9}\U
C:\Windows\Installer\{76723c1c-d726-601d-56be-142941fe48d9}\U\00000001.@

ZeroAccess:
C:\Users\Mandy Dawson\AppData\Local\{76723c1c-d726-601d-56be-142941fe48d9}
C:\Users\Mandy Dawson\AppData\Local\{76723c1c-d726-601d-56be-142941fe48d9}\@
C:\Users\Mandy Dawson\AppData\Local\{76723c1c-d726-601d-56be-142941fe48d9}\L
C:\Users\Mandy Dawson\AppData\Local\{76723c1c-d726-601d-56be-142941fe48d9}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 6143.18 MB
Available physical RAM: 5182.41 MB
Total Pagefile: 6141.33 MB
Available Pagefile: 5168.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:920.03 GB) (Free:710.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.38 GB) (Free:1.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (OFFICE11) (CDROM) (Total:0.39 GB) (Free:0 GB) CDFS
8 Drive k: (LEXAR) (Removable) (Total:29.84 GB) (Free:29.84 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 29 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 920 GB 101 MB
Partition 3 Primary 11 GB 920 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 920 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 17 MB

==================================================================================

Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K LEXAR FAT32 Removable 29 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-27 22:41

======================= End Of Log ==========================

Edited by suddenmuse, 01 August 2012 - 03:15 PM.


BC AdBot (Login to Remove)

 


#2 suddenmuse

suddenmuse
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 03 August 2012 - 09:37 AM

Note: I will be away for the weekend starting this afternoon and will be returning on August 7th. Thank you.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 06 August 2012 - 12:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463429 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 suddenmuse

suddenmuse
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 07 August 2012 - 08:58 AM

My PC has stopped continuously rebooting, and I have been able to run Malwarebytes which has turned up some trojans and rootkits. The mysterious recovery does not have me convinced that all is right with my PC, as well, windows firewall and windows defender are not working, "The specified service does not exist as an installed service. Error Code: 0x80070424."

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mandy Dawson at 7:52:07 on 2012-08-07
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.6143.4004 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\FunctionService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Users\Mandy Dawson\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
\\.\globalroot\systemroot\Installer\{76723c1c-d726-601d-56be-142941fe48d9}\U
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge]
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\MANDYD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mandy Dawson\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mile.webex.com/client/T27LB/nbr/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: Interfaces\{7F97EF10-6A0F-4BD5-8BE3-31D547957188} : NameServer = 192.168.101.1,192.168.101.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 0.0.0.0 localhost
Hosts: 0.0.0.0 localhost
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-11-28 133944]
R2 EpServiceFunction;Service Function;C:\Windows\SysWOW64\FunctionService.exe [2011-7-21 903680]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-7 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-2 655944]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 250056]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-17 1038088]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
S4 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-12-20 65536]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-02 15:24:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-02 15:24:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-02 15:04:43 328704 ----a-w- C:\Windows\System32\services.exe.9CE713CE0E2A30D3
2012-08-02 15:01:48 328704 ----a-w- C:\Windows\System32\services.exe.C5642D6395F084E6
2012-08-02 14:53:24 328704 ----a-w- C:\Windows\System32\services.exe.9C9CA21CFFD4293F
2012-08-02 14:48:07 328704 ----a-w- C:\Windows\System32\services.exe.969432B5AB6E2FE8
2012-08-02 14:45:13 328704 ----a-w- C:\Windows\System32\services.exe.A8C7A705594E6703
2012-08-02 14:42:02 328704 ----a-w- C:\Windows\System32\services.exe.803C60B14CC87793
2012-08-01 22:52:09 328704 ----a-w- C:\Windows\System32\services.exe.C8CF42E32040E9C0
2012-08-01 22:49:15 328704 ----a-w- C:\Windows\System32\services.exe.0586266235E34C20
2012-08-01 22:46:16 328704 ----a-w- C:\Windows\System32\services.exe.FBFBD8CE821CFAD2
2012-08-01 22:28:45 328704 ----a-w- C:\Windows\System32\services.exe.3EC391E3FEDD9B10
2012-08-01 22:25:20 328704 ----a-w- C:\Windows\System32\services.exe.88CC516EF8F3A88D
2012-08-01 22:22:28 328704 ----a-w- C:\Windows\System32\services.exe.09A20EA63446535B
2012-08-01 22:11:45 328704 ----a-w- C:\Windows\System32\services.exe.3528854715AB0FD6
2012-08-01 22:08:50 328704 ----a-w- C:\Windows\System32\services.exe.8C79F678F3EF5438
2012-08-01 22:05:49 328704 ----a-w- C:\Windows\System32\services.exe.B48BE2E7CB3118DC
2012-08-01 22:02:58 328704 ----a-w- C:\Windows\System32\services.exe.25B0C07C76794D43
2012-08-01 21:59:55 328704 ----a-w- C:\Windows\System32\services.exe.A28274F07EF0029C
2012-08-01 21:57:00 328704 ----a-w- C:\Windows\System32\services.exe.1EE73331E7D266B4
2012-08-01 21:46:50 328704 ----a-w- C:\Windows\System32\services.exe.6264AF48D3CAFA83
2012-08-01 21:44:06 328704 ----a-w- C:\Windows\System32\services.exe.1D48112A56797B51
2012-08-01 21:41:17 328704 ----a-w- C:\Windows\System32\services.exe.79D9AA246D5BBE26
2012-08-01 21:38:32 328704 ----a-w- C:\Windows\System32\services.exe.4D2E20E0DFB29D23
2012-08-01 21:35:43 328704 ----a-w- C:\Windows\System32\services.exe.51DAF5EA5445A03B
2012-08-01 21:25:19 328704 ----a-w- C:\Windows\System32\services.exe.30AB92D3CCFE4104
2012-08-01 21:22:25 328704 ----a-w- C:\Windows\System32\services.exe.5614B0748F2D90D3
2012-08-01 21:19:42 328704 ----a-w- C:\Windows\System32\services.exe.A689FEF19B5238E6
2012-08-01 21:16:44 328704 ----a-w- C:\Windows\System32\services.exe.6CB4B4A7E44E3E50
2012-08-01 21:13:47 328704 ----a-w- C:\Windows\System32\services.exe.47775F9EDAEBD1F8
2012-08-01 21:00:07 328704 ----a-w- C:\Windows\System32\services.exe.AF2B44BF3C79D821
2012-08-01 20:57:29 328704 ----a-w- C:\Windows\System32\services.exe.EA16D220D2631A45
2012-08-01 20:54:59 328704 ----a-w- C:\Windows\System32\services.exe.EEF6884325C6751F
2012-08-01 20:49:46 328704 ----a-w- C:\Windows\System32\services.exe.9A6441B0FB2A392A
2012-08-01 20:41:46 328704 ----a-w- C:\Windows\System32\services.exe.A3935C052BC11F29
2012-08-01 20:39:17 328704 ----a-w- C:\Windows\System32\services.exe.0DDC2481C85066A5
2012-08-01 20:34:22 328704 ----a-w- C:\Windows\System32\services.exe.631E22709D1584E7
2012-08-01 20:24:17 328704 ----a-w- C:\Windows\System32\services.exe.84DD1760834DB272
2012-08-01 20:21:30 328704 ----a-w- C:\Windows\System32\services.exe.00817D9ED42B8603
2012-08-01 20:16:32 328704 ----a-w- C:\Windows\System32\services.exe.A976E5F464849D47
2012-08-01 20:13:36 328704 ----a-w- C:\Windows\System32\services.exe.1227FA39DEF261D1
2012-08-01 20:10:39 328704 ----a-w- C:\Windows\System32\services.exe.22E413E8D703F055
2012-08-01 20:07:31 328704 ----a-w- C:\Windows\System32\services.exe.BC0AC9986E2377D7
2012-08-01 19:55:48 328704 ----a-w- C:\Windows\System32\services.exe.DFFB2A31419E141F
2012-08-01 19:46:05 328704 ----a-w- C:\Windows\System32\services.exe.4A56D45ABDB5BD3B
2012-08-01 19:43:11 328704 ----a-w- C:\Windows\System32\services.exe.8BE990F3D0B2E27C
2012-08-01 19:16:45 328704 ----a-w- C:\Windows\System32\services.exe.B7EC8ABC02031F39
2012-08-01 19:09:08 328704 ----a-w- C:\Windows\System32\services.exe.28A42AA93EE5648F
2012-08-01 19:04:23 328704 ----a-w- C:\Windows\System32\services.exe.DDF45E3502486C36
2012-08-01 19:01:35 328704 ----a-w- C:\Windows\System32\services.exe.380DC20954C7A607
2012-08-01 18:58:46 328704 ----a-w- C:\Windows\System32\services.exe.5F38E0B88D8DD536
2012-08-01 18:55:55 328704 ----a-w- C:\Windows\System32\services.exe.847ACF7D78A48656
2012-08-01 18:52:48 328704 ----a-w- C:\Windows\System32\services.exe.17A4D34143280B66
2012-08-01 18:49:37 -------- d-----w- C:\FRST
2012-08-01 18:40:54 328704 ----a-w- C:\Windows\System32\services.exe.D84535728C2B4946
2012-08-01 18:31:14 328704 ----a-w- C:\Windows\System32\services.exe.A5812B6D71095CD1
2012-08-01 18:28:29 328704 ----a-w- C:\Windows\System32\services.exe.9970A49CA6FBAF6A
2012-08-01 18:25:43 328704 ----a-w- C:\Windows\System32\services.exe.3C10F601848A47C2
2012-08-01 18:22:58 328704 ----a-w- C:\Windows\System32\services.exe.86C2A253D4D06CE6
2012-08-01 18:20:07 328704 ----a-w- C:\Windows\System32\services.exe.1C0EFEB7BD687179
2012-08-01 18:15:23 328704 ----a-w- C:\Windows\System32\services.exe.438D9C85533D92C5
2012-08-01 18:12:18 328704 ----a-w- C:\Windows\System32\services.exe.9AF3E544EC566CEB
2012-08-01 17:28:35 328704 ----a-w- C:\Windows\System32\services.exe.870B288743572F40
2012-08-01 16:53:33 328704 ----a-w- C:\Windows\System32\services.exe.1FF51F90F4596CF7
2012-08-01 16:23:03 50392 ----a-w- C:\Windows\System32\drivers\whnnggyv.sys
2012-08-01 16:23:03 328704 ----a-w- C:\Windows\System32\services.exe.748E52246A79BCCC
2012-08-01 16:18:01 328704 ----a-w- C:\Windows\System32\services.exe.BD0537730FBA2841
2012-08-01 16:14:54 328704 ----a-w- C:\Windows\System32\services.exe.F6A331BF0AAAC699
2012-08-01 16:12:15 328704 ----a-w- C:\Windows\System32\services.exe.61FCBAD46550DA5F
2012-08-01 16:09:16 328704 ----a-w- C:\Windows\System32\services.exe.002780B5A8CD739C
2012-08-01 16:06:30 328704 ----a-w- C:\Windows\System32\services.exe.27F9BA511B59A390
2012-08-01 16:03:43 328704 ----a-w- C:\Windows\System32\services.exe.8635B1A72F5EBC0B
2012-08-01 16:00:55 328704 ----a-w- C:\Windows\System32\services.exe.29D77F92A7F0A72F
2012-08-01 15:58:32 328704 ----a-w- C:\Windows\System32\services.exe.B104C9D950B899C3
2012-08-01 15:54:52 328704 ----a-w- C:\Windows\System32\services.exe.50317FE43EEE5D32
2012-08-01 15:52:37 50392 ----a-w- C:\Windows\System32\drivers\lemdrmmw.sys
2012-08-01 15:52:37 328704 ----a-w- C:\Windows\System32\services.exe.2A4AABE08C6B07B5
2012-08-01 15:49:35 328704 ----a-w- C:\Windows\System32\services.exe.381E6D03BCCC5464
2012-08-01 15:46:47 328704 ----a-w- C:\Windows\System32\services.exe.869167E1EB21E3EA
2012-08-01 15:43:58 328704 ----a-w- C:\Windows\System32\services.exe.AE34331A8CE8D979
2012-08-01 15:41:17 328704 ----a-w- C:\Windows\System32\services.exe.470797769A35D044
2012-08-01 15:38:17 328704 ----a-w- C:\Windows\System32\services.exe.CAAE4D3DFAF04852
2012-08-01 15:26:48 328704 ----a-w- C:\Windows\System32\services.exe.A3BE1D5B49E6A3B0
2012-08-01 15:24:12 328704 ----a-w- C:\Windows\System32\services.exe.BD5A8F6DE8C7E24C
2012-08-01 15:18:56 328704 ----a-w- C:\Windows\System32\services.exe.F627A16BBBC2DAD0
2012-08-01 15:13:03 328704 ----a-w- C:\Windows\System32\services.exe.8CD97CC0414F91F4
2012-08-01 15:07:28 328704 ----a-w- C:\Windows\System32\services.exe.2BC392DA4B8BFD01
2012-08-01 02:17:27 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{E6916919-AF22-4223-BE41-E7FF7A653F04}
2012-08-01 02:17:12 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{F6A21A34-E3AB-4FD8-BA6A-52BE721B2D26}
2012-07-31 14:16:45 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{628D3AC2-BAF6-470C-A631-C06CF5F6833F}
2012-07-31 14:16:34 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{0F4DA235-A6FA-4E7B-BD55-C6101EA0C6E7}
2012-07-31 02:16:19 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{21DABE0D-15A7-49A3-9CF9-35BE48D88216}
2012-07-31 02:16:08 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{FBE4F6D0-1884-4348-A820-DC0E1A09EDEF}
2012-07-30 14:15:53 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{82BD6D80-432B-403A-8542-76B6F1817C83}
2012-07-30 14:15:42 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{D5B56B45-E8C3-412B-9AAA-F9CBDC284CBF}
2012-07-30 02:15:27 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{75FEF18C-8A42-42BE-805E-24380F041303}
2012-07-30 02:15:15 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{DA9BF4E2-706C-4FED-877E-4981CBE3E604}
2012-07-29 14:15:00 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{B5BC15A9-285F-45B3-81F0-029A6710EC71}
2012-07-29 14:14:47 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{4C67E1A4-BABF-4CB9-B31D-AE02F86A5B3A}
2012-07-29 02:14:33 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{794731E5-FF49-4429-8074-79ECBE6F6935}
2012-07-29 02:14:21 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{1A3E2785-E36F-4595-9104-8EF09DF53C6D}
2012-07-28 14:14:07 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{802F3E4A-D0E3-4319-969D-CCFFE8EDB223}
2012-07-28 14:13:55 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{58C94CC8-72A6-4975-8788-B04C89434083}
2012-07-28 02:13:40 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{3138D4AA-1879-40F0-99D5-EAFE4ADD6E9C}
2012-07-28 02:13:28 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{4366E60B-74A2-41C5-8F2B-334A43894231}
2012-07-27 14:13:11 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{DEE772DC-E029-4068-9B85-DB18E8D7FC58}
2012-07-27 14:12:58 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{6E8DF9E3-4A57-41B2-8EFB-264CC1BA81B2}
2012-07-27 14:12:34 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{E0CE4244-0131-4F2C-873D-846CDE906D80}
2012-07-27 14:12:21 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{1E8A3516-3A08-4008-83B5-21422F80FB47}
2012-07-26 14:50:55 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{C10172A2-F214-4DF6-83D1-919B7CF7C52A}
2012-07-26 14:50:44 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{D34132F5-9B69-4DA2-85AD-D9EF26E1BE1F}
2012-07-26 02:50:30 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{07D04CE3-6405-4D5F-B8AB-557A8A6D421C}
2012-07-26 02:50:18 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{33099E8C-C4A4-4D5E-9B5E-3923297D7036}
2012-07-25 14:50:04 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{18BA2487-623A-41CA-BFF1-516C087CA96E}
2012-07-25 14:49:52 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{49FC3D90-79E5-4889-AA47-03826C4A69DE}
2012-07-25 02:49:36 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{50EEA4CD-EA8E-4827-9F9E-BDCF4E21659C}
2012-07-25 02:49:24 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{E2121EF7-AB81-4791-9406-469DE3CBD4C6}
2012-07-24 14:49:10 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{8228A650-02FB-4A83-A0C3-5D4F04FF2987}
2012-07-24 14:48:58 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{FA29EA59-11A7-453B-B032-11A711721868}
2012-07-24 02:48:44 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{489F82F9-2E6C-4245-AF0B-C93F082F2E33}
2012-07-24 02:48:32 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{0B5D1AE5-4702-4777-BAC4-3FE749862356}
2012-07-23 14:48:04 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{0E9A01B0-9A4B-46C0-8266-C25182F934A7}
2012-07-23 14:47:52 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{4C0BA40B-7E3E-4B4C-ABC7-16D5501C008B}
2012-07-23 02:47:37 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{7DA7E847-354A-4970-B121-1A265BC910AF}
2012-07-23 02:47:24 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{C7478164-7274-4C8F-B261-0B4F1E05AA05}
2012-07-22 14:47:10 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{AE7D7513-2D53-433A-8031-E9B06F4EEF45}
2012-07-22 14:46:54 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{9D9F6218-8EC4-43E4-8C92-AE9FF6454F39}
2012-07-22 02:46:39 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{6B958366-D3DF-402D-8AB1-56555C76A8FC}
2012-07-22 02:46:27 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{C05B8828-46AE-4F38-82E1-2424639BEE11}
2012-07-21 14:46:13 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{9DDA2784-9F04-46E5-A610-0909BAD16F4D}
2012-07-21 14:46:01 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{C16D91FA-CB73-41DD-B1C2-0B0DCF2C47CC}
2012-07-21 02:45:48 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{4600A95C-13B0-401F-9F14-C681458DFC56}
2012-07-21 02:45:37 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{DDBF808E-B6E2-454D-9E64-659D1A4E71FA}
2012-07-20 14:45:22 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{26CEF61F-BD52-4FA7-974E-4F003F272D76}
2012-07-20 14:45:11 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{90C8A9E2-3106-41FA-AF09-0FAE501FF489}
2012-07-20 02:44:48 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{CB501299-9E72-4AD3-AA69-8B67F9BB8402}
2012-07-20 02:44:35 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{7616620D-EF62-4E78-961A-1B06654C8CF8}
2012-07-19 14:44:21 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{B98964BF-22C7-4554-AB1C-A43B05F97246}
2012-07-19 14:44:10 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{53972878-8816-47A8-BD3D-E832266B8C92}
2012-07-19 02:43:55 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{D7901FA5-1AE4-4351-94D9-3BA0007EDD55}
2012-07-19 02:43:43 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{362D36D2-CA70-4AE6-8655-256410C1EE54}
2012-07-18 14:43:16 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{C6D63DF8-1387-4B53-82AB-0957F5A72B2D}
2012-07-18 14:43:04 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{55889654-0E0F-44BA-BEAE-EC8A794C0D2F}
2012-07-18 02:31:42 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{447C9DF6-56AB-4368-A1AD-94E76F0BF2E3}
2012-07-18 02:31:30 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{D76D368F-3868-40DD-A83D-0C974EB2E8ED}
2012-07-17 14:31:03 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{3A64BE57-5E4D-4621-BB82-EEC767495D30}
2012-07-17 14:30:52 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{5F60D97D-0429-4C1C-AA60-01ACCF1D6200}
2012-07-17 02:30:38 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{ED6A4B77-1B35-4766-8E56-33EA00EAB7C8}
2012-07-17 02:30:26 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{269715D0-2672-4527-B211-06BD73B25208}
2012-07-16 14:30:11 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{248DA1DC-6EB1-441C-940C-4018AFD07AC1}
2012-07-16 14:30:00 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{1FC26901-35C4-4B78-8646-CE9DB0EDF4A1}
2012-07-16 02:29:47 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{3CC42465-452D-4D5F-9EDB-D1A0C69107EF}
2012-07-16 02:29:35 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{1303398B-1B6A-422E-B7F8-CEB315C94749}
2012-07-15 14:29:21 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{CFC2FE10-48BE-4F9C-94F8-4618582B0D8D}
2012-07-15 14:29:09 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{67A6DA8A-D38E-4201-B4AA-22F0FFFA8C53}
2012-07-15 02:28:56 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{1852F17D-BB33-4696-8836-D8F1CA291B6D}
2012-07-15 02:28:44 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{6D2909AB-54CF-43FA-B06C-BC724EDFCA5A}
2012-07-14 14:28:30 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{CFD50041-7FFB-4F11-8E21-73EA500F892E}
2012-07-14 14:28:18 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{F3F30147-91F6-4926-960E-C46901FC937E}
2012-07-14 02:28:05 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{DF34F7FB-2BFA-491B-B96A-8268A9A36FA3}
2012-07-14 02:27:54 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{0F24F1DA-EF73-492A-AA09-CB9608DFD01E}
2012-07-13 14:27:41 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{8EFC0549-C6B6-4B03-A05A-64ECFF217205}
2012-07-13 14:27:29 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{49897804-9845-4B7C-8694-71EC848BA5A5}
2012-07-13 02:27:15 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{72499919-827A-443D-9EDE-65CBF74A83B1}
2012-07-13 02:27:04 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{57268FE5-C56C-402D-BEA0-96F7E4FCEA55}
2012-07-12 14:26:48 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{7AC56D60-082B-492D-A45C-84B35D4E4926}
2012-07-12 14:26:37 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{183873D7-62CB-4E1B-B788-E694C29BF48C}
2012-07-11 14:50:44 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{7F8BC1FC-ED00-4445-B91C-4B93E6F2171F}
2012-07-11 14:50:08 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{C132E2B1-E685-4C90-BDA3-D550DBFE89DC}
2012-07-11 09:06:43 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 09:01:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-11 02:49:40 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{10D7EEC4-BDC5-47E5-AA52-5DF0D17ADD1A}
2012-07-11 02:49:28 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{057D86F3-18DC-4690-9550-6C49547F55FC}
2012-07-10 14:49:02 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{3D571FE3-19E8-42E4-86D3-8024721EA274}
2012-07-10 14:48:50 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{5DFC219D-2D21-4A7E-947E-668A4B783806}
2012-07-10 02:48:37 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{38124355-F24E-411D-9B2C-398481F2C0E1}
2012-07-10 02:48:25 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{28F89580-2B59-4D48-A347-7F000ADA09BC}
2012-07-09 14:47:58 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{62E21385-9834-44EB-A8D6-D7609C50E370}
2012-07-09 14:47:46 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{78677B49-77B8-4B9A-9D7A-25AD975E7072}
2012-07-09 14:12:36 -------- d-----w- C:\Program Files\iPod
2012-07-09 14:12:34 -------- d-----w- C:\Program Files\iTunes
2012-07-09 14:12:34 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-09 13:54:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-09 13:54:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-09 13:54:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-09 13:54:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-09 13:54:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-09 13:54:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-09 13:54:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-09 02:47:32 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{C38E446B-1E49-4A3D-B8C7-071916D182E6}
2012-07-09 02:47:20 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{491D0AB6-5386-43A3-8EA7-52DF9C6F6A6B}
2012-07-08 14:47:05 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{F0D0DA91-B5D8-4286-8574-2AA991DF18CC}
2012-07-08 14:46:50 -------- d-----w- C:\Users\Mandy Dawson\AppData\Local\{173F6649-9BB9-456B-8142-F91B6A190073}
.
==================== Find3M ====================
.
2012-08-03 15:52:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 15:52:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-02 14:59:15 328704 ----a-w- C:\Windows\System32\services.exe
2012-07-13 04:03:11 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-13 04:03:10 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-07-13 04:03:10 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-06-26 13:56:15 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-18 13:59:04 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-18 13:59:02 80768 ----a-w- C:\Windows\System32\LMIinit.dll.000.bak
.
============= FINISH: 7:52:52.93 ===============

Edited by suddenmuse, 07 August 2012 - 08:59 AM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 AM

Posted 07 August 2012 - 09:33 AM

Greetings suddenmuse and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience. I did see your notation you are returning on the 7th so our timing was perfect! That is a good start and hopefully we will finish in the same fashion. :)

Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 AM

Posted 07 August 2012 - 12:48 PM

Greetings suddenmuse,

Thank you for your patience.

I am providing the firsts steps I would like us to take in order to address the infection which still resides on your computer. Before that, though, you need to read and consider the following caution:


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Farbar's Recovery Scan Tool - Run Fix and Search for File

--------------------

  • From a clean computer press the windows key Posted Image + r on your keyboard at the same time. Type in notepad and press Enter
  • Copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt

    C:\Windows\Installer\{76723c1c-d726-601d-56be-142941fe48d9}
    C:\Users\Mandy Dawson\AppData\Local\{76723c1c-d726-601d-56be-142941fe48d9}
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64.exe) and press Enter

    Note: Replace letter e with the drive letter of your flash drive

  • Press the Fix button just once and wait, the program will automatically launch fixlist.txt
  • The tool will create a log on the flashdrive (Fixlog.txt) please copy and paste the information in your reply
  • While you are still booted into System Recovery Options run FRST
  • Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe
  • Click Search button and copy and paste the log information in your reply
  • Boot your computer into Normal Mode

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Fixlog.txt
  • Search results
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 suddenmuse

suddenmuse
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 08 August 2012 - 09:09 AM

Good Morning,

Thank-you for your response. I think I am going to go ahead and reformat my PC. I don't feel like its worth the risk, due to the nature of my use of this PC.

suddenmuse.

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 AM

Posted 08 August 2012 - 09:16 AM

Greetings suddenmuse,

OK, thank you for letting me know. I will close this topic.

Edited by Oh My, 08 August 2012 - 12:29 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 AM

Posted 08 August 2012 - 12:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users