Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootKit - Microsoft Security Essentials!


  • This topic is locked This topic is locked
20 replies to this topic

#1 ndonaldson2912

ndonaldson2912

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 18 June 2013 - 01:47 PM

Hi guys,

 

I recently have encountered a suspected Rootkit infection on my pc. It has targeted my MSE program and is showing all the symptoms of a Rootkit Virus,

 

I have carried out scans using Farbar and have attached the frst.txt file. I would be more than grateful if someone can help me compile the needed fixlist.txt file to help me remove MSE and reinstall a fresh copy...

 

ndonaldson2912
:thumbup2:

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by SYSTEM on 18-06-2013 19:36:33
Running from J:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-09] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-24] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-11] (Oracle Corporation)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1646216 2013-03-31] (Ask)
HKU\Greentown2\...\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1825360 2011-01-28] (Sanford, L.P.)
HKU\Greentown2\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1272912 2013-05-09] (Adobe Systems Incorporated)
Startup: C:\Users\Greentown2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
 
==================== Services (Whitelisted) =================
 
S2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
S2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2012-07-05] (Microsoft)
S2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2012-05-17] (Sage (UK) Limited)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()
 
==================== Drivers (Whitelisted) ====================
 
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2012-12-06] (Research In Motion Limited)
S1 yvhfrloe; \??\C:\Windows\system32\drivers\yvhfrloe.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-17 00:01 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 00:01 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 00:01 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 00:01 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 00:01 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 00:01 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 00:01 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 00:01 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 00:01 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 00:01 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 00:01 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 00:01 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 02:12 - 2013-06-14 02:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-06-14 01:30 - 2013-06-14 01:30 - 00000000 ____D C:\FRST
2013-06-14 01:01 - 2013-06-14 01:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-14 01:01 - 2010-12-14 07:57 - 07622112 ____A (Malwarebytes Corporation                                    ) C:\Users\Greentown2\Desktop\mbam-setup-1.50.0.0.exe
2013-06-14 01:01 - 2010-11-29 08:42 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2013-06-14 01:01 - 2010-11-29 08:42 - 00024152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-14 00:59 - 2013-06-14 00:59 - 00000361 ____A C:\rkill.log
2013-06-14 00:56 - 2013-06-14 01:50 - 00000000 ____D C:\Windows\pss
2013-06-13 01:15 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 01:15 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:15 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 01:15 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 01:15 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 01:15 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 23:52 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 23:52 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 23:52 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 23:52 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 23:52 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 23:52 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 23:52 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 23:52 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 23:52 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 23:52 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 23:52 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 23:52 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 23:52 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 23:52 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 23:52 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 23:52 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 23:52 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 23:52 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 23:52 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 05:30 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\Application Data\1O1L1I1PtF1F1C1N
2013-06-12 05:30 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-06-11 05:08 - 2006-11-29 04:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-07 02:37 - 2013-06-07 02:37 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\Users\Greentown2\Application Data\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes
2013-06-07 01:43 - 2013-06-07 01:41 - 13475464 ____A (Microsoft Corporation) C:\Users\Greentown2\Desktop\mseinstall.exe
2013-06-07 01:30 - 2013-06-07 01:23 - 00218835 ____A C:\Users\Greentown2\Desktop\Windows Defender.zip
2013-06-05 00:27 - 2013-06-05 00:27 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-05 00:27 - 2013-06-05 00:27 - 00000000 ____D C:\Firefox
2013-06-05 00:16 - 2013-06-05 00:16 - 00000000 ____D C:\ProgramData\Ask
2013-06-05 00:16 - 2013-06-05 00:16 - 00000000 ____D C:\ProgramData\Application Data\Ask
2013-06-05 00:14 - 2013-06-05 00:14 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-05 00:14 - 2013-06-05 00:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-05 00:13 - 2013-06-05 00:13 - 00000000 ____D C:\ProgramData\McAfee
2013-06-05 00:13 - 2013-06-05 00:13 - 00000000 ____D C:\ProgramData\Application Data\McAfee
2013-05-30 06:38 - 2013-06-04 00:58 - 00000000 ____D C:\Program Files\My Dell
2013-05-30 06:38 - 2013-05-30 06:38 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-30 06:36 - 2013-05-30 06:37 - 00000000 ____D C:\Users\Greentown2\Application Data\PCDr
2013-05-30 06:36 - 2013-05-30 06:37 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\PCDr
2013-05-30 06:36 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\Application Data\Dell
2013-05-30 06:36 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dell
2013-05-30 06:35 - 2013-05-31 04:46 - 00000000 ____D C:\ProgramData\PCDr
2013-05-30 06:35 - 2013-05-31 04:46 - 00000000 ____D C:\ProgramData\Application Data\PCDr
2013-05-29 06:58 - 2013-05-29 06:58 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-29 06:58 - 2013-05-29 06:58 - 00002021 ____A C:\ProgramData\Desktop\Adobe Reader XI.lnk
2013-05-29 06:56 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\Local Settings\Downloaded Installations
2013-05-29 06:56 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\Local Settings\Application Data\Downloaded Installations
2013-05-29 06:56 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Downloaded Installations
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\Application Data\BabSolution
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\BabSolution
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\Users\Greentown2\Application Data\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\ProgramData\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\ProgramData\Application Data\Babylon
2013-05-22 02:40 - 2013-05-22 02:40 - 00000000 ____D C:\DanskeBank
2013-05-19 12:00 - 2013-05-19 12:00 - 00000000 ____D C:\Windows\CheckSur
 
==================== One Month Modified Files and Folders =======
 
2013-06-18 10:30 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 10:30 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 10:29 - 2012-08-10 15:15 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-18 10:29 - 2012-08-10 14:58 - 01317331 ____A C:\Windows\WindowsUpdate.log
2013-06-18 10:28 - 2009-07-13 21:13 - 00798582 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 10:27 - 2009-07-13 20:51 - 00051081 ____A C:\Windows\setupact.log
2013-06-18 10:26 - 2012-12-04 10:53 - 00000000 ____D C:\Users\Greentown2\Application Data\Dropbox
2013-06-18 10:26 - 2012-12-04 10:53 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dropbox
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:31 - 00000000 ____D C:\ProgramData\Sonic
2013-06-18 10:26 - 2012-08-10 15:31 - 00000000 ____D C:\ProgramData\Application Data\Sonic
2013-06-18 10:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 01:11 - 2012-08-10 15:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 00:07 - 2012-12-04 10:59 - 00000000 ___RD C:\Users\Greentown2\Dropbox
2013-06-16 11:46 - 2013-02-13 06:18 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-06-14 02:12 - 2013-06-14 02:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-06-14 01:50 - 2013-06-14 00:56 - 00000000 ____D C:\Windows\pss
2013-06-14 01:30 - 2013-06-14 01:30 - 00000000 ____D C:\FRST
2013-06-14 01:18 - 2012-09-04 04:20 - 00002198 ____A C:\Windows\epplauncher.mif
2013-06-14 01:01 - 2013-06-14 01:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-14 00:59 - 2013-06-14 00:59 - 00000361 ____A C:\rkill.log
2013-06-13 02:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 00:57 - 2010-11-20 19:47 - 00366528 ____A C:\Windows\PFRO.log
2013-06-13 00:56 - 2012-09-01 04:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 00:56 - 2012-09-01 04:47 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-06-13 00:55 - 2012-11-10 06:02 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 23:48 - 2012-09-01 04:41 - 00000000 ____D C:\users\Greentown2
2013-06-12 05:31 - 2012-09-01 04:43 - 00000000 ____D C:\Users\Greentown2\Local Settings\Application Data\Adobe
2013-06-12 05:31 - 2012-09-01 04:43 - 00000000 ____D C:\Users\Greentown2\Local Settings\Adobe
2013-06-12 05:31 - 2012-09-01 04:43 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Adobe
2013-06-12 05:31 - 2012-08-10 15:01 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 05:31 - 2012-08-10 15:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 05:30 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\Application Data\1O1L1I1PtF1F1C1N
2013-06-12 05:30 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-06-12 05:30 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\Local Settings\Downloaded Installations
2013-06-12 05:30 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\Local Settings\Application Data\Downloaded Installations
2013-06-12 05:30 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Downloaded Installations
2013-06-12 00:51 - 2012-10-12 00:36 - 00000000 ____D C:\Users\Public\Documents\Kyocera
2013-06-12 00:51 - 2012-10-12 00:36 - 00000000 ____D C:\ProgramData\Documents\Kyocera
2013-06-11 06:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2013-06-11 05:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-11 05:08 - 2012-08-10 15:21 - 00199667 ____A C:\Windows\DirectX.log
2013-06-08 06:08 - 2013-06-17 00:01 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-17 00:01 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-17 00:01 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-17 00:01 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-17 00:01 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-17 00:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-17 00:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-17 00:01 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-17 00:01 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-17 00:01 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-17 00:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-17 00:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 03:01 - 2011-02-10 06:33 - 00803268 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-07 02:38 - 2013-02-13 06:16 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-07 02:37 - 2013-06-07 02:37 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-07 02:02 - 2012-12-04 10:59 - 00000996 ____A C:\Users\Greentown2\Desktop\Dropbox.lnk
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\Users\Greentown2\Application Data\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes
2013-06-07 01:41 - 2013-06-07 01:43 - 13475464 ____A (Microsoft Corporation) C:\Users\Greentown2\Desktop\mseinstall.exe
2013-06-07 01:23 - 2013-06-07 01:30 - 00218835 ____A C:\Users\Greentown2\Desktop\Windows Defender.zip
2013-06-05 00:27 - 2013-06-05 00:27 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-05 00:27 - 2013-06-05 00:27 - 00000000 ____D C:\Firefox
2013-06-05 00:16 - 2013-06-05 00:16 - 00000000 ____D C:\ProgramData\Ask
2013-06-05 00:16 - 2013-06-05 00:16 - 00000000 ____D C:\ProgramData\Application Data\Ask
2013-06-05 00:14 - 2013-06-05 00:14 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-05 00:14 - 2013-06-05 00:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-05 00:14 - 2012-09-17 04:26 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-05 00:14 - 2012-09-17 04:26 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-05 00:13 - 2013-06-05 00:13 - 00000000 ____D C:\ProgramData\McAfee
2013-06-05 00:13 - 2013-06-05 00:13 - 00000000 ____D C:\ProgramData\Application Data\McAfee
2013-06-04 00:58 - 2013-05-30 06:38 - 00000000 ____D C:\Program Files\My Dell
2013-05-31 05:13 - 2012-08-10 15:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-31 04:46 - 2013-05-30 06:35 - 00000000 ____D C:\ProgramData\PCDr
2013-05-31 04:46 - 2013-05-30 06:35 - 00000000 ____D C:\ProgramData\Application Data\PCDr
2013-05-30 06:38 - 2013-05-30 06:38 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-30 06:38 - 2012-08-10 15:19 - 00000000 ____D C:\ProgramData\Dell
2013-05-30 06:38 - 2012-08-10 15:19 - 00000000 ____D C:\ProgramData\Application Data\Dell
2013-05-30 06:37 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\Application Data\PCDr
2013-05-30 06:37 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\PCDr
2013-05-30 06:36 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\Application Data\Dell
2013-05-30 06:36 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dell
2013-05-30 00:31 - 2012-09-01 04:43 - 00000000 ____D C:\Users\Greentown2\Application Data\Adobe
2013-05-30 00:31 - 2012-09-01 04:43 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Adobe
2013-05-29 06:58 - 2013-05-29 06:58 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-29 06:58 - 2013-05-29 06:58 - 00002021 ____A C:\ProgramData\Desktop\Adobe Reader XI.lnk
2013-05-29 06:58 - 2012-08-10 15:26 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-05-29 06:58 - 2012-08-10 15:26 - 00000000 ____D C:\ProgramData\Adobe
2013-05-29 06:58 - 2012-08-10 15:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\Application Data\BabSolution
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\BabSolution
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\Users\Greentown2\Application Data\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\ProgramData\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\ProgramData\Application Data\Babylon
2013-05-29 06:54 - 2013-02-13 06:18 - 00000000 ____D C:\Users\Greentown2\Local Settings\FileTypeAssistant
2013-05-29 06:54 - 2013-02-13 06:18 - 00000000 ____D C:\Users\Greentown2\Local Settings\Application Data\FileTypeAssistant
2013-05-29 06:54 - 2013-02-13 06:18 - 00000000 ____D C:\Users\Greentown2\AppData\Local\FileTypeAssistant
2013-05-27 07:42 - 2013-01-22 06:21 - 00000000 ____D C:\ProgramData\Sage
2013-05-27 07:42 - 2013-01-22 06:21 - 00000000 ____D C:\ProgramData\Application Data\Sage
2013-05-23 08:40 - 2013-03-28 06:13 - 00000000 ____D C:\Program Files (x86)\Sage Payroll
2013-05-22 02:40 - 2013-05-22 02:40 - 00000000 ____D C:\DanskeBank
2013-05-19 12:00 - 2013-05-19 12:00 - 00000000 ____D C:\Windows\CheckSur
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\@
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\L
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\U
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\@
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\L
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\U
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3791119913-2660768500-3692405042-1000\$03c60106ef21152c02de9c08e841bdc9
C:\$Recycle.Bin\S-1-5-21-3791119913-2660768500-3692405042-1000\$03c60106ef21152c02de9c08e841bdc9\@
C:\$Recycle.Bin\S-1-5-21-3791119913-2660768500-3692405042-1000\$03c60106ef21152c02de9c08e841bdc9\L
C:\$Recycle.Bin\S-1-5-21-3791119913-2660768500-3692405042-1000\$03c60106ef21152c02de9c08e841bdc9\U
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\@
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\L
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\U
 
Files to move or delete:
====================
C:\Users\Greentown2\alg.exe
C:\Users\Greentown2\java.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-05-19 12:00:09
Restore point made on: 2013-05-20 06:34:25
Restore point made on: 2013-05-23 08:40:13
Restore point made on: 2013-05-23 08:40:32
Restore point made on: 2013-05-31 05:52:36
Restore point made on: 2013-06-05 00:14:04
Restore point made on: 2013-06-07 02:37:13
Restore point made on: 2013-06-11 05:08:42
Restore point made on: 2013-06-11 05:08:59
Restore point made on: 2013-06-13 00:54:04
Restore point made on: 2013-06-13 01:14:54
Restore point made on: 2013-06-14 02:19:57
Restore point made on: 2013-06-17 00:01:07
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4008.63 MB
Available physical RAM: 3405.41 MB
Total Pagefile: 4006.83 MB
Available Pagefile: 3398.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.08 GB) (Free:400.95 GB) NTFS (Disk=0 Partition=3)
Drive h: (RECOVERY) (Fixed) (Total:13.64 GB) (Free:6.09 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive j: (My Passport) (Fixed) (Total:232.83 GB) (Free:34.22 GB) FAT32 (Disk=5 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 9CE50851)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 233 GB) (Disk ID: 02D23F90)
Partition 1: (Not Active) - (Size=233 GB) - (Type=0C)
 
 
LastRegBack: 2013-06-13 02:47
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:48 PM

Posted 18 June 2013 - 02:11 PM

Hi,

 

Welcome to the forum.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#3 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 18 June 2013 - 02:15 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by SYSTEM on 18-06-2013 19:36:33
Running from J:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-09] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-24] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-11] (Oracle Corporation)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1646216 2013-03-31] (Ask)
HKU\Greentown2\...\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1825360 2011-01-28] (Sanford, L.P.)
HKU\Greentown2\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1272912 2013-05-09] (Adobe Systems Incorporated)
Startup: C:\Users\Greentown2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
 
==================== Services (Whitelisted) =================
 
S2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
S2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2012-07-05] (Microsoft)
S2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2012-05-17] (Sage (UK) Limited)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()
 
==================== Drivers (Whitelisted) ====================
 
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2012-12-06] (Research In Motion Limited)
S1 yvhfrloe; \??\C:\Windows\system32\drivers\yvhfrloe.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-17 00:01 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 00:01 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 00:01 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 00:01 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 00:01 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 00:01 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 00:01 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 00:01 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 00:01 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 00:01 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 00:01 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 00:01 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 02:12 - 2013-06-14 02:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-06-14 01:30 - 2013-06-14 01:30 - 00000000 ____D C:\FRST
2013-06-14 01:01 - 2013-06-14 01:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-14 01:01 - 2010-12-14 07:57 - 07622112 ____A (Malwarebytes Corporation                                    ) C:\Users\Greentown2\Desktop\mbam-setup-1.50.0.0.exe
2013-06-14 01:01 - 2010-11-29 08:42 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2013-06-14 01:01 - 2010-11-29 08:42 - 00024152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-14 00:59 - 2013-06-14 00:59 - 00000361 ____A C:\rkill.log
2013-06-14 00:56 - 2013-06-14 01:50 - 00000000 ____D C:\Windows\pss
2013-06-13 01:15 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 01:15 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 01:15 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:15 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 01:15 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 01:15 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 01:15 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 01:15 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 23:52 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 23:52 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 23:52 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 23:52 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 23:52 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 23:52 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 23:52 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 23:52 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 23:52 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 23:52 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 23:52 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 23:52 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 23:52 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 23:52 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 23:52 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 23:52 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 23:52 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 23:52 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 23:52 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 05:30 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\Application Data\1O1L1I1PtF1F1C1N
2013-06-12 05:30 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-06-11 05:08 - 2006-11-29 04:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-07 02:37 - 2013-06-07 02:37 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\Users\Greentown2\Application Data\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes
2013-06-07 01:43 - 2013-06-07 01:41 - 13475464 ____A (Microsoft Corporation) C:\Users\Greentown2\Desktop\mseinstall.exe
2013-06-07 01:30 - 2013-06-07 01:23 - 00218835 ____A C:\Users\Greentown2\Desktop\Windows Defender.zip
2013-06-05 00:27 - 2013-06-05 00:27 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-05 00:27 - 2013-06-05 00:27 - 00000000 ____D C:\Firefox
2013-06-05 00:16 - 2013-06-05 00:16 - 00000000 ____D C:\ProgramData\Ask
2013-06-05 00:16 - 2013-06-05 00:16 - 00000000 ____D C:\ProgramData\Application Data\Ask
2013-06-05 00:14 - 2013-06-05 00:14 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-05 00:14 - 2013-06-05 00:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-05 00:13 - 2013-06-05 00:13 - 00000000 ____D C:\ProgramData\McAfee
2013-06-05 00:13 - 2013-06-05 00:13 - 00000000 ____D C:\ProgramData\Application Data\McAfee
2013-05-30 06:38 - 2013-06-04 00:58 - 00000000 ____D C:\Program Files\My Dell
2013-05-30 06:38 - 2013-05-30 06:38 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-30 06:36 - 2013-05-30 06:37 - 00000000 ____D C:\Users\Greentown2\Application Data\PCDr
2013-05-30 06:36 - 2013-05-30 06:37 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\PCDr
2013-05-30 06:36 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\Application Data\Dell
2013-05-30 06:36 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dell
2013-05-30 06:35 - 2013-05-31 04:46 - 00000000 ____D C:\ProgramData\PCDr
2013-05-30 06:35 - 2013-05-31 04:46 - 00000000 ____D C:\ProgramData\Application Data\PCDr
2013-05-29 06:58 - 2013-05-29 06:58 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-29 06:58 - 2013-05-29 06:58 - 00002021 ____A C:\ProgramData\Desktop\Adobe Reader XI.lnk
2013-05-29 06:56 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\Local Settings\Downloaded Installations
2013-05-29 06:56 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\Local Settings\Application Data\Downloaded Installations
2013-05-29 06:56 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Downloaded Installations
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\Application Data\BabSolution
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\BabSolution
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\Users\Greentown2\Application Data\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\ProgramData\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\ProgramData\Application Data\Babylon
2013-05-22 02:40 - 2013-05-22 02:40 - 00000000 ____D C:\DanskeBank
2013-05-19 12:00 - 2013-05-19 12:00 - 00000000 ____D C:\Windows\CheckSur
 
==================== One Month Modified Files and Folders =======
 
2013-06-18 10:30 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 10:30 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 10:29 - 2012-08-10 15:15 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-18 10:29 - 2012-08-10 14:58 - 01317331 ____A C:\Windows\WindowsUpdate.log
2013-06-18 10:28 - 2009-07-13 21:13 - 00798582 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 10:27 - 2009-07-13 20:51 - 00051081 ____A C:\Windows\setupact.log
2013-06-18 10:26 - 2012-12-04 10:53 - 00000000 ____D C:\Users\Greentown2\Application Data\Dropbox
2013-06-18 10:26 - 2012-12-04 10:53 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dropbox
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:41 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-06-18 10:26 - 2012-08-10 15:31 - 00000000 ____D C:\ProgramData\Sonic
2013-06-18 10:26 - 2012-08-10 15:31 - 00000000 ____D C:\ProgramData\Application Data\Sonic
2013-06-18 10:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 01:11 - 2012-08-10 15:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 00:07 - 2012-12-04 10:59 - 00000000 ___RD C:\Users\Greentown2\Dropbox
2013-06-16 11:46 - 2013-02-13 06:18 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-06-14 02:12 - 2013-06-14 02:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-06-14 01:50 - 2013-06-14 00:56 - 00000000 ____D C:\Windows\pss
2013-06-14 01:30 - 2013-06-14 01:30 - 00000000 ____D C:\FRST
2013-06-14 01:18 - 2012-09-04 04:20 - 00002198 ____A C:\Windows\epplauncher.mif
2013-06-14 01:01 - 2013-06-14 01:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-14 00:59 - 2013-06-14 00:59 - 00000361 ____A C:\rkill.log
2013-06-13 02:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 00:57 - 2010-11-20 19:47 - 00366528 ____A C:\Windows\PFRO.log
2013-06-13 00:56 - 2012-09-01 04:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 00:56 - 2012-09-01 04:47 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-06-13 00:55 - 2012-11-10 06:02 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 23:48 - 2012-09-01 04:41 - 00000000 ____D C:\users\Greentown2
2013-06-12 05:31 - 2012-09-01 04:43 - 00000000 ____D C:\Users\Greentown2\Local Settings\Application Data\Adobe
2013-06-12 05:31 - 2012-09-01 04:43 - 00000000 ____D C:\Users\Greentown2\Local Settings\Adobe
2013-06-12 05:31 - 2012-09-01 04:43 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Adobe
2013-06-12 05:31 - 2012-08-10 15:01 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 05:31 - 2012-08-10 15:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 05:30 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\Application Data\1O1L1I1PtF1F1C1N
2013-06-12 05:30 - 2013-06-12 05:30 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-06-12 05:30 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\Local Settings\Downloaded Installations
2013-06-12 05:30 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\Local Settings\Application Data\Downloaded Installations
2013-06-12 05:30 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Downloaded Installations
2013-06-12 00:51 - 2012-10-12 00:36 - 00000000 ____D C:\Users\Public\Documents\Kyocera
2013-06-12 00:51 - 2012-10-12 00:36 - 00000000 ____D C:\ProgramData\Documents\Kyocera
2013-06-11 06:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2013-06-11 05:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-11 05:08 - 2012-08-10 15:21 - 00199667 ____A C:\Windows\DirectX.log
2013-06-08 06:08 - 2013-06-17 00:01 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-17 00:01 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-17 00:01 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-17 00:01 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-17 00:01 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-17 00:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-17 00:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-17 00:01 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-17 00:01 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-17 00:01 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-17 00:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-17 00:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 03:01 - 2011-02-10 06:33 - 00803268 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-07 02:38 - 2013-02-13 06:16 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-07 02:37 - 2013-06-07 02:37 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-07 02:02 - 2012-12-04 10:59 - 00000996 ____A C:\Users\Greentown2\Desktop\Dropbox.lnk
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\Users\Greentown2\Application Data\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-07 01:51 - 2013-06-07 01:51 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes
2013-06-07 01:41 - 2013-06-07 01:43 - 13475464 ____A (Microsoft Corporation) C:\Users\Greentown2\Desktop\mseinstall.exe
2013-06-07 01:23 - 2013-06-07 01:30 - 00218835 ____A C:\Users\Greentown2\Desktop\Windows Defender.zip
2013-06-05 00:27 - 2013-06-05 00:27 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-05 00:27 - 2013-06-05 00:27 - 00000000 ____D C:\Firefox
2013-06-05 00:16 - 2013-06-05 00:16 - 00000000 ____D C:\ProgramData\Ask
2013-06-05 00:16 - 2013-06-05 00:16 - 00000000 ____D C:\ProgramData\Application Data\Ask
2013-06-05 00:14 - 2013-06-05 00:14 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-05 00:14 - 2013-06-05 00:14 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-05 00:14 - 2013-06-05 00:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-05 00:14 - 2012-09-17 04:26 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-05 00:14 - 2012-09-17 04:26 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-05 00:13 - 2013-06-05 00:13 - 00000000 ____D C:\ProgramData\McAfee
2013-06-05 00:13 - 2013-06-05 00:13 - 00000000 ____D C:\ProgramData\Application Data\McAfee
2013-06-04 00:58 - 2013-05-30 06:38 - 00000000 ____D C:\Program Files\My Dell
2013-05-31 05:13 - 2012-08-10 15:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-31 04:46 - 2013-05-30 06:35 - 00000000 ____D C:\ProgramData\PCDr
2013-05-31 04:46 - 2013-05-30 06:35 - 00000000 ____D C:\ProgramData\Application Data\PCDr
2013-05-30 06:38 - 2013-05-30 06:38 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-30 06:38 - 2012-08-10 15:19 - 00000000 ____D C:\ProgramData\Dell
2013-05-30 06:38 - 2012-08-10 15:19 - 00000000 ____D C:\ProgramData\Application Data\Dell
2013-05-30 06:37 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\Application Data\PCDr
2013-05-30 06:37 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\PCDr
2013-05-30 06:36 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\Application Data\Dell
2013-05-30 06:36 - 2013-05-30 06:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dell
2013-05-30 00:31 - 2012-09-01 04:43 - 00000000 ____D C:\Users\Greentown2\Application Data\Adobe
2013-05-30 00:31 - 2012-09-01 04:43 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Adobe
2013-05-29 06:58 - 2013-05-29 06:58 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-29 06:58 - 2013-05-29 06:58 - 00002021 ____A C:\ProgramData\Desktop\Adobe Reader XI.lnk
2013-05-29 06:58 - 2012-08-10 15:26 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-05-29 06:58 - 2012-08-10 15:26 - 00000000 ____D C:\ProgramData\Adobe
2013-05-29 06:58 - 2012-08-10 15:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\Application Data\BabSolution
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\BabSolution
2013-05-29 06:56 - 2013-05-29 06:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\Users\Greentown2\Application Data\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\ProgramData\Babylon
2013-05-29 06:55 - 2013-05-29 06:55 - 00000000 ____D C:\ProgramData\Application Data\Babylon
2013-05-29 06:54 - 2013-02-13 06:18 - 00000000 ____D C:\Users\Greentown2\Local Settings\FileTypeAssistant
2013-05-29 06:54 - 2013-02-13 06:18 - 00000000 ____D C:\Users\Greentown2\Local Settings\Application Data\FileTypeAssistant
2013-05-29 06:54 - 2013-02-13 06:18 - 00000000 ____D C:\Users\Greentown2\AppData\Local\FileTypeAssistant
2013-05-27 07:42 - 2013-01-22 06:21 - 00000000 ____D C:\ProgramData\Sage
2013-05-27 07:42 - 2013-01-22 06:21 - 00000000 ____D C:\ProgramData\Application Data\Sage
2013-05-23 08:40 - 2013-03-28 06:13 - 00000000 ____D C:\Program Files (x86)\Sage Payroll
2013-05-22 02:40 - 2013-05-22 02:40 - 00000000 ____D C:\DanskeBank
2013-05-19 12:00 - 2013-05-19 12:00 - 00000000 ____D C:\Windows\CheckSur
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\@
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\L
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\U
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\@
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\L
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\U
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3791119913-2660768500-3692405042-1000\$03c60106ef21152c02de9c08e841bdc9
C:\$Recycle.Bin\S-1-5-21-3791119913-2660768500-3692405042-1000\$03c60106ef21152c02de9c08e841bdc9\@
C:\$Recycle.Bin\S-1-5-21-3791119913-2660768500-3692405042-1000\$03c60106ef21152c02de9c08e841bdc9\L
C:\$Recycle.Bin\S-1-5-21-3791119913-2660768500-3692405042-1000\$03c60106ef21152c02de9c08e841bdc9\U
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\@
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\L
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9\U
 
Files to move or delete:
====================
C:\Users\Greentown2\alg.exe
C:\Users\Greentown2\java.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-05-19 12:00:09
Restore point made on: 2013-05-20 06:34:25
Restore point made on: 2013-05-23 08:40:13
Restore point made on: 2013-05-23 08:40:32
Restore point made on: 2013-05-31 05:52:36
Restore point made on: 2013-06-05 00:14:04
Restore point made on: 2013-06-07 02:37:13
Restore point made on: 2013-06-11 05:08:42
Restore point made on: 2013-06-11 05:08:59
Restore point made on: 2013-06-13 00:54:04
Restore point made on: 2013-06-13 01:14:54
Restore point made on: 2013-06-14 02:19:57
Restore point made on: 2013-06-17 00:01:07
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4008.63 MB
Available physical RAM: 3405.41 MB
Total Pagefile: 4006.83 MB
Available Pagefile: 3398.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.08 GB) (Free:400.95 GB) NTFS (Disk=0 Partition=3)
Drive h: (RECOVERY) (Fixed) (Total:13.64 GB) (Free:6.09 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive j: (My Passport) (Fixed) (Total:232.83 GB) (Free:34.22 GB) FAT32 (Disk=5 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 9CE50851)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 233 GB) (Disk ID: 02D23F90)
Partition 1: (Not Active) - (Size=233 GB) - (Type=0C)
 
 
LastRegBack: 2013-06-13 02:47
 
==================== End Of Log ============================


#4 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 18 June 2013 - 02:56 PM

I am familiar with the farbar tool, however, I would not be confident enough to try and compile the fixlist myself. I can see it has some ZeroAccess entries and that I need to delete Windows Defender and MS Security Client. Any help with this problem would be very much appreciated.

 

Many thanks

 

ndonaldson2912



#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:48 PM

Posted 18 June 2013 - 03:39 PM

Please avoid doing anything on your own. Nobody will post to this topic other than me.

 

I can't see why you have posted a log 4 times before and again for the fifth time  after my my post.:)

 

To do this as smooth as possible please delete your copy of FRST. Then follow my previous post to the letter to run it in normal mode and provide the logs requested.



#6 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 18 June 2013 - 03:56 PM

Hi Farbar,

 

Kept getting error message from server saying frst.txt file could not be uploaded, but as we can see it was uploaded :-), sorry about that....

 

Am currently running FRST in normal mode, will post results ASAP

 

regards,



#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:48 PM

Posted 18 June 2013 - 03:59 PM

Good. I'll wait. :thumbup2:



#8 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 18 June 2013 - 04:03 PM

Here we go....

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Greentown2 (administrator) on 18-06-2013 22:00:19
Running from C:\Users\Greentown2\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Greentown2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftVss64.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess
HKCU\...\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1825360 2011-01-28] (Sanford, L.P.)
HKCU\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1272912 2013-05-10] (Adobe Systems Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1646216 2013-03-31] (Ask)
Startup: C:\Users\Greentown2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Greentown2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKCU SearchScopes: DefaultScope {14DC432D-AC58-469F-8773-5DD0A8D85A19} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=F47C7845C400F4F7
SearchScopes: HKCU - {14DC432D-AC58-469F-8773-5DD0A8D85A19} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
DPF: HKLM-x32 {108D3206-846A-4A93-BACB-F0572D043ED7} http://192.168.1.199:89/webrec.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
==================== Services (Whitelisted) =================
 
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2012-07-05] (Microsoft)
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2012-05-17] (Sage (UK) Limited)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] ()
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2012-12-06] (Research In Motion Limited)
S1 yvhfrloe; \??\C:\Windows\system32\drivers\yvhfrloe.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-18 22:00 - 2013-06-14 10:29 - 01920398 ____A (Farbar) C:\Users\Greentown2\Desktop\FRST64.exe
2013-06-17 09:01 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 09:01 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 09:01 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 09:01 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 09:01 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 09:01 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 09:01 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 09:01 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 09:01 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 09:01 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 09:01 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 09:01 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 11:12 - 2013-06-14 11:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-06-14 10:30 - 2013-06-14 10:30 - 00000000 ____D C:\FRST
2013-06-14 10:01 - 2013-06-14 10:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-14 10:01 - 2010-12-14 16:57 - 07622112 ____A (Malwarebytes Corporation                                    ) C:\Users\Greentown2\Desktop\mbam-setup-1.50.0.0.exe
2013-06-14 10:01 - 2010-11-29 17:42 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2013-06-14 10:01 - 2010-11-29 17:42 - 00024152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-14 09:59 - 2013-06-14 09:59 - 00000361 ____A C:\rkill.log
2013-06-14 09:56 - 2013-06-14 10:50 - 00000000 ____D C:\Windows\pss
2013-06-13 10:15 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 10:15 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 10:15 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 10:15 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 10:15 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 10:15 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 08:52 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 08:52 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 08:52 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 08:52 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 08:52 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 08:52 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 08:52 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 08:52 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 08:52 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 08:52 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 08:52 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 08:52 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 08:52 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 08:52 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 08:52 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 08:52 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 08:52 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-13 08:52 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-13 08:52 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 14:30 - 2013-06-12 14:30 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-06-11 14:08 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-07 11:37 - 2013-06-07 11:37 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-07 10:51 - 2013-06-07 10:51 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Malwarebytes
2013-06-07 10:51 - 2013-06-07 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-07 10:43 - 2013-06-07 10:41 - 13475464 ____A (Microsoft Corporation) C:\Users\Greentown2\Desktop\mseinstall.exe
2013-06-07 10:30 - 2013-06-07 10:23 - 00218835 ____A C:\Users\Greentown2\Desktop\Windows Defender.zip
2013-06-05 09:27 - 2013-06-05 09:27 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-05 09:27 - 2013-06-05 09:27 - 00000000 ____D C:\Firefox
2013-06-05 09:16 - 2013-06-05 09:16 - 00000000 ____D C:\ProgramData\Ask
2013-06-05 09:14 - 2013-06-05 09:14 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-05 09:14 - 2013-06-05 09:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-05 09:13 - 2013-06-05 09:13 - 00000000 ____D C:\ProgramData\McAfee
2013-05-30 15:38 - 2013-06-04 09:58 - 00000000 ____D C:\Program Files\My Dell
2013-05-30 15:38 - 2013-05-30 15:38 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-30 15:36 - 2013-05-30 15:37 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\PCDr
2013-05-30 15:36 - 2013-05-30 15:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dell
2013-05-30 15:35 - 2013-05-31 13:46 - 00000000 ____D C:\ProgramData\PCDr
2013-05-29 15:58 - 2013-05-29 15:58 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-29 15:56 - 2013-06-12 14:30 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Downloaded Installations
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\BabSolution
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-29 15:55 - 2013-05-29 15:55 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Babylon
2013-05-29 15:55 - 2013-05-29 15:55 - 00000000 ____D C:\ProgramData\Babylon
2013-05-22 11:40 - 2013-05-22 11:40 - 00000000 ____D C:\DanskeBank
2013-05-19 21:00 - 2013-05-19 21:00 - 00000000 ____D C:\Windows\CheckSur
 
==================== One Month Modified Files and Folders =======
 
2013-06-18 22:00 - 2012-08-11 00:15 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-18 21:58 - 2009-07-14 06:13 - 00798582 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 21:55 - 2012-12-04 19:53 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dropbox
2013-06-18 21:55 - 2012-08-11 00:41 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-06-18 21:55 - 2012-08-11 00:41 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-06-18 21:54 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 21:54 - 2009-07-14 05:51 - 00051137 ____A C:\Windows\setupact.log
2013-06-18 19:30 - 2009-07-14 05:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 19:30 - 2009-07-14 05:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 19:29 - 2012-08-10 23:58 - 01327070 ____A C:\Windows\WindowsUpdate.log
2013-06-18 19:26 - 2012-08-11 00:31 - 00000000 ____D C:\ProgramData\Sonic
2013-06-17 10:11 - 2012-08-11 00:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 09:07 - 2012-12-04 19:59 - 00000000 ___RD C:\Users\Greentown2\Dropbox
2013-06-16 20:46 - 2013-02-13 15:18 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-06-14 11:12 - 2013-06-14 11:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-06-14 10:50 - 2013-06-14 09:56 - 00000000 ____D C:\Windows\pss
2013-06-14 10:30 - 2013-06-14 10:30 - 00000000 ____D C:\FRST
2013-06-14 10:29 - 2013-06-18 22:00 - 01920398 ____A (Farbar) C:\Users\Greentown2\Desktop\FRST64.exe
2013-06-14 10:18 - 2012-09-04 13:20 - 00002198 ____A C:\Windows\epplauncher.mif
2013-06-14 10:01 - 2013-06-14 10:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-14 09:59 - 2013-06-14 09:59 - 00000361 ____A C:\rkill.log
2013-06-13 11:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:57 - 2010-11-21 04:47 - 00366528 ____A C:\Windows\PFRO.log
2013-06-13 09:56 - 2012-09-01 13:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 09:55 - 2012-11-10 15:02 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:48 - 2012-09-01 13:41 - 00000000 ____D C:\users\Greentown2
2013-06-12 14:31 - 2012-09-01 13:43 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Adobe
2013-06-12 14:31 - 2012-08-11 00:01 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 14:31 - 2012-08-11 00:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 14:30 - 2013-06-12 14:30 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-06-12 14:30 - 2013-05-29 15:56 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Downloaded Installations
2013-06-12 09:51 - 2012-10-12 09:36 - 00000000 ____D C:\Users\Public\Documents\Kyocera
2013-06-11 15:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Registration
2013-06-11 14:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-11 14:08 - 2012-08-11 00:21 - 00199667 ____A C:\Windows\DirectX.log
2013-06-08 15:08 - 2013-06-17 09:01 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-17 09:01 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-17 09:01 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-17 09:01 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-17 09:01 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-17 09:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-17 09:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-17 09:01 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-17 09:01 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-17 09:01 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-17 09:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-17 09:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 12:01 - 2011-02-10 15:33 - 00803268 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-07 11:38 - 2013-02-13 15:16 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-07 11:37 - 2013-06-07 11:37 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-07 11:02 - 2012-12-04 19:59 - 00000996 ____A C:\Users\Greentown2\Desktop\Dropbox.lnk
2013-06-07 10:51 - 2013-06-07 10:51 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Malwarebytes
2013-06-07 10:51 - 2013-06-07 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-07 10:41 - 2013-06-07 10:43 - 13475464 ____A (Microsoft Corporation) C:\Users\Greentown2\Desktop\mseinstall.exe
2013-06-07 10:23 - 2013-06-07 10:30 - 00218835 ____A C:\Users\Greentown2\Desktop\Windows Defender.zip
2013-06-05 09:27 - 2013-06-05 09:27 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-05 09:27 - 2013-06-05 09:27 - 00000000 ____D C:\Firefox
2013-06-05 09:16 - 2013-06-05 09:16 - 00000000 ____D C:\ProgramData\Ask
2013-06-05 09:14 - 2013-06-05 09:14 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-05 09:14 - 2013-06-05 09:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-05 09:14 - 2012-09-17 13:26 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-05 09:14 - 2012-09-17 13:26 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-05 09:13 - 2013-06-05 09:13 - 00000000 ____D C:\ProgramData\McAfee
2013-06-04 09:58 - 2013-05-30 15:38 - 00000000 ____D C:\Program Files\My Dell
2013-05-31 14:13 - 2012-08-11 00:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-31 13:46 - 2013-05-30 15:35 - 00000000 ____D C:\ProgramData\PCDr
2013-05-30 15:38 - 2013-05-30 15:38 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-30 15:38 - 2012-08-11 00:19 - 00000000 ____D C:\ProgramData\Dell
2013-05-30 15:37 - 2013-05-30 15:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\PCDr
2013-05-30 15:36 - 2013-05-30 15:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dell
2013-05-30 09:31 - 2012-09-01 13:43 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Adobe
2013-05-29 15:58 - 2013-05-29 15:58 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-29 15:58 - 2012-08-11 00:26 - 00000000 ____D C:\ProgramData\Adobe
2013-05-29 15:58 - 2012-08-11 00:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\BabSolution
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-29 15:55 - 2013-05-29 15:55 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Babylon
2013-05-29 15:55 - 2013-05-29 15:55 - 00000000 ____D C:\ProgramData\Babylon
2013-05-29 15:54 - 2013-02-13 15:18 - 00000000 ____D C:\Users\Greentown2\AppData\Local\FileTypeAssistant
2013-05-27 16:42 - 2013-01-22 15:21 - 00000000 ____D C:\ProgramData\Sage
2013-05-23 17:40 - 2013-03-28 15:13 - 00000000 ____D C:\Program Files (x86)\Sage Payroll
2013-05-22 11:40 - 2013-05-22 11:40 - 00000000 ____D C:\DanskeBank
2013-05-19 21:00 - 2013-05-19 21:00 - 00000000 ____D C:\Windows\CheckSur
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3791119913-2660768500-3692405042-1000\$03c60106ef21152c02de9c08e841bdc9
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9
 
Files to move or delete:
====================
C:\Users\Greentown2\alg.exe
C:\Users\Greentown2\java.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
 
LastRegBack: 2013-06-13 11:47
 
==================== End Of Log ============================


And the Addition.txt....

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013
Ran by Greentown2 at 2013-06-18 22:00:58 Run:
Running from C:\Users\Greentown2\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
Accounts (Version: 19.0.11.260)
Adobe Acrobat X Standard - English, Français, Deutsch (Version: 10.1.7)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player ActiveX Free Download Packages
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Ask Toolbar (Version: 1.15.23.0)
Ask Toolbar Updater (Version: 1.2.5.36191)
Bing Bar (Version: 7.1.391.0)
BlackBerry App World Browser Plugin (Version: 4.2.1.12)
Canon MF8300 Series
Conexant HD Audio (Version: 8.50.4.0)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 9.4.67)
Dell DataSafe Local Backup (Version: 9.4.67)
Dell Digital Delivery (Version: 2.5.1400.0)
Dell Edoc Viewer (Version: 1.0.0)
Delta Chrome Toolbar
DirectX 9 Runtime (Version: 1.00.0000)
Dropbox (Version: 2.0.22)
DYMO Label v.8 (Version: 8.3.0.1242)
File Type Assistant (Version: 2013.4.8.0)
Intel® Processor Graphics (Version: 8.15.10.2291)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes' Anti-Malware
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visio Viewer 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Dell (Version: 3.3.6261.27)
Payroll for Windows (Version: 19)
PhotoShowExpress (Version: 2.0.063)
RBVirtualFolder64Inst (Version: 1.00.0000)
Revo Uninstaller 1.94 (Version: 1.94)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Sage 50 Accounts 2013 (Version: 19.0.11.260)
Sage 50 Payroll (Version: 19.00)
Sage 50 Payroll (Version: 19.01)
Sage Payroll for Windows (Version: 6.00)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
TWAIN Driver (Version: 2.0.1114)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UTAX TA Product Library (Version: 2.0.0713)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
 
==================== Restore Points  =========================
 
19-05-2013 20:00:01 Windows Update
20-05-2013 14:34:22 Windows Update
23-05-2013 16:40:09 Configured Sage Payroll for Windows
23-05-2013 16:40:27 Configured Sage Payroll for Windows
31-05-2013 13:52:29 Scheduled Checkpoint
05-06-2013 08:13:55 Installed Java 7 Update 21
07-06-2013 10:37:06 Removed Iminent Toolbar For Internet Explorer
11-06-2013 13:08:36 Installed DirectX
11-06-2013 13:08:49 Installed DirectX
13-06-2013 08:53:57 Windows Update
13-06-2013 09:14:47 Windows Update
14-06-2013 10:19:48 Restore Operation
17-06-2013 08:00:50 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/18/2013 09:56:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/18/2013 07:27:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/17/2013 09:06:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/17/2013 08:58:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2013 01:04:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2013 11:26:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2013 11:24:49 AM) (Source: System Restore) (User: )
Description: The restore point selected was damaged or deleted during the restore (Windows Update).
 
Error: (06/14/2013 10:52:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2013 10:43:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2013 10:42:03 AM) (Source: System Restore) (User: )
Description: The restore point selected was damaged or deleted during the restore (Windows Update).
 
 
System errors:
=============
Error: (06/18/2013 09:56:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/18/2013 09:55:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (06/18/2013 09:54:51 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (06/18/2013 09:54:46 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%5
 
Error: (06/18/2013 07:27:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/18/2013 07:27:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (06/18/2013 07:26:15 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (06/18/2013 07:26:10 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%5
 
Error: (06/17/2013 09:06:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/17/2013 09:05:44 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (02/15/2013 04:38:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 381 seconds with 360 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 30%
Total physical RAM: 4008.63 MB
Available physical RAM: 2796.16 MB
Total Pagefile: 8015.44 MB
Available Pagefile: 6697.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.08 GB) (Free:400.94 GB) NTFS (Disk=0 Partition=3)
Drive i: (My Passport) (Fixed) (Total:232.83 GB) (Free:34.22 GB) FAT32 (Disk=5 Partition=1)
Drive y: (RECOVERY) (Fixed) (Total:13.64 GB) (Free:6.09 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 9CE50851)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 233 GB) (Disk ID: 02D23F90)
Partition 1: (Not Active) - (Size=233 GB) - (Type=0C)
 
==================== End Of Log ============================


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:48 PM

Posted 18 June 2013 - 04:10 PM

I see you have some difficulty reading the posts and following them as you again ran the outdated version of FRST. I'll assist you with that.

 

Please delete your copy of FRST tool from your computer and tell me if you could do it.


Edited by Farbar, 18 June 2013 - 04:11 PM.


#10 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 18 June 2013 - 04:19 PM

Yes, that is done



#11 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 18 June 2013 - 04:26 PM

I have downloaded the newest version off bleepingcomputers website, do you want me to run the scan on recovery mode?



#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:48 PM

Posted 18 June 2013 - 04:26 PM

Good. Now please follow the instruction in my first post.



#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:48 PM

Posted 18 June 2013 - 04:28 PM

I have downloaded the newest version off bleepingcomputers website, do you want me to run the scan on recovery mode?

No, please just follow the instruction in the first post to run it in normal mode.



#14 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 18 June 2013 - 04:29 PM

Ok, am running now, will post results asap



#15 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 18 June 2013 - 04:32 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-06-2013
Ran by Greentown2 (administrator) on 18-06-2013 22:31:00
Running from C:\Users\Greentown2\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Greentown2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftVss64.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess
HKCU\...\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1825360 2011-01-28] (Sanford, L.P.)
HKCU\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1272912 2013-05-10] (Adobe Systems Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1646216 2013-03-31] (Ask)
Startup: C:\Users\Greentown2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Greentown2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKCU SearchScopes: DefaultScope {14DC432D-AC58-469F-8773-5DD0A8D85A19} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=F47C7845C400F4F7
SearchScopes: HKCU - {14DC432D-AC58-469F-8773-5DD0A8D85A19} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
DPF: HKLM-x32 {108D3206-846A-4A93-BACB-F0572D043ED7} http://192.168.1.199:89/webrec.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
==================== Services (Whitelisted) =================
 
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2012-07-05] (Microsoft)
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2012-05-17] (Sage (UK) Limited)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] ()
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2012-12-06] (Research In Motion Limited)
S1 yvhfrloe; \??\C:\Windows\system32\drivers\yvhfrloe.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-18 22:30 - 2013-06-18 22:25 - 01928350 ____A (Farbar) C:\Users\Greentown2\Desktop\FRST64.exe
2013-06-17 09:01 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 09:01 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 09:01 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 09:01 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 09:01 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 09:01 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 09:01 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 09:01 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 09:01 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 09:01 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 09:01 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 09:01 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 11:12 - 2013-06-14 11:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-06-14 10:30 - 2013-06-14 10:30 - 00000000 ____D C:\FRST
2013-06-14 10:01 - 2013-06-14 10:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-14 10:01 - 2010-12-14 16:57 - 07622112 ____A (Malwarebytes Corporation                                    ) C:\Users\Greentown2\Desktop\mbam-setup-1.50.0.0.exe
2013-06-14 10:01 - 2010-11-29 17:42 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2013-06-14 10:01 - 2010-11-29 17:42 - 00024152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-14 09:59 - 2013-06-14 09:59 - 00000361 ____A C:\rkill.log
2013-06-14 09:56 - 2013-06-14 10:50 - 00000000 ____D C:\Windows\pss
2013-06-13 10:15 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 10:15 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 10:15 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 10:15 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 10:15 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 10:15 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 10:15 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 10:15 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 08:52 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 08:52 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 08:52 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 08:52 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 08:52 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 08:52 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 08:52 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 08:52 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 08:52 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 08:52 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 08:52 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 08:52 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 08:52 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 08:52 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 08:52 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 08:52 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 08:52 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-13 08:52 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-13 08:52 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 14:30 - 2013-06-12 14:30 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-06-11 14:08 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-06-07 11:37 - 2013-06-07 11:37 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-07 10:51 - 2013-06-07 10:51 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Malwarebytes
2013-06-07 10:51 - 2013-06-07 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-07 10:43 - 2013-06-07 10:41 - 13475464 ____A (Microsoft Corporation) C:\Users\Greentown2\Desktop\mseinstall.exe
2013-06-07 10:30 - 2013-06-07 10:23 - 00218835 ____A C:\Users\Greentown2\Desktop\Windows Defender.zip
2013-06-05 09:27 - 2013-06-05 09:27 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-05 09:27 - 2013-06-05 09:27 - 00000000 ____D C:\Firefox
2013-06-05 09:16 - 2013-06-05 09:16 - 00000000 ____D C:\ProgramData\Ask
2013-06-05 09:14 - 2013-06-05 09:14 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-05 09:14 - 2013-06-05 09:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-05 09:13 - 2013-06-05 09:13 - 00000000 ____D C:\ProgramData\McAfee
2013-05-30 15:38 - 2013-06-04 09:58 - 00000000 ____D C:\Program Files\My Dell
2013-05-30 15:38 - 2013-05-30 15:38 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-30 15:36 - 2013-05-30 15:37 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\PCDr
2013-05-30 15:36 - 2013-05-30 15:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dell
2013-05-30 15:35 - 2013-05-31 13:46 - 00000000 ____D C:\ProgramData\PCDr
2013-05-29 15:58 - 2013-05-29 15:58 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-29 15:56 - 2013-06-12 14:30 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Downloaded Installations
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\BabSolution
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-29 15:55 - 2013-05-29 15:55 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Babylon
2013-05-29 15:55 - 2013-05-29 15:55 - 00000000 ____D C:\ProgramData\Babylon
2013-05-22 11:40 - 2013-05-22 11:40 - 00000000 ____D C:\DanskeBank
2013-05-19 21:00 - 2013-05-19 21:00 - 00000000 ____D C:\Windows\CheckSur
 
==================== One Month Modified Files and Folders =======
 
2013-06-18 22:30 - 2012-08-11 00:15 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-18 22:25 - 2013-06-18 22:30 - 01928350 ____A (Farbar) C:\Users\Greentown2\Desktop\FRST64.exe
2013-06-18 22:11 - 2012-08-11 00:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 22:02 - 2009-07-14 05:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 22:02 - 2009-07-14 05:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 22:01 - 2009-07-14 06:13 - 00798582 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 21:58 - 2012-08-10 23:58 - 01327070 ____A C:\Windows\WindowsUpdate.log
2013-06-18 21:55 - 2012-12-04 19:53 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dropbox
2013-06-18 21:55 - 2012-08-11 00:41 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-06-18 21:55 - 2012-08-11 00:41 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-06-18 21:54 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 21:54 - 2009-07-14 05:51 - 00051137 ____A C:\Windows\setupact.log
2013-06-18 19:26 - 2012-08-11 00:31 - 00000000 ____D C:\ProgramData\Sonic
2013-06-17 09:07 - 2012-12-04 19:59 - 00000000 ___RD C:\Users\Greentown2\Dropbox
2013-06-16 20:46 - 2013-02-13 15:18 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-06-14 11:12 - 2013-06-14 11:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-06-14 10:50 - 2013-06-14 09:56 - 00000000 ____D C:\Windows\pss
2013-06-14 10:30 - 2013-06-14 10:30 - 00000000 ____D C:\FRST
2013-06-14 10:18 - 2012-09-04 13:20 - 00002198 ____A C:\Windows\epplauncher.mif
2013-06-14 10:01 - 2013-06-14 10:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-14 09:59 - 2013-06-14 09:59 - 00000361 ____A C:\rkill.log
2013-06-13 11:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:57 - 2010-11-21 04:47 - 00366528 ____A C:\Windows\PFRO.log
2013-06-13 09:56 - 2012-09-01 13:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 09:55 - 2012-11-10 15:02 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:48 - 2012-09-01 13:41 - 00000000 ____D C:\users\Greentown2
2013-06-12 14:31 - 2012-09-01 13:43 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Adobe
2013-06-12 14:31 - 2012-08-11 00:01 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 14:31 - 2012-08-11 00:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 14:30 - 2013-06-12 14:30 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-06-12 14:30 - 2013-05-29 15:56 - 00000000 ____D C:\Users\Greentown2\AppData\Local\Downloaded Installations
2013-06-12 09:51 - 2012-10-12 09:36 - 00000000 ____D C:\Users\Public\Documents\Kyocera
2013-06-11 15:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Registration
2013-06-11 14:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-11 14:08 - 2012-08-11 00:21 - 00199667 ____A C:\Windows\DirectX.log
2013-06-08 15:08 - 2013-06-17 09:01 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-17 09:01 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-17 09:01 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-17 09:01 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-17 09:01 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-17 09:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-17 09:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-17 09:01 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-17 09:01 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-17 09:01 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-17 09:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-17 09:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 12:01 - 2011-02-10 15:33 - 00803268 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-07 11:38 - 2013-02-13 15:16 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-07 11:37 - 2013-06-07 11:37 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-07 11:02 - 2012-12-04 19:59 - 00000996 ____A C:\Users\Greentown2\Desktop\Dropbox.lnk
2013-06-07 10:51 - 2013-06-07 10:51 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Malwarebytes
2013-06-07 10:51 - 2013-06-07 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-07 10:41 - 2013-06-07 10:43 - 13475464 ____A (Microsoft Corporation) C:\Users\Greentown2\Desktop\mseinstall.exe
2013-06-07 10:23 - 2013-06-07 10:30 - 00218835 ____A C:\Users\Greentown2\Desktop\Windows Defender.zip
2013-06-05 09:27 - 2013-06-05 09:27 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-06-05 09:27 - 2013-06-05 09:27 - 00000000 ____D C:\Firefox
2013-06-05 09:16 - 2013-06-05 09:16 - 00000000 ____D C:\ProgramData\Ask
2013-06-05 09:14 - 2013-06-05 09:14 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-05 09:14 - 2013-06-05 09:14 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-05 09:14 - 2013-06-05 09:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-05 09:14 - 2012-09-17 13:26 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-05 09:14 - 2012-09-17 13:26 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-05 09:13 - 2013-06-05 09:13 - 00000000 ____D C:\ProgramData\McAfee
2013-06-04 09:58 - 2013-05-30 15:38 - 00000000 ____D C:\Program Files\My Dell
2013-05-31 14:13 - 2012-08-11 00:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-31 13:46 - 2013-05-30 15:35 - 00000000 ____D C:\ProgramData\PCDr
2013-05-30 15:38 - 2013-05-30 15:38 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-30 15:38 - 2012-08-11 00:19 - 00000000 ____D C:\ProgramData\Dell
2013-05-30 15:37 - 2013-05-30 15:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\PCDr
2013-05-30 15:36 - 2013-05-30 15:36 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Dell
2013-05-30 09:31 - 2012-09-01 13:43 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Adobe
2013-05-29 15:58 - 2013-05-29 15:58 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-29 15:58 - 2012-08-11 00:26 - 00000000 ____D C:\ProgramData\Adobe
2013-05-29 15:58 - 2012-08-11 00:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\BabSolution
2013-05-29 15:56 - 2013-05-29 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-29 15:55 - 2013-05-29 15:55 - 00000000 ____D C:\Users\Greentown2\AppData\Roaming\Babylon
2013-05-29 15:55 - 2013-05-29 15:55 - 00000000 ____D C:\ProgramData\Babylon
2013-05-29 15:54 - 2013-02-13 15:18 - 00000000 ____D C:\Users\Greentown2\AppData\Local\FileTypeAssistant
2013-05-27 16:42 - 2013-01-22 15:21 - 00000000 ____D C:\ProgramData\Sage
2013-05-23 17:40 - 2013-03-28 15:13 - 00000000 ____D C:\Program Files (x86)\Sage Payroll
2013-05-22 11:40 - 2013-05-22 11:40 - 00000000 ____D C:\DanskeBank
2013-05-19 21:00 - 2013-05-19 21:00 - 00000000 ____D C:\Windows\CheckSur
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3791119913-2660768500-3692405042-1000\$03c60106ef21152c02de9c08e841bdc9
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$03c60106ef21152c02de9c08e841bdc9
 
Files to move or delete:
====================
C:\Users\Greentown2\alg.exe
C:\Users\Greentown2\java.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
 
LastRegBack: 2013-06-13 11:47
 
==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2013
Ran by Greentown2 at 2013-06-18 22:31:15 Run:
Running from C:\Users\Greentown2\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
Accounts (Version: 19.0.11.260)
Adobe Acrobat X Standard - English, Français, Deutsch (Version: 10.1.7)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player ActiveX Free Download Packages
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Ask Toolbar (Version: 1.15.23.0)
Ask Toolbar Updater (Version: 1.2.5.36191)
Bing Bar (Version: 7.1.391.0)
BlackBerry App World Browser Plugin (Version: 4.2.1.12)
Canon MF8300 Series
Conexant HD Audio (Version: 8.50.4.0)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 9.4.67)
Dell DataSafe Local Backup (Version: 9.4.67)
Dell Digital Delivery (Version: 2.5.1400.0)
Dell Edoc Viewer (Version: 1.0.0)
Delta Chrome Toolbar
DirectX 9 Runtime (Version: 1.00.0000)
Dropbox (Version: 2.0.22)
DYMO Label v.8 (Version: 8.3.0.1242)
File Type Assistant (Version: 2013.4.8.0)
Intel® Processor Graphics (Version: 8.15.10.2291)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes' Anti-Malware
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visio Viewer 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Dell (Version: 3.3.6261.27)
Payroll for Windows (Version: 19)
PhotoShowExpress (Version: 2.0.063)
RBVirtualFolder64Inst (Version: 1.00.0000)
Revo Uninstaller 1.94 (Version: 1.94)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Sage 50 Accounts 2013 (Version: 19.0.11.260)
Sage 50 Payroll (Version: 19.00)
Sage 50 Payroll (Version: 19.01)
Sage Payroll for Windows (Version: 6.00)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
TWAIN Driver (Version: 2.0.1114)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UTAX TA Product Library (Version: 2.0.0713)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
 
==================== Restore Points  =========================
 
19-05-2013 20:00:01 Windows Update
20-05-2013 14:34:22 Windows Update
23-05-2013 16:40:09 Configured Sage Payroll for Windows
23-05-2013 16:40:27 Configured Sage Payroll for Windows
31-05-2013 13:52:29 Scheduled Checkpoint
05-06-2013 08:13:55 Installed Java 7 Update 21
07-06-2013 10:37:06 Removed Iminent Toolbar For Internet Explorer
11-06-2013 13:08:36 Installed DirectX
11-06-2013 13:08:49 Installed DirectX
13-06-2013 08:53:57 Windows Update
13-06-2013 09:14:47 Windows Update
14-06-2013 10:19:48 Restore Operation
17-06-2013 08:00:50 Windows Update
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {071674EE-7F5F-4FD9-A1BC-18150DC0AC13} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe No File
Task: {315D51B0-62E6-4169-8777-3ED78558575F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] ()
Task: {3B90BAAB-5981-4B9D-A2FF-B8BB84965615} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {54CB4637-668F-4B5E-BFC6-0EA8D4ABDE79} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2013-04-08] (Trusted Software ApS)
Task: {56B31C2C-C083-4BE0-A79E-A1C0C2FC8CE5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {590FB285-DA30-47D6-B649-BD88E85312CE} - System32\Tasks\EPUpdater => C:\Users\GREENT~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {7813B3C7-EFB4-46B5-A3F9-8E7CC849C134} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] ()
Task: {7AF1505D-CAB3-4766-8A1E-81107EBA0626} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2013-01-24] (Microsoft Corporation)
Task: {8BFB52D7-DF69-4C67-97C9-9218EB30A982} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2013-04-09] (                                                            )
Task: {A5FCF74D-057B-4CEB-9C08-1AB34FC1B32C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] ()
Task: {AB43F5B0-36B4-458F-A2AD-B006EC4CD0C2} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {C07D4F13-9B84-4F08-8719-6208424E4F52} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {C813D3FE-AA3E-47C9-B8C0-DF9CE86B881E} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-12] (Microsoft Corporation)
Task: {E6A2DB5B-8012-4F37-BC55-0B2AE26367D7} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3791119913-2660768500-3692405042-1000 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {F6317657-1C4E-45DE-B641-6B7735971074} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/18/2013 09:56:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/18/2013 07:27:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/17/2013 09:06:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/17/2013 08:58:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/16/2013 01:04:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2013 11:26:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2013 11:24:49 AM) (Source: System Restore) (User: )
Description: The restore point selected was damaged or deleted during the restore (Windows Update).
 
Error: (06/14/2013 10:52:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2013 10:43:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2013 10:42:03 AM) (Source: System Restore) (User: )
Description: The restore point selected was damaged or deleted during the restore (Windows Update).
 
 
System errors:
=============
Error: (06/18/2013 09:56:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/18/2013 09:55:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (06/18/2013 09:54:51 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (06/18/2013 09:54:46 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%5
 
Error: (06/18/2013 07:27:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/18/2013 07:27:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (06/18/2013 07:26:15 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (06/18/2013 07:26:10 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%5
 
Error: (06/17/2013 09:06:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/17/2013 09:05:44 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (02/15/2013 04:38:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 381 seconds with 360 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 30%
Total physical RAM: 4008.63 MB
Available physical RAM: 2766.72 MB
Total Pagefile: 8015.44 MB
Available Pagefile: 6675.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.08 GB) (Free:400.93 GB) NTFS (Disk=0 Partition=3)
Drive i: (My Passport) (Fixed) (Total:232.83 GB) (Free:34.22 GB) FAT32 (Disk=5 Partition=1)
Drive y: (RECOVERY) (Fixed) (Total:13.64 GB) (Free:6.09 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 9CE50851)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 233 GB) (Disk ID: 02D23F90)
Partition 1: (Not Active) - (Size=233 GB) - (Type=0C)
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users