Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit


  • This topic is locked This topic is locked
12 replies to this topic

#1 jwah

jwah

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 01 July 2013 - 04:14 AM

Hello all

I have used a lot of the info in these forums to try and remove ZeroAccess malware. I am now at the stage where the firewall is running again, security center service re-established and windows update is working.

 

Unfortunately RKill logs are still showing some issues with ZeroAccess and I cannot launch Windows Defender. However I have now installed Microsoft Security Essentials and this is running and up to date.

 

I still cannot download files in Internet Explorer due to false positives, as the download completes I receive a message that the download has a virus and the file is automatically deleted.

 

I would be incredibly grateful if anyone can assist!

Cheers

 

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/01/2013 06:20:44 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS Reparse Point/Junction found!

     * C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSoftEx.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSoftEx.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll => c:\windows\system32\config [File]

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\Windows\System32\config\systemprofile\AppData\Local\Application Data => C:\Windows\system32\config\systemprofile\AppData\Local [Dir]
     * C:\Windows\System32\config\systemprofile\AppData\Local\History => C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History [Dir]
     * C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files => C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files [Dir]
     * C:\Windows\System32\config\systemprofile\Application Data => C:\Windows\system32\config\systemprofile\AppData\Roaming [Dir]
     * C:\Windows\System32\config\systemprofile\Cookies => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies [Dir]
     * C:\Windows\System32\config\systemprofile\Documents\My Music => C:\Windows\system32\config\systemprofile\Music [Dir]
     * C:\Windows\System32\config\systemprofile\Documents\My Pictures => C:\Windows\system32\config\systemprofile\Pictures [Dir]
     * C:\Windows\System32\config\systemprofile\Documents\My Videos => C:\Windows\system32\config\systemprofile\Videos [Dir]
     * C:\Windows\System32\config\systemprofile\Local Settings => C:\Windows\system32\config\systemprofile\AppData\Local [Dir]
     * C:\Windows\System32\config\systemprofile\My Documents => C:\Windows\system32\config\systemprofile\Documents [Dir]
     * C:\Windows\System32\config\systemprofile\NetHood => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts [Dir]
     * C:\Windows\System32\config\systemprofile\PrintHood => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [Dir]
     * C:\Windows\System32\config\systemprofile\Recent => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent [Dir]
     * C:\Windows\System32\config\systemprofile\SendTo => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo [Dir]
     * C:\Windows\System32\config\systemprofile\Start Menu => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu [Dir]
     * C:\Windows\System32\config\systemprofile\Templates => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 07/01/2013 06:35:07 PM
Execution time: 0 hours(s), 14 minute(s), and 23 seconds(s)

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 01 July 2013 - 09:10 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

 

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 jwah

jwah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 02 July 2013 - 04:14 AM

Hi Marius

MBAR found no malware. The FRST and MBAR logs are below.

Many thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by Jean and Dave (administrator) on 02-07-2013 18:42:05
Running from F:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-18] (Synaptics, Inc.)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [DLSService] "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe" [55808 2009-10-29] (Sanford, L.P.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1885944 2009-10-29] (Sanford, L.P.)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18643048 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU -No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-16] (Hewlett-Packard)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] ()
S3 wbengine; "%systemroot%\system32\wbengine.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 EraserUtilDrv10741; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-02 18:41 - 2013-07-02 18:41 - 00000000 ____D C:\FRST
2013-06-30 21:47 - 2013-06-30 21:47 - 00000207 ____A C:\Windows\tweaking.com-regbackup-JEANANDDAVE-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-06-30 21:44 - 2013-06-30 21:44 - 00000000 ____D C:\RegBackup
2013-06-30 21:17 - 2013-06-30 22:35 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-30 21:02 - 2013-05-17 08:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-30 21:02 - 2013-05-17 08:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-30 21:02 - 2013-05-17 08:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-30 21:02 - 2013-05-17 08:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-30 21:02 - 2013-05-17 08:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-30 21:02 - 2013-05-17 08:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-30 21:02 - 2013-05-17 08:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-30 21:02 - 2013-05-17 08:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-30 21:02 - 2013-05-17 08:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-30 21:01 - 2013-05-17 09:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-30 21:01 - 2013-05-17 08:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-30 21:01 - 2013-05-17 08:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-30 21:01 - 2013-05-17 08:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-30 21:01 - 2013-05-17 08:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-30 21:01 - 2013-05-17 08:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-30 21:01 - 2013-05-17 08:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-30 21:01 - 2013-05-03 01:28 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-06-30 20:55 - 2013-05-08 14:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-30 20:55 - 2013-05-02 14:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-30 20:55 - 2013-05-02 14:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-30 20:55 - 2013-04-17 22:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-30 20:54 - 2013-05-03 08:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-30 20:54 - 2013-05-03 08:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-30 20:54 - 2013-04-24 14:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-30 20:54 - 2013-04-24 14:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-30 20:54 - 2013-04-24 14:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-30 20:54 - 2013-04-24 14:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-30 20:54 - 2013-04-24 11:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-30 20:39 - 2013-06-30 20:40 - 00000000 ___SD C:\32788R22FWJFW
2013-06-30 20:39 - 2013-06-30 20:39 - 00000000 ____D C:\Windows\erdnt
2013-06-30 20:32 - 2013-06-30 20:32 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 20:31 - 2013-06-30 20:31 - 00000000 ____D C:\JRT
2013-06-30 20:27 - 2013-06-30 20:27 - 00001944 ____A C:\AdwCleaner[S1].txt
2013-06-30 19:50 - 2012-07-26 13:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-06-30 19:50 - 2012-07-26 13:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-06-30 19:50 - 2012-07-26 13:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-06-30 19:50 - 2012-07-26 13:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-06-30 19:50 - 2012-07-26 13:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-06-30 19:50 - 2012-07-26 13:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-06-30 19:50 - 2012-07-26 13:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-06-30 19:50 - 2012-07-26 12:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-06-30 19:50 - 2012-07-26 12:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-06-30 19:50 - 2012-07-26 12:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-06-30 19:50 - 2012-06-03 00:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-06-30 19:50 - 2012-06-03 00:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-06-30 19:50 - 2009-07-14 22:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
2013-06-30 19:42 - 2012-12-16 23:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-06-30 19:42 - 2012-12-16 20:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-06-30 19:41 - 2013-03-09 13:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-06-30 19:41 - 2013-03-09 11:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-06-30 19:41 - 2012-11-22 13:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-06-30 19:41 - 2012-11-20 14:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-06-30 19:41 - 2012-11-02 20:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-06-30 19:41 - 2012-11-02 20:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-06-30 19:41 - 2012-11-02 18:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-06-30 19:41 - 2012-09-29 02:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-06-30 19:40 - 2013-04-16 00:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-30 19:40 - 2013-04-13 20:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-06-30 19:40 - 2013-04-09 11:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-30 19:40 - 2013-03-08 13:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-30 19:40 - 2013-03-04 05:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-06-30 19:40 - 2012-11-13 11:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-06-30 19:40 - 2012-08-21 21:47 - 00224640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-06-30 19:39 - 2013-03-08 13:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-06-30 19:39 - 2012-11-08 13:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-06-30 19:35 - 2013-02-12 11:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-06-30 19:13 - 2013-06-30 19:13 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-30 19:13 - 2013-06-30 19:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-30 16:12 - 2013-06-30 16:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-30 13:06 - 2013-06-30 13:06 - 00000000 ____D C:\Users\Jean and Dave\AppData\Roaming\Malwarebytes
2013-06-30 13:05 - 2013-06-30 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-30 13:05 - 2013-06-30 13:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-30 13:05 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-21 20:00 - 2013-06-21 20:00 - 00000000 ____D C:\Windows\Sun

==================== One Month Modified Files and Folders ========

2013-07-02 18:42 - 2006-11-02 20:33 - 00769200 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 18:41 - 2013-07-02 18:41 - 00000000 ____D C:\FRST
2013-07-02 18:34 - 2011-12-19 09:15 - 01549642 ____A C:\Windows\WindowsUpdate.log
2013-07-02 18:29 - 2011-12-18 17:31 - 00000000 ____D C:\Users\Jean and Dave\AppData\Roaming\Skype
2013-07-02 18:28 - 2011-12-19 09:43 - 00000286 ____A C:\Users\Public\Documents\hpqp.ini
2013-07-02 18:27 - 2006-11-02 23:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 18:27 - 2006-11-02 22:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 18:27 - 2006-11-02 22:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 18:27 - 2006-11-02 22:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-02 07:26 - 2006-11-02 23:01 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-02 07:25 - 2012-07-18 10:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 18:55 - 2006-11-02 21:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-01 18:23 - 2011-12-18 17:18 - 00000000 ____D C:\Users\Jean and Dave\AppData\Roaming\Mozilla
2013-07-01 18:23 - 2011-12-18 17:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-01 18:04 - 2011-12-19 18:59 - 00105520 ____A C:\Users\Jean and Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 18:03 - 2006-11-02 22:47 - 00382040 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-01 18:02 - 2008-01-21 12:47 - 00606480 ____A C:\Windows\PFRO.log
2013-06-30 22:35 - 2013-06-30 21:17 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-30 21:57 - 2006-11-02 21:18 - 00000000 ____D C:\Windows\rescache
2013-06-30 21:47 - 2013-06-30 21:47 - 00000207 ____A C:\Windows\tweaking.com-regbackup-JEANANDDAVE-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-06-30 21:44 - 2013-06-30 21:44 - 00000000 ____D C:\RegBackup
2013-06-30 20:40 - 2013-06-30 20:39 - 00000000 ___SD C:\32788R22FWJFW
2013-06-30 20:39 - 2013-06-30 20:39 - 00000000 ____D C:\Windows\erdnt
2013-06-30 20:32 - 2013-06-30 20:32 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 20:31 - 2013-06-30 20:31 - 00000000 ____D C:\JRT
2013-06-30 20:27 - 2013-06-30 20:27 - 00001944 ____A C:\AdwCleaner[S1].txt
2013-06-30 20:22 - 2011-12-19 08:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-30 20:18 - 2008-08-03 05:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-30 20:06 - 2011-12-18 17:40 - 00000000 ____D C:\Program Files\Google
2013-06-30 20:01 - 2011-12-18 17:40 - 00000000 ____D C:\Users\Jean and Dave\AppData\Local\Google
2013-06-30 19:21 - 2011-12-18 17:03 - 00000000 ____D C:\ProgramData\Norton
2013-06-30 19:13 - 2013-06-30 19:13 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-30 19:13 - 2013-06-30 19:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-30 19:11 - 2008-08-03 04:13 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-30 16:12 - 2013-06-30 16:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-30 16:12 - 2011-12-18 17:30 - 00000000 ___RD C:\Program Files\Skype
2013-06-30 16:12 - 2011-12-18 17:30 - 00000000 ____D C:\ProgramData\Skype
2013-06-30 14:38 - 2011-12-19 18:56 - 00012800 ____A C:\Users\Jean and Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-30 14:38 - 2006-11-02 22:52 - 00074654 ____A C:\Windows\setupact.log
2013-06-30 13:57 - 2006-11-02 21:18 - 00000000 ____D C:\Windows\nap
2013-06-30 13:06 - 2013-06-30 13:06 - 00000000 ____D C:\Users\Jean and Dave\AppData\Roaming\Malwarebytes
2013-06-30 13:05 - 2013-06-30 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-30 13:05 - 2013-06-30 13:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-28 11:47 - 2013-06-01 12:12 - 00000000 ____D C:\Users\Jean and Dave\Documents\Silsoe 2013
2013-06-21 20:00 - 2013-06-21 20:00 - 00000000 ____D C:\Windows\Sun
2013-06-15 10:18 - 2011-12-18 17:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-06-15 09:48 - 2012-07-18 10:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-15 09:48 - 2012-01-31 21:07 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-03 17:43 - 2006-11-02 20:24 - 73393752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-07-02 18:34

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2013
Ran by Jean and Dave at 2013-07-02 18:42:33
Running from F:\
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Shockwave Player (Version: 10.2.0.023)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.2)
Bonjour (Version: 3.0.0.10)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Conexant HD Audio (Version: 4.58.1.0)
CyberLink DVD Suite (Version: 5.5.1519)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DYMO Label v.8 (Version: 8.2.0.820)
ESU for Microsoft Vista (Version: 1.0.0)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2)
HP Active Support Library (Version: 3.1.4.1)
HP Customer Experience Enhancements (Version: 5.7.0.2630)
HP Doc Viewer (Version: 1.01.0005)
HP DVD Play 3.7
HP Easy Setup - Frontend (Version: 5.7.0.2630)
HP Quick Launch Buttons 6.40 F1 (Version: 6.40 F1)
HP Total Care Advisor (Version: 2.1.4047.2685)
HP Update (Version: 4.000.010.008)
HP User Guides 0118 (Version: 1.00.0000)
HP Wireless Assistant (Version: 3.00 J1)
HPNetworkAssistant (Version: 1.1.70)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 11.0.1.12)
Java™ 6 Update 5 (Version: 1.6.0.50)
LabelPrint (Version: 2.20.2719)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: 1.0.0.43)
NetWaiting (Version: 2.5.52)
Picasa 3 (Version: 3.9)
Power2Go (Version: 5.6.3919)
PowerDirector (Version: 6.5.2719)
QuickPlay SlingPlayer 0.4.6 (Version: 0.4.6)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: )
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.3 (Version: 6.3.105)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
VLC media player 2.0.3 (Version: 2.0.3)

==================== Restore Points  =========================

18-04-2013 21:09:34 Scheduled Checkpoint
19-04-2013 22:44:47 Scheduled Checkpoint
21-04-2013 20:37:59 Scheduled Checkpoint
23-04-2013 07:47:18 Scheduled Checkpoint
23-04-2013 21:30:34 Scheduled Checkpoint
24-04-2013 17:07:50 Scheduled Checkpoint
01-05-2013 09:30:26 Scheduled Checkpoint
03-05-2013 11:53:34 Scheduled Checkpoint
03-05-2013 23:56:55 Scheduled Checkpoint
11-05-2013 05:01:47 Scheduled Checkpoint
11-05-2013 22:53:30 Scheduled Checkpoint
12-05-2013 22:24:57 Scheduled Checkpoint
13-05-2013 20:59:33 Scheduled Checkpoint
14-05-2013 14:00:05 Scheduled Checkpoint
16-05-2013 09:42:38 Scheduled Checkpoint
17-05-2013 08:27:55 Scheduled Checkpoint
17-05-2013 23:26:27 Scheduled Checkpoint
19-05-2013 00:20:49 Scheduled Checkpoint
20-05-2013 00:57:45 Scheduled Checkpoint
20-05-2013 23:56:59 Scheduled Checkpoint
27-06-2013 12:49:32 Scheduled Checkpoint
30-06-2013 09:42:05 Windows Update
30-06-2013 10:55:14 Windows Update
30-06-2013 11:58:04 Tweaking.com - Windows Repair
01-07-2013 08:50:06 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {12041906-536A-448C-B69C-FF33B8F7AE0D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25DFAB5E-5DF7-4098-8823-6BD1EAF97DDF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {52AD0D84-DD34-4341-8A9E-A136E37CBAF0} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3559841253-447340296-2778727564-1003 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {61AEB585-3CE7-4226-8E0C-5B7B918E7ECC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {620D3435-4F3F-4354-B78E-0221ACB144AB} - System32\Tasks\{3C6C807F-42A3-43EB-BD62-A21730C496B6} => c:\program files\google\chrome\application\chrome.exe No File
Task: {6A027533-2098-45C6-87AA-74A415618AB5} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-16] (Hewlett-Packard)
Task: {A5785A16-C966-4766-B9A3-B9E2B94C9604} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {AFDF5784-3D90-45D0-BF28-A6BD3C4A40AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2013 07:25:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38209980

Error: (07/02/2013 07:25:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38209980

Error: (07/02/2013 07:25:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/01/2013 08:48:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (07/01/2013 08:48:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (07/01/2013 08:48:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/01/2013 06:50:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service wbengine since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/30/2013 10:29:34 PM) (Source: WinMgmt) (User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (06/30/2013 10:27:47 PM) (Source: WinMgmt) (User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (06/30/2013 09:27:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/02/2013 06:27:13 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/02/2013 06:27:13 PM) (Source: Service Control Manager) (User: )
Description: Windows Defender%%5

Error: (07/01/2013 06:10:35 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (07/01/2013 06:04:05 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/01/2013 06:04:05 PM) (Source: Service Control Manager) (User: )
Description: Windows Defender%%5

Error: (06/30/2013 09:27:27 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (06/30/2013 09:27:27 PM) (Source: Service Control Manager) (User: )
Description: Windows Firewall5 (0x5)

Error: (06/30/2013 09:27:27 PM) (Source: Service Control Manager) (User: )
Description: Windows Defender%%5

Error: (06/30/2013 09:07:39 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (06/30/2013 09:07:39 PM) (Source: Service Control Manager) (User: )
Description: Windows Firewall5 (0x5)

Microsoft Office Sessions:
=========================
Error: (07/02/2013 07:25:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38209980

Error: (07/02/2013 07:25:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38209980

Error: (07/02/2013 07:25:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/01/2013 08:48:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (07/01/2013 08:48:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (07/01/2013 08:48:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/01/2013 06:50:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service wbengine since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/30/2013 10:29:34 PM) (Source: WinMgmt)(User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (06/30/2013 10:27:47 PM) (Source: WinMgmt)(User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (06/30/2013 09:27:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-07-02 18:42:13.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-02 18:42:12.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-02 18:42:12.670
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-02 18:42:12.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 18:34:51.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 18:34:50.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 18:34:50.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 18:34:49.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 18:34:49.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 18:34:48.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 1978.45 MB
Available physical RAM: 1079.77 MB
Total Pagefile: 4202.17 MB
Available Pagefile: 3226.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.27 GB) (Free:126.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:9.61 GB) (Free:1.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:3.84 GB) (Free:3.53 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: C7D9C7D9)
Partition 1: (Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

 

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.01.01

Windows Vista Service Pack 2 x86 FAT32
Internet Explorer 9.0.8112.16421
Jean and Dave :: JEANANDDAVE-PC [administrator]

2/07/2013 6:48:35 PM
mbar-log-2013-07-02 (18-48-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 213783
Time elapsed: 14 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 02 July 2013 - 04:21 AM

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    CMD: netsh winsock reset
     
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

There are some signs that mention you ran Combofix before.

Please post the content of C:\combofix.txt


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 jwah

jwah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 02 July 2013 - 04:53 AM

Hi Marius

I cannot find combofix.txt, can you advise if I should run the combofix software again?

Thanks

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-07-2013
Ran by Jean and Dave at 2013-07-02 19:50:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

==== End of Fixlog ====



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 02 July 2013 - 08:31 AM

Skip that.

Run a new scan with FRST and post up the log, please.

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Run Malwarebytes´ Antimalware.
  • Once the program has loaded, select Perform full scan, mark all your hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 jwah

jwah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 03 July 2013 - 04:44 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by Jean and Dave (administrator) on 03-07-2013 19:38:35
Running from F:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-18] (Synaptics, Inc.)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [DLSService] "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe" [55808 2009-10-29] (Sanford, L.P.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1885944 2009-10-29] (Sanford, L.P.)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18643048 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU -No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-16] (Hewlett-Packard)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
S3 wbengine; "%systemroot%\system32\wbengine.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 EraserUtilDrv10741; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-02 18:48 - 2013-07-02 19:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-02 18:41 - 2013-07-02 19:50 - 00000000 ____D C:\FRST
2013-06-30 21:47 - 2013-06-30 21:47 - 00000207 ____A C:\Windows\tweaking.com-regbackup-JEANANDDAVE-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-06-30 21:44 - 2013-06-30 21:44 - 00000000 ____D C:\RegBackup
2013-06-30 21:17 - 2013-06-30 22:35 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-30 21:02 - 2013-05-17 08:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-30 21:02 - 2013-05-17 08:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-30 21:02 - 2013-05-17 08:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-30 21:02 - 2013-05-17 08:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-30 21:02 - 2013-05-17 08:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-30 21:02 - 2013-05-17 08:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-30 21:02 - 2013-05-17 08:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-30 21:02 - 2013-05-17 08:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-30 21:02 - 2013-05-17 08:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-30 21:01 - 2013-05-17 09:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-30 21:01 - 2013-05-17 08:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-30 21:01 - 2013-05-17 08:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-30 21:01 - 2013-05-17 08:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-30 21:01 - 2013-05-17 08:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-30 21:01 - 2013-05-17 08:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-30 21:01 - 2013-05-17 08:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-30 21:01 - 2013-05-03 01:28 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-06-30 20:55 - 2013-05-08 14:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-30 20:55 - 2013-05-02 14:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-30 20:55 - 2013-05-02 14:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-30 20:55 - 2013-04-17 22:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-30 20:54 - 2013-05-03 08:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-30 20:54 - 2013-05-03 08:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-30 20:54 - 2013-04-24 14:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-30 20:54 - 2013-04-24 14:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-30 20:54 - 2013-04-24 14:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-30 20:54 - 2013-04-24 14:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-30 20:54 - 2013-04-24 11:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-30 20:39 - 2013-06-30 20:40 - 00000000 ___SD C:\32788R22FWJFW
2013-06-30 20:39 - 2013-06-30 20:39 - 00000000 ____D C:\Windows\erdnt
2013-06-30 20:32 - 2013-06-30 20:32 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 20:31 - 2013-06-30 20:31 - 00000000 ____D C:\JRT
2013-06-30 20:27 - 2013-06-30 20:27 - 00001944 ____A C:\AdwCleaner[S1].txt
2013-06-30 19:50 - 2012-07-26 13:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-06-30 19:50 - 2012-07-26 13:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-06-30 19:50 - 2012-07-26 13:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-06-30 19:50 - 2012-07-26 13:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-06-30 19:50 - 2012-07-26 13:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-06-30 19:50 - 2012-07-26 13:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-06-30 19:50 - 2012-07-26 13:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-06-30 19:50 - 2012-07-26 12:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-06-30 19:50 - 2012-07-26 12:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-06-30 19:50 - 2012-07-26 12:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-06-30 19:50 - 2012-06-03 00:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-06-30 19:50 - 2012-06-03 00:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-06-30 19:50 - 2009-07-14 22:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
2013-06-30 19:42 - 2012-12-16 23:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-06-30 19:42 - 2012-12-16 20:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-06-30 19:41 - 2013-03-09 13:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-06-30 19:41 - 2013-03-09 11:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-06-30 19:41 - 2012-11-22 13:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-06-30 19:41 - 2012-11-20 14:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-06-30 19:41 - 2012-11-02 20:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-06-30 19:41 - 2012-11-02 20:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-06-30 19:41 - 2012-11-02 18:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-06-30 19:41 - 2012-09-29 02:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-06-30 19:40 - 2013-04-16 00:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-30 19:40 - 2013-04-13 20:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-06-30 19:40 - 2013-04-09 11:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-30 19:40 - 2013-03-08 13:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-30 19:40 - 2013-03-04 05:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-06-30 19:40 - 2012-11-13 11:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-06-30 19:40 - 2012-08-21 21:47 - 00224640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-06-30 19:39 - 2013-03-08 13:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-06-30 19:39 - 2012-11-08 13:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-06-30 19:35 - 2013-02-12 11:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-06-30 19:13 - 2013-06-30 19:13 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-30 19:13 - 2013-06-30 19:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-30 16:12 - 2013-06-30 16:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-30 13:06 - 2013-06-30 13:06 - 00000000 ____D C:\Users\Jean and Dave\AppData\Roaming\Malwarebytes
2013-06-30 13:05 - 2013-06-30 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-30 13:05 - 2013-06-30 13:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-30 13:05 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-21 20:00 - 2013-06-21 20:00 - 00000000 ____D C:\Windows\Sun

==================== One Month Modified Files and Folders ========

2013-07-03 19:36 - 2011-12-19 09:15 - 01580268 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:34 - 2011-12-18 17:31 - 00000000 ____D C:\Users\Jean and Dave\AppData\Roaming\Skype
2013-07-03 19:33 - 2011-12-19 09:43 - 00000286 ____A C:\Users\Public\Documents\hpqp.ini
2013-07-03 19:33 - 2006-11-02 22:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 19:33 - 2006-11-02 22:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 19:33 - 2006-11-02 22:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-03 19:32 - 2006-11-02 23:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 21:03 - 2006-11-02 23:01 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-02 20:24 - 2012-07-18 10:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 19:50 - 2013-07-02 18:41 - 00000000 ____D C:\FRST
2013-07-02 19:49 - 2006-11-02 20:33 - 00769200 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 19:11 - 2013-07-02 18:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-01 18:55 - 2006-11-02 21:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-01 18:23 - 2011-12-18 17:18 - 00000000 ____D C:\Users\Jean and Dave\AppData\Roaming\Mozilla
2013-07-01 18:23 - 2011-12-18 17:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-01 18:04 - 2011-12-19 18:59 - 00105520 ____A C:\Users\Jean and Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 18:03 - 2006-11-02 22:47 - 00382040 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-01 18:02 - 2008-01-21 12:47 - 00606480 ____A C:\Windows\PFRO.log
2013-06-30 22:35 - 2013-06-30 21:17 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-30 21:57 - 2006-11-02 21:18 - 00000000 ____D C:\Windows\rescache
2013-06-30 21:47 - 2013-06-30 21:47 - 00000207 ____A C:\Windows\tweaking.com-regbackup-JEANANDDAVE-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-06-30 21:44 - 2013-06-30 21:44 - 00000000 ____D C:\RegBackup
2013-06-30 20:40 - 2013-06-30 20:39 - 00000000 ___SD C:\32788R22FWJFW
2013-06-30 20:39 - 2013-06-30 20:39 - 00000000 ____D C:\Windows\erdnt
2013-06-30 20:32 - 2013-06-30 20:32 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 20:31 - 2013-06-30 20:31 - 00000000 ____D C:\JRT
2013-06-30 20:27 - 2013-06-30 20:27 - 00001944 ____A C:\AdwCleaner[S1].txt
2013-06-30 20:22 - 2011-12-19 08:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-30 20:18 - 2008-08-03 05:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-30 20:06 - 2011-12-18 17:40 - 00000000 ____D C:\Program Files\Google
2013-06-30 20:01 - 2011-12-18 17:40 - 00000000 ____D C:\Users\Jean and Dave\AppData\Local\Google
2013-06-30 19:21 - 2011-12-18 17:03 - 00000000 ____D C:\ProgramData\Norton
2013-06-30 19:13 - 2013-06-30 19:13 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-30 19:13 - 2013-06-30 19:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-30 19:11 - 2008-08-03 04:13 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-30 16:12 - 2013-06-30 16:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-30 16:12 - 2011-12-18 17:30 - 00000000 ___RD C:\Program Files\Skype
2013-06-30 16:12 - 2011-12-18 17:30 - 00000000 ____D C:\ProgramData\Skype
2013-06-30 14:38 - 2011-12-19 18:56 - 00012800 ____A C:\Users\Jean and Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-30 14:38 - 2006-11-02 22:52 - 00074654 ____A C:\Windows\setupact.log
2013-06-30 13:57 - 2006-11-02 21:18 - 00000000 ____D C:\Windows\nap
2013-06-30 13:06 - 2013-06-30 13:06 - 00000000 ____D C:\Users\Jean and Dave\AppData\Roaming\Malwarebytes
2013-06-30 13:05 - 2013-06-30 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-30 13:05 - 2013-06-30 13:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-28 11:47 - 2013-06-01 12:12 - 00000000 ____D C:\Users\Jean and Dave\Documents\Silsoe 2013
2013-06-21 20:00 - 2013-06-21 20:00 - 00000000 ____D C:\Windows\Sun
2013-06-15 10:18 - 2011-12-18 17:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-06-15 09:48 - 2012-07-18 10:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-15 09:48 - 2012-01-31 21:07 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-03 17:43 - 2006-11-02 20:24 - 73393752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-03 19:39

==================== End Of Log ============================

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.03.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jean and Dave :: JEANANDDAVE-PC [administrator]

3/07/2013 7:42:57 PM
mbam-log-2013-07-03 (19-42-57).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 470375
Time elapsed: 2 hour(s), 20 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 04 July 2013 - 05:27 AM

Looks good!

 

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 jwah

jwah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 04 July 2013 - 08:03 AM

One threat was found

 

C:\Users\Jean and Dave\Downloads\TelevisionFanatic.exe Win32/AdInstaller application



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 04 July 2013 - 08:17 AM

That´s no malware but contains security risks. I would delete it immediately. Your choice.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 jwah

jwah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 04 July 2013 - 08:38 AM

I have deleted the file.

 

# AdwCleaner v2.304 - Logfile created 07/04/2013 at 23:26:36
# Updated 03/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Jean and Dave - JEANANDDAVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Jean and Dave\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1944 octets] - [30/06/2013 20:27:37]
AdwCleaner[S2].txt - [608 octets] - [04/07/2013 23:26:36]

########## EOF - C:\AdwCleaner[S2].txt - [667 octets] ##########

 

 

 Results of screen317's Security Check version 0.99.68 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java™ 6 Update 5 
 Java version out of Date!
 Adobe Flash Player  11.7.700.224 
 Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 04 July 2013 - 08:41 AM

Then your system is clean now! :)

 

 

 

Java update


Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer ( Java 7 Update 4 ) and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Adobe Reader update


Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools.
Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

Reading Material
How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 08 July 2013 - 03:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users