Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ads Virus!!!


  • This topic is locked This topic is locked
16 replies to this topic

#1 mwe

mwe

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 08 July 2013 - 03:31 PM

I am having problems with  'audio ads' randomly playing on my dell vostro 230, but nothing is displayed.  No unwanted applications list in the Task Manager.  Today Spanish and German ads are playing in addition to English.  Sometimes 'several' ads play at the same time!   I initially ran the ESET online scanner and 5 files were quarantined and then removed...but the problem continues.  I then ran a Security Check.  See below for the results.

 

 Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 20 
 Java™ 7 Update 5 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 ESET ESET Online Scanner OnlineCmdLineScanner.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

 

 

I then did a MalwareBytes scan.  See below for the results.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.08.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Macie :: MARCIE-METAPC [administrator]

7/8/2013 12:50:15 PM
mbam-log-2013-07-08 (12-50-15).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 449115
Time elapsed: 1 hour(s), 4 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

What are the next steps to resolve this issue?  When the unwanted 'audio ads' are playing, the CPU usage jumps to 100% and everything locks up.

 

Thx in advance,

 

m



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 PM

Posted 08 July 2013 - 03:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:
  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.
We need to see some information about what is happening in your machine. Please perform the following scan again:
  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
Thanks and again sorry for the delay.

Edited by fireman4it, 08 July 2013 - 03:41 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 PM

Posted 09 July 2013 - 04:35 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 10 July 2013 - 08:54 AM

Thank u for your reply.  I do continue to experience the reported problems and now in addition to 'audio ads' randomly playing with no visual display windows now cannot fully shutdown and displays a msg after manually restarting asking about starting in safe mode!  I followed your instructions and ran both the DDS & RogeKiller please see the attachments for the reports created.



#5 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 11 July 2013 - 07:22 AM

The RogueKiller scan found 3 files; Key Type of HJ SMENU, HJ Desk & HJ Desk.  Should these files be deleted using the Rogue Killer Delete option?  Please also let me know if any additional tasks need to be followed to resolve my issues as its getting worse and my system is now locking up all the time.

 

thx

m :)



#6 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 11 July 2013 - 08:08 AM

 I went ahead and deleted the files identified by Rogue Killer and restarted.  Unfortunately the random audio (with no display) continues!



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 PM

Posted 12 July 2013 - 03:34 PM

Why did you proceed on your own? There is no logs attached! Can you please copy and paste the logs from DDS and Roguekiller directly into your reply. Do you have a USb Flash Drive you can use?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 12 July 2013 - 06:34 PM

I apologize for jumping the gun but was sure that I saw instructions on Rogue Killing saying to delete files found.  I have pasted the DDS & Rogue Killer logs below.

 

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16618  BrowserJavaVersion: 1.6.0_20
Run by Macie at 6:59:43 on 2013-07-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.687 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Windows\system32\GManager.exe
C:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\PrintIsolationHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Citrix\GoToMeeting\1133\g2mstart.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\DesktopUtil\FDispPos.exe
C:\Program Files\Common Files\DesktopUtil\MCTDUtil.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Citrix\GoToMeeting\1133\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\1133\g2mlauncher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\BingBar\7.2.233.0\BingApp.exe
C:\Program Files\Microsoft\BingBar\7.2.233.0\BingBar.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Microsoft\BingBar\7.2.233.0\BingSurrogate.exe
C:\Program Files\Microsoft\BingBar\7.2.233.0\BingSurrogate.exe
C:\Program Files\Microsoft\BingBar\7.2.233.0\BingSurrogate.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe
C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Q:\140062.enu\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.2.233.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.2.233.0\BingExt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\1133\g2mstart.exe" "/Trigger RunAtLogon"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MCTDUtil] c:\program files\common files\desktoputil\Util-Desktop.exe Launch SuperUtil
mRun: [FDispPos] c:\program files\common files\desktoputil\Util-Desktop.exe Launch FixPos
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://wigeon.spf.mo.gov/CACHE/stc/2/binaries/vpnweb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://ras.hazelden.org/+CSCOL+/cscopf.cab
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://ras.hazelden.org/+CSCOL+/cscopf.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://wigeon.spf.mo.gov/CACHE/stc/2/binaries/vpnweb.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://hazelden.webex.com/client/T27LB/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} - hxxps://wigeon.spf.mo.gov/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://willow.marshfieldclinic.org/dana-cached/sc/JuniperSetupClient.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://ras.hazelden.org/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F065DDC5-3211-4205-8FC3-10D05F7BC615} : DHCPNameServer = 192.168.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mctkmdldr;mctkmdldr;c:\windows\system32\drivers\mctKmdldr.sys [2012-6-21 17024]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-6-9 81920]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-23 43912]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bpowmon\BPowMon.exe [2009-8-17 79168]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 GManager;GManager;c:\windows\system32\GManager.exe [2012-6-21 222584]
R2 MCTDesktopSvr;MCTDesktopSvr;c:\program files\common files\desktoputil\MCTDesktopSvr.exe [2012-6-21 199296]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-5 227352]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-1-16 4150112]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2013-3-26 555408]
R2 wgsslvpnsrc;WatchGuard SSLVPN Service;c:\program files\watchguard\watchguard mobile vpn with ssl\wgsslvpnsrc.exe [2012-7-26 101376]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.233.0\SeaPort.EXE [2013-4-2 240264]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-6-9 273960]
R3 mctkmd;mctkmd;c:\windows\system32\drivers\mctkmd.sys [2012-6-21 102016]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
R3 t1pusb;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb.sys [2012-6-21 146304]
S1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2011-7-7 87064]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.233.0\BBSvc.EXE [2013-4-2 193672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2012-12-10 92112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-11 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-18 1343400]
.
=============== Created Last 30 ================
.
2013-07-09 13:20:10 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1e88f480-db32-4052-b56d-e38a3dfee489}\offreg.dll
2013-07-09 12:18:52 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1e88f480-db32-4052-b56d-e38a3dfee489}\mpengine.dll
2013-07-08 18:49:35 -------- d-----w- c:\users\macie\appdata\roaming\Malwarebytes
2013-07-08 18:49:15 -------- d-----w- c:\programdata\Malwarebytes
2013-07-08 18:49:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-08 18:49:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-08 15:08:12 -------- d-----w- c:\program files\ESET
2013-06-27 16:30:46 -------- d-----w- c:\users\macie\appdata\roaming\BACS.exe
2013-06-13 12:22:34 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-13 12:22:32 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-13 12:22:31 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 12:22:28 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 12:22:28 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 12:22:28 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 12:22:28 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 12:22:28 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 12:22:25 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-13 12:22:23 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 12:22:23 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 12:21:48 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-06-13 14:00:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 14:00:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 08:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
============= FINISH:  7:00:37.32 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/17/2010 11:02:27 AM
System Uptime: 7/10/2013 6:21:50 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 07N90W
Processor: Intel® Core™2 Duo CPU     E7500  @ 2.93GHz | CPU 1 | 2926/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 393.162 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: SonicWALL Virtual NIC
Device ID: ROOT\SWVNIC\0000
Manufacturer: SonicWALL
Name: SonicWALL Virtual NIC
PNP Device ID: ROOT\SWVNIC\0000
Service: SWVNIC
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SonicWALL IPsec Driver
Device ID: ROOT\LEGACY_SWIPSEC\0000
Manufacturer:
Name: SonicWALL IPsec Driver
PNP Device ID: ROOT\LEGACY_SWIPSEC\0000
Service: SWIPsec
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP814: 6/18/2013 3:34:53 PM - Windows Update
RP815: 6/19/2013 3:52:50 PM - Windows Update
RP816: 6/20/2013 4:09:55 PM - Windows Update
RP817: 6/21/2013 3:01:18 PM - Windows Update
RP818: 6/25/2013 1:02:16 AM - Windows Update
RP819: 6/25/2013 3:00:10 AM - Windows Update
RP820: 6/25/2013 3:39:41 PM - Windows Update
RP821: 6/27/2013 9:57:39 AM - Removed Broadcom Gigabit NetLink Controller.
RP822: 6/27/2013 9:58:53 AM - Removed Broadcom Management Programs.
RP823: 6/27/2013 10:24:20 AM - Restore Operation
RP824: 6/27/2013 4:21:46 PM - Windows Update
RP825: 6/28/2013 2:56:30 PM - Windows Update
RP826: 7/2/2013 6:21:39 AM - Windows Update
RP827: 7/3/2013 6:24:42 AM - Windows Update
RP828: 7/8/2013 6:11:08 AM - Windows Update
RP829: 7/9/2013 6:16:46 AM - Windows Update
RP830: 7/9/2013 6:33:30 AM - Installed Java 7 Update 25
RP831: 7/10/2013 6:26:53 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Adobe Acrobat XI Pro
Adobe AIR
Adobe Download Assistant
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3.4
AnswerWorks 5.0 English Runtime
Bing Around The World Screensaver
Bing Bar
Broadcom Gigabit NetLink Controller
Broadcom Management Programs
BufferChm
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Citrix Online Launcher
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Dell Backup and Recovery Manager
Dell Edoc Viewer
Dell Photo AIO Printer 964
Destinations
DeviceDiscovery
DocMgr
DocProc
Dolphin Futures XPS Viewer version 1.1.0
ESET Online Scanner v3
Fax
GoToAssist 8.0.0.514
GoToMeeting 5.7.0.1172
GPBaseService2
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Java 7 Update 25
Java Auto Updater
Java™ 6 Update 20
join.me
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Juniper Terminal Services Client
Junk Mail filter update
LiveUpdate 1.6 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office Project Standard 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OCR Software by I.R.I.S. 13.0
Photosynth 2.0110.0317.1042
PicPick
PowerDVD DX
Quicken 2009
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SonicWALL Global VPN Client
Status
TeamViewer 8
Toolbox
TrayApp
Trigger External Graphics Family 11.10.1014.0179
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
WatchGuard Mobile VPN with SSL client 11.7.0
WebEx
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinZip 15.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/9/2013 8:14:53 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/9/2013 8:11:22 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/9/2013 7:44:58 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AppMgmt service.
7/9/2013 7:44:58 AM, Error: Service Control Manager [7000]  - The Application Management service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/9/2013 7:17:47 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Certificate Propagation service, but this action failed with the following error:  An instance of the service is already running.
7/9/2013 6:42:58 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/9/2013 6:13:10 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/9/2013 2:29:11 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
7/9/2013 10:29:37 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
7/9/2013 1:53:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
7/9/2013 1:53:51 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/8/2013 6:08:03 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/8/2013 2:59:03 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
7/8/2013 2:59:03 PM, Error: Service Control Manager [7000]  - The Application Information service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/8/2013 2:56:56 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
7/8/2013 2:56:56 PM, Error: Service Control Manager [7000]  - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/8/2013 2:56:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
7/8/2013 12:33:47 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/8/2013 10:29:31 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/8/2013 10:00:50 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
7/8/2013 10:00:50 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
7/3/2013 6:21:23 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/10/2013 6:41:35 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
7/10/2013 6:41:35 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
7/10/2013 6:41:34 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7034]  - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 6:39:34 AM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Remote Desktop Configuration service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Certificate Propagation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2013 6:39:34 AM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2013 6:29:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2553141) 32-Bit Edition.
7/10/2013 6:29:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition.
7/10/2013 6:23:15 AM, Error: Service Control Manager [7023]  - The Microsoft Antimalware Service service terminated with the following error:  %%-2147017840
7/10/2013 6:23:15 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/10/2013 6:23:05 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SWIPsec
.
==== End Of File ===========================
 

 

 

Rogue Killer Log:

RogueKiller V8.6.2 [Jul  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Macie [Admin rights]
Mode : Scan -- Date : 07/10/2013 07:17:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_CREATE_NAMED_PIPE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_READ] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_WRITE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_QUERY_INFORMATION] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_SET_INFORMATION] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_QUERY_EA] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_SET_EA] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_FLUSH_BUFFERS] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_QUERY_VOLUME_INFORMATION] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_SET_VOLUME_INFORMATION] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_DIRECTORY_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_FILE_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_SHUTDOWN] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_LOCK_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_CLEANUP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_CREATE_MAILSLOT] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_QUERY_SECURITY] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_SET_SECURITY] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_DEVICE_CHANGE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_QUERY_QUOTA] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_SET_QUOTA] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x86B2BC10)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-75V0A0 ATA Device +++++
--- User ---
[MBR] 65bd6a95e50d938ee6ec705b1baf039e
[BSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11390 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23408640 | Size: 465509 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] c8f0ae996f61dc3e2c1a3abf976cacda
[BSP] e1d42e8f16dddb2879df07e444f834f9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11390 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23408640 | Size: 465509 Mo

+++++ PhysicalDrive1: WDC WD5000AAKS-75V0A0 ATA Device +++++
--- User ---
[MBR] 8a39f4f2b5ddd25254488b1667f5825d
[BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 32 | Size: 1967 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07102013_071753.txt >>

 

 

 

thx

m :)
 



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 PM

Posted 14 July 2013 - 09:36 AM

Do you have a USB Flash Drive you can use?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 14 July 2013 - 10:44 AM

Yes...I have a flash drive available.  What do I need to do with it?



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 PM

Posted 15 July 2013 - 06:47 PM


For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
  • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 16 July 2013 - 07:59 AM

I downloaded 'FRST' to a flashdrive and plugged it into my infected pc as directed.  I do NOT have a Windows instalation disc.  How do i proceed without it?



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 PM

Posted 17 July 2013 - 09:30 PM

Please read the directions carefully. You dont need a Windows installtion disk.There are to options 1. to boot from advanced boot options if you dont have the disk.

 

 

 


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.




On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 18 July 2013 - 09:34 AM

Please see below for the FRST log below...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-07-2013 02
Ran by SYSTEM on 18-07-2013 07:45:28
Running from G:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7739936 2009-09-11] (Realtek Semiconductor)
HKLM\...\Run: [PDVDDXSrv] - "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft)
HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnectionCenter] - "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM\...\Run: [MCTDUtil] - C:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe Launch SuperUtil [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] - C:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPos [195200 2011-05-03] ()
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Kara\...\Policies\system: [LogonHoursAction] 2
HKU\Kara\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Macie\...\Run: [GoToMeeting] - "C:\Program Files\Citrix\GoToMeeting\1133\g2mstart.exe" "/Trigger RunAtLogon" [ 2013-03-15] (Citrix Online, a division of Citrix Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

========================== Services (Whitelisted) =================

S2 atashost; C:\Windows\system32\atashost.exe [43912 2010-08-23] (Cisco WebEx LLC)
S3 dlcj_device; C:\Windows\system32\dlcjcoms.exe [491520 2005-07-12] ()
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S2 GManager; C:\Windows\system32\GManager.exe [222584 2011-08-31] ()
S2 MCTDesktopSvr; C:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
S2 SWGVCSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [227352 2009-03-05] (SonicWALL, Inc.)
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [555408 2013-03-26] (Cisco Systems, Inc.)
S2 wgsslvpnsrc; C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101376 2012-11-26] ()
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-03-26] (Cisco Systems, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-08-19] (Avanquest Software)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 mctkmd; C:\Windows\system32\drivers\mctkmd.sys [102016 2011-09-29] (Magic Control Technology Corporation)
S0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr.sys [17024 2011-04-08] (Magic Control Technology Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S1 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [87064 2009-03-05] (SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2009-03-04] (SonicWALL, Inc.)
S3 t1pusb; C:\Windows\System32\drivers\t1pusb.sys [146304 2011-08-04] (Magic Control Technology Corp.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2011-12-15] (The OpenVPN Project)
S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
S1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 RimUsb; System32\Drivers\RimUsb.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-16 04:31 - 2013-07-16 04:31 - 00000000 ____D C:\FRST
2013-07-12 04:38 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 04:38 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 04:37 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-12 04:37 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 04:37 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 04:37 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 04:37 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 04:37 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 04:37 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 04:37 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 04:37 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 04:37 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 04:37 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 04:37 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 04:37 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 04:37 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-11 04:30 - 2013-07-11 04:30 - 00005702 _____ C:\Users\Macie\Desktop\RKreport[0]_D_07112013_063020.txt
2013-07-10 05:17 - 2013-07-10 05:17 - 00005646 _____ C:\Users\Macie\Desktop\RKreport[0]_S_07102013_071753.txt
2013-07-10 05:08 - 2013-07-11 05:01 - 00000000 ____D C:\Users\Macie\Desktop\RK_Quarantine
2013-07-10 05:08 - 2013-07-10 05:08 - 00915456 _____ C:\Users\Macie\Downloads\RogueKiller.exe
2013-07-10 05:03 - 2013-07-10 05:23 - 00000000 ____D C:\Users\Macie\Desktop\Scans
2013-07-10 05:00 - 2013-07-10 05:00 - 00020004 _____ C:\Users\Macie\Desktop\attach.txt
2013-07-10 05:00 - 2013-07-10 05:00 - 00017632 _____ C:\Users\Macie\Desktop\dds.txt
2013-07-10 04:59 - 2013-07-10 04:59 - 00688992 ____R (Swearware) C:\Users\Macie\Downloads\dds.scr
2013-07-10 04:35 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 04:35 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 04:34 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 04:34 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-08 10:49 - 2013-07-08 10:49 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-08 10:49 - 2013-07-08 10:49 - 00000000 ____D C:\Users\Macie\AppData\Roaming\Malwarebytes
2013-07-08 10:49 - 2013-07-08 10:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-08 10:49 - 2013-07-08 10:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-08 10:49 - 2013-04-04 12:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-08 10:48 - 2013-07-08 10:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Macie\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-08 09:05 - 2013-07-08 09:05 - 00890988 _____ C:\Users\Macie\Downloads\SecurityCheck.exe
2013-07-08 07:08 - 2013-07-08 07:08 - 00000000 ____D C:\Program Files\ESET
2013-07-08 06:58 - 2013-07-08 06:58 - 00000000 ____D C:\Windows\Sun
2013-06-27 08:30 - 2013-06-27 08:33 - 00000000 ____D C:\Users\Macie\AppData\Roaming\BACS.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-18 01:03 - 2013-06-18 01:03 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-18 01:03 - 2013-06-18 01:03 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-18 01:03 - 2013-06-18 01:03 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-18 01:03 - 2013-06-18 01:03 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-18 01:00 - 2013-06-18 01:04 - 00008107 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-18 05:40 - 2010-06-18 06:09 - 00000000 ____D C:\Users\Macie\AppData\Roaming\SoftGrid Client
2013-07-18 05:40 - 2009-07-13 20:55 - 01397687 _____ C:\Windows\WindowsUpdate.log
2013-07-18 05:38 - 2010-06-09 18:58 - 00730682 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-18 05:37 - 2009-07-13 20:34 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 05:37 - 2009-07-13 20:34 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-18 05:30 - 2012-06-21 14:32 - 00002803 _____ C:\Windows\System32\GManager.ini
2013-07-18 05:29 - 2009-07-13 20:39 - 00050095 _____ C:\Windows\setupact.log
2013-07-18 04:45 - 2010-06-17 09:13 - 00059576 _____ C:\Users\Macie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-18 04:41 - 2010-06-18 09:09 - 00000000 ____D C:\Users\Macie\Documents\Outlook Files
2013-07-16 06:14 - 2010-08-17 11:49 - 00000000 ____D C:\Users\Macie\Documents\Personal
2013-07-16 04:31 - 2013-07-16 04:31 - 00000000 ____D C:\FRST
2013-07-15 08:01 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-12 15:46 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 15:25 - 2009-07-13 20:33 - 00272368 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 15:24 - 2010-06-09 19:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 15:24 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 15:24 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 05:01 - 2013-07-10 05:08 - 00000000 ____D C:\Users\Macie\Desktop\RK_Quarantine
2013-07-11 04:30 - 2013-07-11 04:30 - 00005702 _____ C:\Users\Macie\Desktop\RKreport[0]_D_07112013_063020.txt
2013-07-11 04:30 - 2010-06-17 09:02 - 00000000 ___RD C:\Users\Macie\Desktop
2013-07-10 05:23 - 2013-07-10 05:03 - 00000000 ____D C:\Users\Macie\Desktop\Scans
2013-07-10 05:17 - 2013-07-10 05:17 - 00005646 _____ C:\Users\Macie\Desktop\RKreport[0]_S_07102013_071753.txt
2013-07-10 05:08 - 2013-07-10 05:08 - 00915456 _____ C:\Users\Macie\Downloads\RogueKiller.exe
2013-07-10 05:00 - 2013-07-10 05:00 - 00020004 _____ C:\Users\Macie\Desktop\attach.txt
2013-07-10 05:00 - 2013-07-10 05:00 - 00017632 _____ C:\Users\Macie\Desktop\dds.txt
2013-07-10 04:59 - 2013-07-10 04:59 - 00688992 ____R (Swearware) C:\Users\Macie\Downloads\dds.scr
2013-07-09 07:45 - 2011-12-12 11:47 - 00000000 ____D C:\Users\Macie\Documents\My Scans
2013-07-09 07:43 - 2010-07-09 04:11 - 00000000 ____D C:\Users\Macie\AppData\Local\CrashDumps
2013-07-09 04:40 - 2010-06-09 20:45 - 00148260 _____ C:\Windows\PFRO.log
2013-07-08 10:49 - 2013-07-08 10:49 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-08 10:49 - 2013-07-08 10:49 - 00000000 ____D C:\Users\Macie\AppData\Roaming\Malwarebytes
2013-07-08 10:49 - 2013-07-08 10:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-08 10:49 - 2013-07-08 10:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-08 10:49 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-08 10:48 - 2013-07-08 10:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Macie\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-08 09:05 - 2013-07-08 09:05 - 00890988 _____ C:\Users\Macie\Downloads\SecurityCheck.exe
2013-07-08 08:46 - 2010-07-01 07:13 - 00007597 _____ C:\Users\Macie\AppData\Local\resmon.resmoncfg
2013-07-08 07:08 - 2013-07-08 07:08 - 00000000 ____D C:\Program Files\ESET
2013-07-08 06:58 - 2013-07-08 06:58 - 00000000 ____D C:\Windows\Sun
2013-07-08 05:34 - 2010-06-21 07:40 - 00002008 ____H C:\Users\Macie\Documents\Default.rdp
2013-06-27 09:44 - 2013-05-22 11:15 - 00000000 ____D C:\Users\Macie\AppData\Local\join.me
2013-06-27 08:36 - 2010-06-17 09:02 - 00000000 ____D C:\users\Macie
2013-06-27 08:34 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-27 08:33 - 2013-06-27 08:30 - 00000000 ____D C:\Users\Macie\AppData\Roaming\BACS.exe
2013-06-27 08:33 - 2013-03-20 17:22 - 00000000 ____D C:\users\Guest
2013-06-27 08:33 - 2010-06-25 13:27 - 00000000 ____D C:\ProgramData\Adobe
2013-06-27 08:33 - 2010-06-09 18:55 - 00000000 ____D C:\Program Files\Broadcom
2013-06-27 08:33 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-06-27 08:33 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-27 08:33 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-06-27 01:22 - 2010-07-02 11:23 - 00000258 __RSH C:\Users\Macie\ntuser.pol
2013-06-25 07:33 - 2010-07-02 10:21 - 00000000 ____D C:\Users\Macie\AppData\Local\Citrix
2013-06-21 06:17 - 2013-01-16 09:19 - 00000969 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-06-18 01:59 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-06-18 01:04 - 2013-06-18 01:00 - 00008107 _____ C:\Windows\IE10_main.log
2013-06-18 01:03 - 2013-06-18 01:03 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-18 01:03 - 2013-06-18 01:03 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-18 01:03 - 2013-06-18 01:03 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-18 01:03 - 2013-06-18 01:03 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-18 01:03 - 2013-06-18 01:03 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-18 01:03 - 2013-06-18 01:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-18 01:03 - 2013-06-18 01:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-24 23:02:27
Restore point made on: 2013-06-25 01:00:13
Restore point made on: 2013-06-25 13:39:59
Restore point made on: 2013-06-27 07:57:54
Restore point made on: 2013-06-27 07:58:56
Restore point made on: 2013-06-27 08:24:29
Restore point made on: 2013-06-27 14:22:04
Restore point made on: 2013-06-28 12:56:47
Restore point made on: 2013-07-02 04:22:07
Restore point made on: 2013-07-03 04:25:34
Restore point made on: 2013-07-08 04:11:40
Restore point made on: 2013-07-09 04:17:14
Restore point made on: 2013-07-09 04:33:40
Restore point made on: 2013-07-10 04:27:19
Restore point made on: 2013-07-11 05:17:04
Restore point made on: 2013-07-12 04:28:05
Restore point made on: 2013-07-15 04:24:03
Restore point made on: 2013-07-17 04:08:03
Restore point made on: 2013-07-18 04:19:49

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4060.8 MB
Available physical RAM: 3541.25 MB
Total Pagefile: 4059.08 MB
Available Pagefile: 3551.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.13 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:454.6 GB) (Free:391.58 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:1.92 GB) (Free:0.28 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.12 GB) (Free:7.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (ATTENTION: ===> MBR IS INFECTED. Use FixMbr command in Recovery Mode) (Size: 466 GB) (Disk ID: 8A427EA7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0E)

LastRegBack: 2013-07-03 06:21

==================== End Of Log ============================

 

 

thx

m



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:28 PM

Posted 18 July 2013 - 03:40 PM

We need to create a Windows 7 System Repair Disk. Note that this disk can only be used to access the Recovery Environment, not to reinstall Windows 7.

  • Press Windows Key + R, type recdisc.exe in the runbox and press enter.
  • If you get a UAC prompt, allow the application to run by clicking Yes. You will see the following:

    win7srd1.png

  • Make sure you have a blank CD or DVD in your CD/DVD drive and click Create disc. Note: If AutoPlay comes up, just close it.
  • When the System Repair Disk has been created, click Close and then OK. Your System Repair Disk is now ready for use.

 

Let me know when you have done this.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users