TechSpot

[Closed] Yep... Sirefef

By Dingus27
Aug 3, 2012
  1. Hi, all. Thanks a lot in advance for any help you can provide. It's hard to believe that there's such a great group of people willing to help out!

    My girlfriend's laptop (HP Pavilion dv7 running Windows 7 64-bit) is infected with Sirefef. Background: It's been acting wonky lately. Malwarebytes had been installed some time ago and found some things that we removed, but it currently says that everything's fine. I installed MSE on the recommendation of a friend and it found Sirefef. After telling it to remove it and reboot, I'm now getting the "reboot every 60 seconds" issue. I was able to get into MSE and disable real-time protection, and now at least I'm not getting the reboot notice.

    Here are logs from the "do 5 things" thread. Note that the GMER log was blank as it didn't find anything. I've disconnected it from the wireless network, so I'm shepherding files back and forth via USB drive (from my Mac :D ). Thanks again!


    MalwareBytes Log:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.03.02

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    regina :: REGINA-HP [administrator]

    8/2/2012 10:01:30 PM
    mbam-log-2012-08-02 (22-01-30).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 239172
    Time elapsed: 3 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    GMER Log:
    <Blank>



    DDS Logs:
    DDS.txt:
    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_32
    Run by regina at 22:15:13 on 2012-08-02
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2170 [GMT -7:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Users\regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\igfxtray.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\regina\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: mswsock.dll
    DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} - hxxp://www.umediaserver.net/bin/UMediaControl5.cab
    DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://webvpn.cci.edu/+CSCOL+/relayp.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://corinthian-colleges.webex.com/client/T27LC/webex/ieatgpc1.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A4DE6B2E-91DB-4E01-A234-DD80DC687C1C} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A4DE6B2E-91DB-4E01-A234-DD80DC687C1C}\0554544535 : DhcpNameServer = 10.128.128.128
    TCP: Interfaces\{A4DE6B2E-91DB-4E01-A234-DD80DC687C1C}\36F657E647279796E6E6F50363 : DhcpNameServer = 4.2.2.2 4.2.2.1
    TCP: Interfaces\{A4DE6B2E-91DB-4E01-A234-DD80DC687C1C}\7445B49405143535 : DhcpNameServer = 4.2.2.1
    TCP: Interfaces\{A4DE6B2E-91DB-4E01-A234-DD80DC687C1C}\C41646977237024427F69646 : DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{A4DE6B2E-91DB-4E01-A234-DD80DC687C1C}\E4544574541425 : DhcpNameServer = 206.13.29.12 206.13.30.12
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    LSA: Notification Packages = DPPassFilter scecli
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [(Default)]
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\regina\AppData\Roaming\Mozilla\Firefox\Profiles\hehpkzbv.default\
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
    FF - plugin: C:\Users\regina\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
    FF - Ext: Xinha Here!: {5B280457-4290-40c2-9441-EA647775F824} - %profile%\extensions\{5B280457-4290-40c2-9441-EA647775F824}
    FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-12 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-4 92216]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-16 2533400]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    SUnknown arqlsdmi;arqlsdmi; [x]
    SUnknown wzxdqqzj;wzxdqqzj; [x]
    .
    =============== Created Last 30 ================
    .
    2012-08-03 04:26:35328704----a-w-C:\Windows\System32\services.exe.3558A110160114A3
    2012-08-03 04:22:29328704----a-w-C:\Windows\System32\services.exe.4FC9A238A8C3D66A
    2012-08-03 04:21:2969000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3925D7F6-AFB6-4757-BDAE-038DBA9C93E6}\offreg.dll
    2012-08-03 04:18:49328704----a-w-C:\Windows\System32\services.exe.B613D7A70B5E8955
    2012-08-03 04:12:55328704----a-w-C:\Windows\System32\services.exe.64525735760F457B
    2012-08-03 04:08:58328704----a-w-C:\Windows\System32\services.exe.50DE19CCF77A9C2D
    2012-08-03 04:04:02927800----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{02F3FE50-E584-4C80-8A98-63D8D413158F}\gapaengine.dll
    2012-08-03 04:03:599133488----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3925D7F6-AFB6-4757-BDAE-038DBA9C93E6}\mpengine.dll
    2012-08-03 04:00:54--------d-----w-C:\Program Files (x86)\Microsoft Security Client
    2012-08-03 04:00:45--------d-----w-C:\Program Files\Microsoft Security Client
    2012-08-03 04:00:33374664----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-03 03:40:34--------d-----w-C:\Users\regina\AppData\Local\HuluDesktop
    2012-07-27 03:00:43--------d-----w-C:\Users\regina\AppData\Local\Macromedia
    2012-07-11 05:53:453147264----a-w-C:\Windows\System32\win32k.sys
    2012-07-09 01:29:57--------d-----w-C:\Windows\pss
    2012-07-08 18:27:16--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    .
    ==================== Find3M ====================
    .
    2012-08-03 04:29:56328704----a-w-C:\Windows\System32\services.exe
    2012-08-02 23:02:1370344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-02 23:02:13426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 20:46:4424904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-06-06 05:50:502003968----a-w-C:\Windows\System32\msxml6.dll
    2012-06-06 05:50:501880064----a-w-C:\Windows\System32\msxml3.dll
    2012-06-06 05:09:461389568----a-w-C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:09:461236992----a-w-C:\Windows\SysWow64\msxml3.dll
    2012-06-02 22:19:42186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-06-02 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:1236864----a-w-C:\Windows\System32\wuapp.exe
    2012-06-02 22:15:0899840----a-w-C:\Windows\System32\wudriver.dll
    2012-06-02 05:38:2695088----a-w-C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:38:24152432----a-w-C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:37:45459216----a-w-C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:27:02340992----a-w-C:\Windows\System32\schannel.dll
    2012-06-02 05:27:00307200----a-w-C:\Windows\System32\ncrypt.dll
    2012-06-02 04:48:3922016----a-w-C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:48:35225280----a-w-C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:47:31219136----a-w-C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:42:5196768----a-w-C:\Windows\SysWow64\sspicli.dll
    2012-05-25 04:27:44476960----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2012-05-25 04:27:44472864----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-05-15 03:56:591197568----a-w-C:\Windows\System32\wininet.dll
    2012-05-15 03:08:48981504----a-w-C:\Windows\SysWow64\wininet.dll
    .
    ============= FINISH: 22:16:45.69 ===============

    Attach.txt:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/27/2010 7:54:44 PM
    System Uptime: 8/2/2012 9:31:10 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 144B
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU | 2255/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 574 GiB total, 471.592 GiB free.
    D: is FIXED (NTFS) - 22 GiB total, 3.19 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 4500 G510n-z
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 4500 G510n-z
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP152: 6/14/2012 10:06:07 PM - Windows Update
    RP153: 6/19/2012 9:30:29 AM - Windows Update
    RP154: 6/26/2012 9:45:50 AM - Scheduled Checkpoint
    RP155: 7/3/2012 9:55:43 AM - Scheduled Checkpoint
    RP156: 7/10/2012 1:30:17 PM - Scheduled Checkpoint
    RP157: 7/10/2012 10:49:33 PM - Windows Update
    RP158: 7/19/2012 9:55:35 AM - Scheduled Checkpoint
    RP159: 7/26/2012 10:32:10 AM - Scheduled Checkpoint
    RP160: 8/2/2012 8:34:46 PM - Removed CinemaNow Media Manager.
    RP161: 8/2/2012 8:42:28 PM - Removed Rosetta Stone Version 3
    RP162: 8/2/2012 8:44:55 PM - Removed Norton Online Backup
    RP163: 8/2/2012 8:45:36 PM - Removed Times Reader
    RP164: 8/2/2012 9:00:18 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    4500_G510nz_Help
    4500G510nz
    4500G510nz_Software_Min
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.1 MUI
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    Atheros Driver Installation Program
    Bejeweled 2 Deluxe
    Bing Bar
    Blackhawk Striker 2
    BufferChm
    Build-a-lot 2
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Contents
    Corel PaintShop Photo Pro X3
    Corel VideoStudio Pro X3
    Curse Client
    CyberLink DVD Suite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    DeviceIO
    Diner Dash 2 Restaurant Rescue
    DocMgr
    DocProc
    Dora's Carnival Adventure
    Dropbox
    DVD Menu Pack for HP MediaSmart Video
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    FATE
    Fax
    Final Drive Nitro
    GoToMeeting 4.5.0.457
    GPBaseService2
    Heroes of Hellas 2 - Olympia
    HP Advisor
    HP Customer Experience Enhancements
    HP Documentation
    HP DVB-T TV Tuner 8.0.64.43
    HP Game Console
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Update
    HPDiagnosticAlert
    HPProductAssistant
    HPSSupply
    ICA
    IDT Audio
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    IPM_PSP_Pro
    IPM_VS_Pro
    ISCOM
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 32
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    oDesk Team
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PSPPContent
    PSPPRO_DCRAW
    PureHD
    PX Profile Update
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Roxio CinemaNow 2.0
    Safari
    Scan
    Secure Download Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Setup
    Share
    Skype├┤ 5.3
    SmartWebPrinting
    SolutionCenter
    Status
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VIO
    Virtual Families
    Virtual Villagers - The Secret City
    VSClassic
    VSPro
    WebEx
    WebReg
    Wheel of Fortune 2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    World of Warcraft
    Yahoo! Detect
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/2/2012 9:32:44 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    8/2/2012 9:32:05 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    8/2/2012 9:32:05 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    8/2/2012 9:31:39 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    8/2/2012 9:31:39 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    8/2/2012 9:31:38 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/2/2012 9:18:53 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x800706ba'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    8/2/2012 9:18:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    8/2/2012 8:21:28 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    8/2/2012 10:11:42 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    8/1/2012 8:35:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    7/31/2012 8:00:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user regina-HP\regina SID (S-1-5-21-1367924617-2707334312-1339739522-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/31/2012 8:00:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user regina-HP\regina SID (S-1-5-21-1367924617-2707334312-1339739522-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/30/2012 2:58:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user regina-HP\regina SID (S-1-5-21-1367924617-2707334312-1339739522-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/27/2012 3:09:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8008410080, 0xfffff80000ba2748, 0xfffffa80075db010). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072712-21200-01.
    .
    ==== End Of File ===========================
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
     
  3. Dingus27

    Dingus27 TS Rookie Topic Starter

    Thanks for your reply, DragonMasterJay! Here's the FRST.txt log from running FRST64:



    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 03-08-2012 07:56:44
    Running from H:\crap
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-12-12] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
    HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [414744 2010-06-21] (Intel Corporation)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-06-21] (Intel Corporation)
    HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-06-21] (Intel Corporation)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-06-21] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKU\Administrator\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\BigCheese\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\BigCheese\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
    HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
    HKU\regina\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\regina\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
    HKU\regina\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [625416 2010-04-23] (DigitalPersona, Inc.)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Lsa: [Notification Packages] DPPassFilter
    scecli
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\regina\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ======

    2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [445192 2010-04-23] (DigitalPersona, Inc.)
    2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2533400 2010-04-30] (Intel Corporation)

    ========================== Drivers (Whitelisted) =============

    3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [32880 2010-06-24] (Windows (R) Win 7 DDK provider)
    1 bdqktyeg; \??\C:\Windows\system32\drivers\bdqktyeg.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-03 07:56 - 2012-08-03 07:56 - 00000000 ____D C:\FRST
    2012-08-02 21:11 - 2012-08-02 21:09 - 00302592 ____A C:\Users\regina\Desktop\x5q3yzfm.exe
    2012-08-02 20:26 - 2012-08-02 20:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3558A110160114A3
    2012-08-02 20:22 - 2012-08-02 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FC9A238A8C3D66A
    2012-08-02 20:18 - 2012-08-02 20:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B613D7A70B5E8955
    2012-08-02 20:12 - 2012-08-02 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.64525735760F457B
    2012-08-02 20:08 - 2012-08-02 20:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50DE19CCF77A9C2D
    2012-08-02 20:01 - 2012-08-02 20:01 - 00744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-02 20:01 - 2012-08-02 20:01 - 00002154 ____A C:\Windows\epplauncher.mif
    2012-08-02 20:00 - 2012-08-02 20:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-02 20:00 - 2012-08-02 20:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-08-02 20:00 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-07-27 14:09 - 2012-07-27 14:09 - 01138312 ____A C:\Windows\Minidump\072712-21200-01.dmp
    2012-07-26 19:00 - 2012-07-26 19:00 - 00000000 ____D C:\Users\regina\AppData\Local\Macromedia
    2012-07-15 20:01 - 2012-07-15 20:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2012-07-10 21:53 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 15:49 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 15:49 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-10 15:49 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-10 15:49 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-10 15:49 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-10 15:49 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-10 15:49 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-10 15:49 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-10 15:49 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-10 15:49 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-10 15:49 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-10 15:49 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-10 15:49 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-10 15:49 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-10 15:49 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-08 18:04 - 2012-07-08 18:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
    2012-07-08 18:03 - 2012-07-08 18:04 - 00000000 ____D C:\users\Administrator
    2012-07-08 18:03 - 2012-07-08 18:03 - 00000020 __ASH C:\Users\Administrator\ntuser.ini
    2012-07-08 18:03 - 2011-11-01 21:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
    2012-07-08 18:03 - 2010-09-16 01:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
    2012-07-08 17:29 - 2012-07-08 17:33 - 00000000 ____D C:\Windows\pss
    2012-07-08 10:27 - 2012-07-08 10:27 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

    ============ 3 Months Modified Files ========================

    2012-08-03 06:53 - 2010-09-16 00:50 - 01663875 ____A C:\Windows\WindowsUpdate.log
    2012-08-03 06:53 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-03 06:53 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-03 06:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-03 06:50 - 2009-07-13 20:51 - 00100656 ____A C:\Windows\setupact.log
    2012-08-02 21:09 - 2012-08-02 21:11 - 00302592 ____A C:\Users\regina\Desktop\x5q3yzfm.exe
    2012-08-02 21:02 - 2012-04-01 09:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-02 20:29 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-08-02 20:26 - 2012-08-02 20:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3558A110160114A3
    2012-08-02 20:22 - 2012-08-02 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FC9A238A8C3D66A
    2012-08-02 20:18 - 2012-08-02 20:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B613D7A70B5E8955
    2012-08-02 20:12 - 2012-08-02 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.64525735760F457B
    2012-08-02 20:08 - 2012-08-02 20:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50DE19CCF77A9C2D
    2012-08-02 20:01 - 2012-08-02 20:01 - 00744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-02 20:01 - 2012-08-02 20:01 - 00002154 ____A C:\Windows\epplauncher.mif
    2012-08-02 19:47 - 2010-09-16 00:54 - 00444494 ____A C:\Windows\PFRO.log
    2012-08-02 15:02 - 2012-04-01 09:40 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-02 15:02 - 2011-05-16 08:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-31 16:42 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-27 14:09 - 2012-07-27 14:09 - 01138312 ____A C:\Windows\Minidump\072712-21200-01.dmp
    2012-07-27 14:09 - 2011-02-08 19:48 - 546362358 ____A C:\Windows\MEMORY.DMP
    2012-07-11 14:58 - 2009-07-13 20:45 - 00473424 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-10 21:51 - 2010-11-29 08:11 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-10 21:04 - 2011-01-16 15:36 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForregina.job
    2012-07-08 18:03 - 2012-07-08 18:03 - 00000020 __ASH C:\Users\Administrator\ntuser.ini
    2012-07-03 12:46 - 2012-05-24 20:45 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-16 21:13 - 2012-06-16 21:13 - 00231333 ____A C:\Users\regina\Desktop\Schedule of Classes.mht
    2012-06-14 08:31 - 2012-06-14 08:31 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-11 19:02 - 2012-07-10 21:53 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:30 - 2012-07-10 15:49 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:46 - 2012-07-10 15:49 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 21:50 - 2012-07-10 15:49 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 21:50 - 2012-07-10 15:49 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 21:09 - 2012-07-10 15:49 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:09 - 2012-07-10 15:49 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-02 14:19 - 2012-06-19 08:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 08:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 08:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 08:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 08:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:19 - 2012-06-19 08:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:15 - 2012-06-19 08:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-19 08:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-19 08:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:38 - 2012-07-10 15:49 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:38 - 2012-07-10 15:49 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:37 - 2012-07-10 15:49 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:27 - 2012-07-10 15:49 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:27 - 2012-07-10 15:49 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:48 - 2012-07-10 15:49 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:48 - 2012-07-10 15:49 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:47 - 2012-07-10 15:49 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:42 - 2012-07-10 15:49 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-24 21:05 - 2012-05-24 21:05 - 00000016 ____H C:\Users\regina\Documents\SyncToy_a61a4ad1-a670-4513-a2b1-3b7229a47a12.dat
    2012-05-24 21:00 - 2012-05-24 21:00 - 00001041 ____A C:\Users\regina\Desktop\Dropbox.lnk
    2012-05-24 20:27 - 2012-05-24 20:27 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-05-24 20:27 - 2011-12-01 12:42 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-05-24 20:27 - 2011-12-01 12:42 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-05-24 20:27 - 2011-12-01 12:42 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-05-24 20:27 - 2010-07-20 00:49 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-24 20:25 - 2010-11-29 08:23 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-05-17 11:57 - 2010-12-20 18:38 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-05-17 11:56 - 2012-05-17 11:56 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-05-14 19:56 - 2012-06-14 08:16 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:52 - 2012-06-14 08:16 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:08 - 2012-06-14 08:16 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:06 - 2012-06-14 08:16 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-11 21:23 - 2012-05-11 21:22 - 16339280 ____A (Mozilla) C:\Users\regina\Downloads\Firefox Setup 12.0.exe


    ZeroAccess:
    C:\Windows\Installer\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}
    C:\Windows\Installer\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\U

    ZeroAccess:
    C:\Users\regina\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}
    C:\Users\regina\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\@
    C:\Users\regina\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\L
    C:\Users\regina\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\U
    C:\Users\regina\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\L\00000004.@
    C:\Users\regina\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\L\1afb2d56
    C:\Users\regina\AppData\Local\{9130e9fb-2f96-dc46-5f2b-1b817a456ea1}\U\00000008.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 19%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 3150.86 MB
    Total Pagefile: 3892.01 MB
    Available Pagefile: 3141.81 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:573.98 GB) (Free:471.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:21.89 GB) (Free:3.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive h: () (Removable) (Total:1.87 GB) (Free:1.32 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 1911 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 573 GB 200 MB
    Partition 3 Primary 21 GB 574 GB
    Partition 4 Primary 103 MB 596 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 573 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 21 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1911 MB 8 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT Removable 1911 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-29 10:32

    ======================= End Of Log ==========================
     
  4. Dingus27

    Dingus27 TS Rookie Topic Starter

    This thread can be closed. My GF really needs her computer this weekend for work, so I just backed up her documents to USB and am reinstalling windows. Thanks in any case!
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    =>Closed. :(
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...