TechSpot

Hi, I had the Live Security Platinum virus

Solved
By Kellie Resetar
Sep 15, 2012
  1. Before I saw this forum, I had run SuperAntiSpyware which allowed my PC to become useable again. I then uninstalled MSE which was no longer working and reinstalled it and ran a full scan which looked like it had cleaned everything. Was able to get services for Windows Update and Virus Update rerunning but now my Windows Firewall still won't turn on - haven't noticed any other issues.

    Yesterday I started following the virus removal instructions here and the logs are posted below. My MSE reran in the meantime and found another issue so I've also included that at the end of this post.

    Malwarebytes Log:
    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.09.14.06
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kellie :: KELLIE-PC [administrator]
    9/14/2012 4:35:40 PM
    mbam-log-2012-09-14 (16-35-40).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 247640
    Time elapsed: 7 minute(s), 19 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 1
    C:\Users\Kellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
    Files Detected: 2
    C:\Users\Kellie\AppData\Local\Temp\tsft.exe (Adware.Agent.K) -> Quarantined and deleted successfully.
    C:\Users\Kellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
    (end)

    GMER Log: Nothing was found

    DDS.Txt:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Kellie at 7:31:21 on 2012-09-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2092 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\ProgramData\ActivePath\ActiveMail\UpdateClient.exe
    C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Kellie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\StikyNot.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Video Web Camera\traybar.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Users\Kellie\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uSearch Bar = Preserve
    mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = proxy_name:8080
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: ActiveMail: {ef7aed5f-0c26-4820-a570-7da8b6d93f4a} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [PCShowServer] C:\Users\Kellie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    Trusted Zone: ameritrade.com\wwws
    Trusted Zone: intuit.com\ttlc
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\0544D43402341464544554259414 : DhcpNameServer = 4.2.2.2 192.168.1.254 192.168.2.1
    TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\07164747562737F6E623 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\1447C616E6471602F457470716479656E647 : DhcpNameServer = 192.168.27.1
    TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\27F6F6D6C696E687 : DhcpNameServer = 64.89.70.2 64.89.74.2
    TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\34275616475727560234F6D666F6274737 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\34C61637379636F23557261627570234573747F6D656270275946494 : DhcpNameServer = 192.168.0.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO-X64: ActiveMail: {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll
    BHO-X64: ActiveMail - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kellie\AppData\Roaming\Mozilla\Firefox\Profiles\48adz0vn.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Kellie\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
    FF - plugin: C:\Users\Kellie\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-15 321104]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-3-14 868896]
    R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-15 13336]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-15 2320920]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-11-15 243232]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250568]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-30 113120]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-15 11:27:46 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0B6E400-3A3A-4172-A3F6-C20B873E27C7}\mpengine.dll
    2012-09-14 20:35:18 -------- d-----w- C:\Users\Kellie\AppData\Roaming\Malwarebytes
    2012-09-14 20:35:05 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-14 20:35:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-14 20:35:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-14 12:41:57 -------- d-----w- C:\Users\Kellie\AppData\Local\{504475F9-DA32-42AA-A95C-2D18D2C64CE6}
    2012-09-14 11:58:10 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-14 11:57:52 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-09-14 11:57:52 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-09-14 00:40:52 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-13 17:14:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82831D0D-4E57-43F7-93A7-B82ECC7D7DF1}\gapaengine.dll
    2012-09-13 17:13:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-09-13 17:13:08 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-09-13 13:15:02 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-09-13 13:12:13 -------- d-----w- C:\ProgramData\7531CC9202C75886D6CFC216F875F002
    2012-09-13 11:27:19 -------- d-----w- C:\Users\Kellie\AppData\Local\{712604E2-B68F-499C-8043-EDD39F515764}
    2012-09-12 15:04:39 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 15:04:39 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 15:04:39 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 15:04:39 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 15:04:38 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 15:04:38 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-12 15:04:38 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-12 11:22:09 -------- d-----w- C:\Users\Kellie\AppData\Local\{27F2B198-BF96-4147-B113-E02D9A6439B8}
    2012-09-11 12:39:39 -------- d-----w- C:\Users\Kellie\AppData\Local\{537208BB-3988-404B-8CEC-01F97950503A}
    2012-09-11 00:39:04 -------- d-----w- C:\Users\Kellie\AppData\Local\{DABBD7CA-267E-49D4-BDE7-ADB5E719C990}
    2012-09-10 11:18:29 -------- d-----w- C:\Users\Kellie\AppData\Local\{67FBBA47-15E8-4857-8700-E90636810ABE}
    2012-09-08 11:54:21 -------- d-----w- C:\Users\Kellie\AppData\Local\{5F169BC9-B1DA-4467-B9AC-4B146F51AB03}
    2012-09-07 10:41:51 -------- d-----w- C:\Users\Kellie\AppData\Local\{5D716406-0B9F-4783-9AD1-E646399B793A}
    2012-09-06 10:54:32 -------- d-----w- C:\Users\Kellie\AppData\Local\{259111C6-9697-4158-B71B-EE48915AF83B}
    2012-09-05 22:52:54 -------- d-----w- C:\Users\Kellie\AppData\Local\{7BCCBFB1-71E7-4B46-BA7F-D24D8666DFA3}
    2012-09-05 10:52:18 -------- d-----w- C:\Users\Kellie\AppData\Local\{0B77C6BB-7992-4508-B59F-BE3BCE7E8AF6}
    2012-09-04 11:24:03 -------- d-----w- C:\Users\Kellie\AppData\Local\{8B71B99B-FBF3-4D6E-A182-CEE0F88184AB}
    2012-09-03 18:55:48 -------- d-----w- C:\Users\Kellie\AppData\Local\{FB5F4F25-AFE4-4C18-9E32-A987B2CEC40C}
    2012-09-02 13:00:49 -------- d-----w- C:\Users\Kellie\AppData\Local\{60C1F5B6-0D52-4E83-A240-09576B98D50E}
    2012-09-01 11:11:43 -------- d-----w- C:\Users\Kellie\AppData\Local\{5E38E7F8-0D40-4A95-BFCB-D7C47F03676C}
    2012-08-31 10:25:27 -------- d-----w- C:\Users\Kellie\AppData\Local\{107E23D5-B451-4E02-8077-2DB780EBF8FB}
    2012-08-30 14:20:58 -------- d-----w- C:\Users\Kellie\AppData\Local\{1782E3FE-6E91-46F0-95B3-47E4A141E187}
    2012-08-29 23:47:13 -------- d-----w- C:\Users\Kellie\AppData\Local\{A71A3060-275B-4AA0-9AD5-B25546CC3056}
    2012-08-29 11:01:43 -------- d-----w- C:\Users\Kellie\AppData\Local\{C1B4A26C-DCCF-4D5F-A368-6C0B5D506F83}
    2012-08-28 12:04:32 -------- d-----w- C:\Users\Kellie\AppData\Local\{F2DA06DE-4DC3-476E-90DA-0F765EE315BB}
    2012-08-27 13:27:12 -------- d-----w- C:\Users\Kellie\AppData\Local\{1ADF3078-DD36-417D-8186-49204C8EE135}
    2012-08-27 01:26:37 -------- d-----w- C:\Users\Kellie\AppData\Local\{23441D3E-DEE3-4C83-9711-F6E334F9A38E}
    2012-08-26 12:22:10 -------- d-----w- C:\Users\Kellie\AppData\Local\{D05004D1-DB12-439A-B683-0EBBFEC4E483}
    2012-08-26 00:16:37 -------- d-----w- C:\Users\Kellie\AppData\Local\{AA64046D-23F3-4C13-B72A-76F6F6ADA301}
    2012-08-25 10:45:37 -------- d-----w- C:\Users\Kellie\AppData\Local\{A36EAEC6-A51B-4C24-9EC6-32AEA5F5184C}
    2012-08-24 11:07:07 -------- d-----w- C:\Users\Kellie\AppData\Local\{E7A0CA10-7308-45F2-9D93-73B5B8EEFF25}
    2012-08-23 15:54:35 -------- d-----w- C:\Program Files\CCleaner
    2012-08-23 12:42:39 -------- d-----w- C:\Users\Kellie\AppData\Local\{CA888684-9D18-44EB-9565-6D37F07A7787}
    2012-08-23 00:42:02 -------- d-----w- C:\Users\Kellie\AppData\Local\{7050B1A7-2E28-4095-9883-804D4C9FE3CD}
    2012-08-22 10:20:41 -------- d-----w- C:\Users\Kellie\AppData\Local\{8A612F32-D57C-428F-998E-6D91BE2B01C4}
    2012-08-21 13:04:10 -------- d-----w- C:\Users\Kellie\AppData\Local\{196A0DF7-195C-4838-B06A-356A9322C27C}
    2012-08-21 00:20:01 -------- d-----w- C:\Users\Kellie\AppData\Local\{95EACD01-5657-46A0-8423-AD32225CEA13}
    2012-08-20 10:50:44 -------- d-----w- C:\Users\Kellie\AppData\Local\{9AE0C2B4-0F4C-4913-A959-05D89BA3A5FB}
    2012-08-19 12:08:07 -------- d-----w- C:\Users\Kellie\AppData\Local\{333E96D9-C35E-4FE3-9CFE-A5B6B0E77994}
    2012-08-18 11:24:15 -------- d-----w- C:\Users\Kellie\AppData\Local\{9D37CDF9-C62A-4DDF-8654-C05EC826F11F}
    2012-08-17 12:36:45 -------- d-----w- C:\Users\Kellie\AppData\Local\ElevatedDiagnostics
    2012-08-17 11:44:21 -------- d-----w- C:\Users\Kellie\AppData\Local\{68043674-7AA5-432D-877D-DE1434CB0A84}
    2012-08-17 11:43:59 -------- d-----w- C:\Users\Kellie\AppData\Local\{DE1A0A84-14B3-46C4-9F6B-6EB7184C8D0C}
    2012-08-16 23:43:33 -------- d-----w- C:\Users\Kellie\AppData\Local\{4D090A5A-FA28-4F75-97D3-6572A40E72A8}
    2012-08-16 23:43:22 -------- d-----w- C:\Users\Kellie\AppData\Local\{77939F90-2A1C-44EF-BF54-033D94DB162E}
    .
    ==================== Find3M ====================
    .
    2012-09-14 00:40:47 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-14 00:40:47 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-23 11:12:48 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-23 11:12:48 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 7:32:18.07 ===============
     
  2. Kellie Resetar

    Kellie Resetar TS Rookie Topic Starter

    Attach.txt:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/28/2011 4:43:42 AM
    System Uptime: 9/15/2012 6:05:55 AM (1 hours ago)
    .
    Motherboard: Gateway | | NV55C
    Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU | 1173/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 383.044 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP154: 8/29/2012 7:52:57 PM - Windows Update
    RP155: 9/3/2012 2:53:03 PM - Windows Update
    RP156: 9/7/2012 6:52:47 AM - Windows Update
    RP157: 9/11/2012 7:14:21 AM - Windows Update
    RP158: 9/12/2012 1:33:21 PM - Windows Update
    RP159: 9/13/2012 4:59:35 PM - Installed Microsoft Fix it 50123
    RP160: 9/13/2012 5:01:42 PM - Installed Microsoft Fix it 50123
    RP161: 9/13/2012 5:08:43 PM - Installed Microsoft Fix it 50123
    RP162: 9/13/2012 8:09:44 PM - Installed Microsoft Fix it 50123
    RP163: 9/13/2012 8:40:08 PM - Installed Java 7 Update 7
    RP164: 9/13/2012 8:54:56 PM - Installed Microsoft Fix it 50123
    RP165: 9/13/2012 9:49:19 PM - Installed Microsoft Fix it 50123
    RP166: 9/14/2012 7:34:23 AM - Installed Microsoft Fix it 50123
    RP167: 9/14/2012 7:52:20 AM - Windows Update
    RP168: 9/14/2012 7:57:54 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    18 Wheels of Steel - American Long Haul
    Acrobat.com
    ActiveMail
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Advertising Center
    Agatha Christie - Death on the Nile
    Amazon Kindle
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    Backup Manager Basic
    Bejeweled 2 Deluxe
    Bing Desktop
    Blackhawk Striker 2
    Build-a-lot 2
    Chuzzle Deluxe
    CyberLink PowerDVD 9
    D3DX10
    Diner Dash 2 Restaurant Rescue
    DIRECTV Player
    Dora's Carnival Adventure
    eBay Worldwide
    FATE
    Gateway Games
    Gateway InfoCentre
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Social Networks
    Gateway Updater
    GIMP 2.6.11
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPL Ghostscript Lite 9.04
    H&R Block Deluxe + Efile + State 2009
    H&R Block Deluxe + Efile + State 2011
    H&R Block Georgia 2009
    H&R Block Georgia 2011
    Identity Card
    ImagXpress
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java 7 Update 7
    Java Auto Updater
    JavaFX 2.1.1
    Jewel Quest - Heritage
    Jewel Quest Solitaire 2
    John Deere Drive Green
    Junk Mail filter update
    Launch Manager
    Malwarebytes Anti-Malware version 1.65.0.1400
    Mesh Runtime
    Microsoft Money Plus
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9 Essentials
    Nero ControlCenter
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    NOOK for PC
    Pdf995 (installed by TaxCut)
    PdfEdit995 (installed by TaxCut)
    Penguins!
    Picasa 3
    Plants vs. Zombies
    Polar Bowler
    Polar Golfer
    Quicken 2011
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.10
    TaxCut Premium + State 2007
    Times Reader
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2010
    TurboTax 2010 wgaiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    Video Web Camera
    Virtual Villagers 4 - The Tree of Life
    Welcome Center
    WildTangent Games App (Gateway Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/8/2012 6:47:04 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
    9/8/2012 6:47:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    9/15/2012 7:30:08 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    9/15/2012 7:30:08 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    9/15/2012 7:29:18 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    9/13/2012 9:43:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 9:43:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 9:19:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    9/13/2012 9:19:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    9/13/2012 9:19:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    9/13/2012 8:54:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Kellie-PC\Admin SID (S-1-5-21-2248584434-4130743615-47422387-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    9/13/2012 8:18:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 8:18:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 7:34:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 7:34:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 5:01:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 5:01:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 4:57:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 4:57:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 4:56:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 4:56:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/13/2012 4:51:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/13/2012 4:48:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/13/2012 4:48:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/13/2012 4:47:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/13/2012 4:43:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/13/2012 4:40:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/13/2012 2:42:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/13/2012 2:35:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    9/13/2012 2:24:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 2:19:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 2:14:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 2:09:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 2:04:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 1:59:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 1:54:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 1:49:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 1:44:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 1:39:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 1:34:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 1:29:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 1:24:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 1:19:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/13/2012 1:15:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/13/2012 1:15:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/13/2012 1:15:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/13/2012 1:15:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/13/2012 1:15:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/13/2012 1:14:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/13/2012 1:13:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/13/2012 1:07:48 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    9/13/2012 1:07:48 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    .
    ==== End Of File ===========================
    MSE Results : TrojanDownloader:Win32/Karagany.I (I quarantined this and stopped the scan once I saw that it was running because of the instructions here about not running anything else once I start this process) but not sure if I should have just let it finish?
     
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  4. Kellie Resetar

    Kellie Resetar TS Rookie Topic Starter

    Hi Jay - Thank you for your help.

    Here's logs from last step:

    FRST.Txt:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2012 03
    Ran by SYSTEM at 15-09-2012 12:42:05
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
    HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-04-12] (ELAN Microelectronic Corp.)
    HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
    HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
    HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [258304 2010-06-28] (NewTech Infosystems, Inc.)
    HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
    HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [600688 2010-10-22] (Chicony)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
    HKU\Admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-10] (Google Inc.)
    HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-07-29] ()
    HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-07-29] ()
    HKU\Kellie\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-08] (SUPERAntiSpyware.com)
    HKU\Kellie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-10] (Google Inc.)
    HKU\Kellie\...\Run: [PCShowServer] C:\Users\Kellie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [351888 2012-03-01] (NDS Technologies)
    HKU\Kellie\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    AppInit_DLLs:
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\n. ATTENTION! ====> ZeroAccess
    ==================== Services (Whitelisted) ===================
    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-09-08] (SUPERAntiSpyware.com)
    2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    ==================== Drivers (Whitelisted) =====================
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-09-15 08:02 - 2012-09-15 08:02 - 01454171 ____A (Farbar) C:\Users\Kellie\Downloads\FRST64.exe
    2012-09-15 03:30 - 2012-09-15 03:30 - 00607260 ____R (Swearware) C:\Users\Kellie\Downloads\dds.com
    2012-09-14 13:44 - 2012-09-14 13:44 - 00302592 ____A C:\Users\Kellie\Downloads\qxxg0fqw.exe
    2012-09-14 12:46 - 2012-09-14 12:46 - 00001040 ____A C:\Windows\PFRO.log
    2012-09-14 12:35 - 2012-09-14 12:35 - 00001076 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-14 12:35 - 2012-09-14 12:35 - 00000000 ____D C:\Users\Kellie\AppData\Roaming\Malwarebytes
    2012-09-14 12:35 - 2012-09-14 12:35 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-14 12:35 - 2012-09-14 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-14 12:35 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-14 12:33 - 2012-09-14 12:34 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Kellie\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-14 04:41 - 2012-09-14 04:42 - 00000000 ____D C:\Users\Kellie\AppData\Local\{504475F9-DA32-42AA-A95C-2D18D2C64CE6}
    2012-09-14 04:05 - 2012-09-14 04:05 - 00000000 ____D C:\Users\All Users\Intel
    2012-09-14 03:57 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-09-14 03:57 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-09-14 03:53 - 2012-09-14 03:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
    2012-09-14 03:27 - 2012-09-14 03:29 - 00036210 ____A C:\Users\Admin\Desktop\sfcdetails.txt
    2012-09-13 16:43 - 2012-09-13 16:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Bullzip
    2012-09-13 16:43 - 2012-09-13 16:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
    2012-09-13 16:40 - 2012-09-13 16:40 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-09-13 16:40 - 2012-09-13 16:40 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-13 16:40 - 2012-09-13 16:40 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-13 16:40 - 2012-09-13 16:40 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-13 16:40 - 2012-09-13 16:40 - 00000000 ____D C:\Program Files (x86)\Java
    2012-09-13 15:57 - 2012-08-30 20:12 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-09-13 15:35 - 2012-09-13 15:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Google
    2012-09-13 15:35 - 2012-09-13 15:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
    2012-09-13 15:29 - 2012-09-13 15:29 - 00073232 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2012-09-13 15:25 - 2012-09-13 16:29 - 00000530 ____A C:\Windows\DtcInstall.log
    2012-09-13 09:13 - 2012-09-13 09:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-09-13 09:13 - 2012-09-13 09:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-09-13 09:12 - 2012-09-13 09:12 - 12621696 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (4).exe
    2012-09-13 09:09 - 2012-09-13 09:09 - 12621696 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (3).exe
    2012-09-13 09:08 - 2012-09-13 09:09 - 10288512 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (2).exe
    2012-09-13 09:07 - 2012-09-15 08:36 - 00000728 ____A C:\Windows\setupact.log
    2012-09-13 09:07 - 2012-09-13 09:07 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-13 09:03 - 2012-09-13 09:04 - 00004322 ____A C:\Users\Kellie\Documents\cc_20120913_130357.reg
    2012-09-13 09:03 - 2012-09-13 09:03 - 00004032 ____A C:\Users\Kellie\Documents\cc_20120913_130314.reg
    2012-09-13 08:55 - 2012-09-13 08:56 - 03927560 ____A (Piriform Ltd) C:\Users\Kellie\Downloads\ccsetup322.exe
    2012-09-13 05:44 - 2012-09-13 05:44 - 10288512 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (1).exe
    2012-09-13 05:15 - 2012-09-13 05:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-09-13 05:12 - 2012-09-13 05:37 - 00000000 ____D C:\Users\All Users\7531CC9202C75886D6CFC216F875F002
    2012-09-13 04:54 - 2012-09-14 04:45 - 00008335 ____A C:\Users\Kellie\Documents\Bath Design Stores.xlsx
    2012-09-13 03:27 - 2012-09-13 03:27 - 00000000 ____D C:\Users\Kellie\AppData\Local\{712604E2-B68F-499C-8043-EDD39F515764}
    2012-09-12 09:15 - 2012-09-12 09:15 - 00010130 ____A C:\Users\Kellie\.recently-used.xbel
    2012-09-12 07:04 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-12 07:04 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-09-12 07:04 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-09-12 07:04 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-09-12 07:04 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-09-12 07:04 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-09-12 07:04 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-09-12 03:22 - 2012-09-12 03:22 - 00000000 ____D C:\Users\Kellie\AppData\Local\{27F2B198-BF96-4147-B113-E02D9A6439B8}
    2012-09-11 04:39 - 2012-09-11 04:40 - 00000000 ____D C:\Users\Kellie\AppData\Local\{537208BB-3988-404B-8CEC-01F97950503A}
    2012-09-11 04:39 - 2012-09-11 04:39 - 00038400 ____A C:\Users\Kellie\Documents\Avaya Passworrds.xls
    2012-09-10 16:39 - 2012-09-10 16:39 - 00000000 ____D C:\Users\Kellie\AppData\Local\{DABBD7CA-267E-49D4-BDE7-ADB5E719C990}
    2012-09-10 03:18 - 2012-09-10 03:18 - 00000000 ____D C:\Users\Kellie\AppData\Local\{67FBBA47-15E8-4857-8700-E90636810ABE}
    2012-09-08 09:15 - 2012-09-08 09:23 - 00009818 ____A C:\Users\Rob\Documents\Golf club values.xlsx
    2012-09-08 03:54 - 2012-09-08 03:54 - 00000000 ____D C:\Users\Kellie\AppData\Local\{5F169BC9-B1DA-4467-B9AC-4B146F51AB03}
    2012-09-07 02:41 - 2012-09-07 02:42 - 00000000 ____D C:\Users\Kellie\AppData\Local\{5D716406-0B9F-4783-9AD1-E646399B793A}
    2012-09-06 02:54 - 2012-09-06 02:54 - 00000000 ____D C:\Users\Kellie\AppData\Local\{259111C6-9697-4158-B71B-EE48915AF83B}
    2012-09-05 14:52 - 2012-09-05 14:53 - 00000000 ____D C:\Users\Kellie\AppData\Local\{7BCCBFB1-71E7-4B46-BA7F-D24D8666DFA3}
    2012-09-05 02:52 - 2012-09-05 02:52 - 00000000 ____D C:\Users\Kellie\AppData\Local\{0B77C6BB-7992-4508-B59F-BE3BCE7E8AF6}
    2012-09-04 03:24 - 2012-09-04 03:24 - 00000000 ____D C:\Users\Kellie\AppData\Local\{8B71B99B-FBF3-4D6E-A182-CEE0F88184AB}
    2012-09-03 10:55 - 2012-09-03 10:56 - 00000000 ____D C:\Users\Kellie\AppData\Local\{FB5F4F25-AFE4-4C18-9E32-A987B2CEC40C}
    2012-09-03 10:42 - 2012-09-15 08:35 - 00000350 ____A C:\Windows\Tasks\ActiveMail Chrome Watcher.job
    2012-09-02 05:00 - 2012-09-02 05:01 - 00000000 ____D C:\Users\Kellie\AppData\Local\{60C1F5B6-0D52-4E83-A240-09576B98D50E}
    2012-09-01 03:11 - 2012-09-01 03:11 - 00000000 ____D C:\Users\Kellie\AppData\Local\{5E38E7F8-0D40-4A95-BFCB-D7C47F03676C}
    2012-08-31 02:25 - 2012-08-31 02:25 - 00000000 ____D C:\Users\Kellie\AppData\Local\{107E23D5-B451-4E02-8077-2DB780EBF8FB}
    2012-08-30 06:20 - 2012-08-30 06:21 - 00000000 ____D C:\Users\Kellie\AppData\Local\{1782E3FE-6E91-46F0-95B3-47E4A141E187}
    2012-08-29 15:47 - 2012-08-29 15:47 - 00000000 ____D C:\Users\Kellie\AppData\Local\{A71A3060-275B-4AA0-9AD5-B25546CC3056}
    2012-08-29 03:01 - 2012-08-29 03:02 - 00000000 ____D C:\Users\Kellie\AppData\Local\{C1B4A26C-DCCF-4D5F-A368-6C0B5D506F83}
    2012-08-28 04:04 - 2012-08-28 04:04 - 00000000 ____D C:\Users\Kellie\AppData\Local\{F2DA06DE-4DC3-476E-90DA-0F765EE315BB}
    2012-08-27 05:27 - 2012-08-27 05:27 - 00000000 ____D C:\Users\Kellie\AppData\Local\{1ADF3078-DD36-417D-8186-49204C8EE135}
    2012-08-26 17:26 - 2012-08-26 17:26 - 00000000 ____D C:\Users\Kellie\AppData\Local\{23441D3E-DEE3-4C83-9711-F6E334F9A38E}
    2012-08-26 04:22 - 2012-08-26 04:22 - 00000000 ____D C:\Users\Kellie\AppData\Local\{D05004D1-DB12-439A-B683-0EBBFEC4E483}
    2012-08-25 16:16 - 2012-08-25 16:16 - 00000000 ____D C:\Users\Kellie\AppData\Local\{AA64046D-23F3-4C13-B72A-76F6F6ADA301}
    2012-08-25 02:45 - 2012-08-25 02:45 - 00000000 ____D C:\Users\Kellie\AppData\Local\{A36EAEC6-A51B-4C24-9EC6-32AEA5F5184C}
    2012-08-24 04:57 - 2012-08-24 04:57 - 00151341 ____A C:\Users\Kellie\Downloads\U969117_201112_201112.xls
    2012-08-24 04:57 - 2012-08-24 04:57 - 00066310 ____A C:\Users\Kellie\Downloads\U969117_201105_201105.xls
    2012-08-24 04:53 - 2012-08-24 04:53 - 00113730 ____A C:\Users\Kellie\Downloads\U969117_201104_201104.xls
    2012-08-24 03:07 - 2012-08-24 03:07 - 00000000 ____D C:\Users\Kellie\AppData\Local\{E7A0CA10-7308-45F2-9D93-73B5B8EEFF25}
    2012-08-23 08:06 - 2012-08-23 08:08 - 00082306 ____A C:\Users\Kellie\Documents\cc_20120823_120650.reg
    2012-08-23 07:54 - 2012-09-13 08:56 - 00000829 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-08-23 07:54 - 2012-09-13 08:56 - 00000000 ____D C:\Program Files\CCleaner
    2012-08-23 07:52 - 2012-08-23 07:53 - 03907920 ____A (Piriform Ltd) C:\Users\Kellie\Downloads\ccsetup321.exe
    2012-08-23 04:42 - 2012-08-23 04:43 - 00000000 ____D C:\Users\Kellie\AppData\Local\{CA888684-9D18-44EB-9565-6D37F07A7787}
    2012-08-23 03:14 - 2012-09-05 02:47 - 00002307 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-08-22 16:42 - 2012-08-22 16:42 - 00000000 ____D C:\Users\Kellie\AppData\Local\{7050B1A7-2E28-4095-9883-804D4C9FE3CD}
    2012-08-22 02:20 - 2012-08-22 02:21 - 00000000 ____D C:\Users\Kellie\AppData\Local\{8A612F32-D57C-428F-998E-6D91BE2B01C4}
    2012-08-21 05:04 - 2012-08-21 05:04 - 00000000 ____D C:\Users\Kellie\AppData\Local\{196A0DF7-195C-4838-B06A-356A9322C27C}
    2012-08-20 16:20 - 2012-08-20 16:20 - 00000000 ____D C:\Users\Kellie\AppData\Local\{95EACD01-5657-46A0-8423-AD32225CEA13}
    2012-08-20 02:50 - 2012-08-20 02:51 - 00000000 ____D C:\Users\Kellie\AppData\Local\{9AE0C2B4-0F4C-4913-A959-05D89BA3A5FB}
    2012-08-19 04:08 - 2012-08-19 04:08 - 00000000 ____D C:\Users\Kellie\AppData\Local\{333E96D9-C35E-4FE3-9CFE-A5B6B0E77994}
    2012-08-18 03:24 - 2012-08-18 03:24 - 00000000 ____D C:\Users\Kellie\AppData\Local\{9D37CDF9-C62A-4DDF-8654-C05EC826F11F}
    2012-08-17 03:44 - 2012-08-17 03:44 - 00000000 ____D C:\Users\Kellie\AppData\Local\{68043674-7AA5-432D-877D-DE1434CB0A84}
    2012-08-17 03:43 - 2012-08-17 03:44 - 00000000 ____D C:\Users\Kellie\AppData\Local\{DE1A0A84-14B3-46C4-9F6B-6EB7184C8D0C}
    2012-08-16 15:43 - 2012-08-16 15:43 - 00000000 ____D C:\Users\Kellie\AppData\Local\{77939F90-2A1C-44EF-BF54-033D94DB162E}
    2012-08-16 15:43 - 2012-08-16 15:43 - 00000000 ____D C:\Users\Kellie\AppData\Local\{4D090A5A-FA28-4F75-97D3-6572A40E72A8}
    2012-08-16 03:13 - 2012-08-16 03:13 - 00000000 ____D C:\Users\Kellie\AppData\Local\{97F94A94-C8BF-4EE3-8BF3-A42F281CEA85}
    2012-08-16 03:13 - 2012-08-16 03:13 - 00000000 ____D C:\Users\Kellie\AppData\Local\{3EA1221A-75D3-4374-B050-E3A8C4CB7F54}

    ==================== 3 Months Modified Files ==================
    2012-09-15 08:36 - 2012-09-13 09:07 - 00000728 ____A C:\Windows\setupact.log
    2012-09-15 08:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-15 08:35 - 2012-09-03 10:42 - 00000350 ____A C:\Windows\Tasks\ActiveMail Chrome Watcher.job
    2012-09-15 08:32 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-15 08:28 - 2011-12-10 13:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-15 08:28 - 2011-03-13 22:34 - 01090668 ____A C:\Windows\WindowsUpdate.log
    2012-09-15 08:02 - 2012-09-15 08:02 - 01454171 ____A (Farbar) C:\Users\Kellie\Downloads\FRST64.exe
    2012-09-15 07:55 - 2012-04-04 02:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-15 04:35 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-15 04:35 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-15 04:35 - 2007-11-22 18:37 - 00023468 ____A C:\Users\Public\Documents\Address File.xlsx
    2012-09-15 04:27 - 2011-12-10 13:50 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-15 03:30 - 2012-09-15 03:30 - 00607260 ____R (Swearware) C:\Users\Kellie\Downloads\dds.com
    2012-09-15 03:17 - 2012-07-30 06:01 - 00000332 ____A C:\Windows\Tasks\ActiveMail Updater.job
    2012-09-14 13:44 - 2012-09-14 13:44 - 00302592 ____A C:\Users\Kellie\Downloads\qxxg0fqw.exe
    2012-09-14 12:46 - 2012-09-14 12:46 - 00001040 ____A C:\Windows\PFRO.log
    2012-09-14 12:35 - 2012-09-14 12:35 - 00001076 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-14 12:34 - 2012-09-14 12:33 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Kellie\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-14 04:45 - 2012-09-13 04:54 - 00008335 ____A C:\Users\Kellie\Documents\Bath Design Stores.xlsx
    2012-09-14 03:29 - 2012-09-14 03:27 - 00036210 ____A C:\Users\Admin\Desktop\sfcdetails.txt
    2012-09-13 16:40 - 2012-09-13 16:40 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-09-13 16:40 - 2012-09-13 16:40 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-13 16:40 - 2012-09-13 16:40 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-13 16:40 - 2012-09-13 16:40 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-13 16:40 - 2012-06-06 16:44 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-09-13 16:40 - 2012-06-06 16:44 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-09-13 16:29 - 2012-09-13 15:25 - 00000530 ____A C:\Windows\DtcInstall.log
    2012-09-13 15:29 - 2012-09-13 15:29 - 00073232 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2012-09-13 15:29 - 2011-10-24 17:04 - 00073232 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-13 09:13 - 2011-10-26 15:27 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-13 09:13 - 2011-10-26 15:26 - 00743856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-09-13 09:12 - 2012-09-13 09:12 - 12621696 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (4).exe
    2012-09-13 09:09 - 2012-09-13 09:09 - 12621696 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (3).exe
    2012-09-13 09:09 - 2012-09-13 09:08 - 10288512 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (2).exe
    2012-09-13 09:07 - 2012-09-13 09:07 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-13 09:04 - 2012-09-13 09:03 - 00004322 ____A C:\Users\Kellie\Documents\cc_20120913_130357.reg
    2012-09-13 09:03 - 2012-09-13 09:03 - 00004032 ____A C:\Users\Kellie\Documents\cc_20120913_130314.reg
    2012-09-13 08:56 - 2012-09-13 08:55 - 03927560 ____A (Piriform Ltd) C:\Users\Kellie\Downloads\ccsetup322.exe
    2012-09-13 08:56 - 2012-08-23 07:54 - 00000829 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-09-13 08:23 - 2007-08-07 16:49 - 59322368 ____A C:\Users\Public\Documents\Resetar.mny
    2012-09-13 05:44 - 2012-09-13 05:44 - 10288512 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (1).exe
    2012-09-12 12:48 - 2011-01-22 14:06 - 39407616 ____A C:\Users\Public\Documents\Quicken old.QDF
    2012-09-12 09:15 - 2012-09-12 09:15 - 00010130 ____A C:\Users\Kellie\.recently-used.xbel
    2012-09-12 08:49 - 2011-01-22 14:06 - 49123328 ____A C:\Users\Public\Documents\Quicken (2).QDF
    2012-09-12 07:14 - 2012-07-19 10:26 - 00118912 ____A C:\Users\Public\Documents\Quicken (2)OFXLOG.DAT
    2012-09-12 07:13 - 2012-07-19 10:26 - 02129168 ____A C:\Users\Public\Documents\Quicken (2)OFXOLD.DAT
    2012-09-11 04:49 - 2012-06-18 08:29 - 00015139 ____A C:\Users\Kellie\Documents\EBAY Transaction History.xlsx
    2012-09-11 04:39 - 2012-09-11 04:39 - 00038400 ____A C:\Users\Kellie\Documents\Avaya Passworrds.xls
    2012-09-08 09:23 - 2012-09-08 09:15 - 00009818 ____A C:\Users\Rob\Documents\Golf club values.xlsx
    2012-09-07 13:04 - 2012-09-14 12:35 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-05 02:47 - 2012-08-23 03:14 - 00002307 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-08-30 20:43 - 2011-08-28 07:04 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-30 20:12 - 2012-09-13 15:57 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-08-24 04:57 - 2012-08-24 04:57 - 00151341 ____A C:\Users\Kellie\Downloads\U969117_201112_201112.xls
    2012-08-24 04:57 - 2012-08-24 04:57 - 00066310 ____A C:\Users\Kellie\Downloads\U969117_201105_201105.xls
    2012-08-24 04:53 - 2012-08-24 04:53 - 00113730 ____A C:\Users\Kellie\Downloads\U969117_201104_201104.xls
    2012-08-23 08:08 - 2012-08-23 08:06 - 00082306 ____A C:\Users\Kellie\Documents\cc_20120823_120650.reg
    2012-08-23 07:53 - 2012-08-23 07:52 - 03907920 ____A (Piriform Ltd) C:\Users\Kellie\Downloads\ccsetup321.exe
    2012-08-23 03:12 - 2012-04-04 02:30 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-23 03:12 - 2011-09-06 14:11 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-22 10:12 - 2012-09-12 07:04 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 07:04 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 07:04 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 07:04 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-16 02:25 - 2009-07-13 20:45 - 00320720 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-02 09:58 - 2012-09-12 07:04 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-12 07:04 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-30 06:02 - 2012-07-30 06:02 - 00001097 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-30 06:00 - 2012-07-30 06:01 - 16801656 ____A (Mozilla) C:\Users\Kellie\Downloads\Firefox_Setup_14.0.1.exe
    2012-07-18 12:56 - 2011-01-22 14:13 - 01927232 ____A C:\Users\Public\Documents\QuickenOFXLOG.DAT
    2012-07-18 10:15 - 2012-08-15 12:17 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-13 03:29 - 2012-07-13 03:29 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b06.log
    2012-07-10 07:46 - 2011-01-22 14:13 - 02103440 ____A C:\Users\Public\Documents\QuickenOFXOLD.DAT
    2012-07-04 14:16 - 2012-08-15 12:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-15 12:17 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-15 12:17 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-15 12:17 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-15 12:17 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-07-04 12:26 - 2012-09-12 07:04 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-06-28 20:55 - 2012-08-15 15:56 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-15 15:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-15 15:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-15 15:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-15 15:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-15 15:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-15 15:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-15 15:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-15 15:56 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-15 15:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-15 15:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-15 15:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-15 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-15 15:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-15 15:56 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-15 15:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-15 15:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-15 15:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-15 15:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-15 15:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-15 15:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-15 15:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-15 15:56 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-15 15:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-15 15:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-15 15:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-15 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-15 15:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-2248584434-4130743615-47422387-1001\$f0f1e209943b7c659417dd7f8504e063
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-29 15:53:06
    Restore point made on: 2012-09-03 10:53:18
    Restore point made on: 2012-09-07 02:53:05
    Restore point made on: 2012-09-11 03:14:36
    Restore point made on: 2012-09-12 09:33:31
    Restore point made on: 2012-09-13 12:59:44
    Restore point made on: 2012-09-13 13:01:45
    Restore point made on: 2012-09-13 13:08:46
    Restore point made on: 2012-09-13 16:09:55
    Restore point made on: 2012-09-13 16:40:16
    Restore point made on: 2012-09-13 16:54:59
    Restore point made on: 2012-09-13 17:49:27
    Restore point made on: 2012-09-14 03:34:35
    Restore point made on: 2012-09-14 03:52:32
    Restore point made on: 2012-09-14 03:57:57
    ==================== Memory info ===========================
    Percentage of memory in use: 18%
    Total physical RAM: 3766.71 MB
    Available physical RAM: 3059.19 MB
    Total Pagefile: 3764.86 MB
    Available Pagefile: 3051.19 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: (Gateway) (Fixed) (Total:451.66 GB) (Free:382.98 GB) NTFS
    2 Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:1.91 GB) NTFS
    4 Drive g: () (Removable) (Total:0.12 GB) (Free:0.05 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 125 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 14 GB 1024 KB
    Partition 2 Primary 100 MB 14 GB
    Partition 3 Primary 451 GB 14 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E PQSERVICE NTFS Partition 14 GB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Gateway NTFS Partition 451 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 125 MB 0 B
    ==================================================================================
    Disk: 1
    There is no partition selected.
    There is no partition selected.
    Please select a partition and try again.
    =========================================================
    Last Boot: 2012-09-06 08:57
    ==================== End Of Log =============================
     
  5. Kellie Resetar

    Kellie Resetar TS Rookie Topic Starter

    Search.txt:

    Farbar Recovery Scan Tool (x64) Version: 15-09-2012 03
    Ran by SYSTEM at 2012-09-15 12:44:28
    Running from G:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Download the attached file, please. Save it on your flash drive in same location as FRST.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     

    Attached Files:

  7. Kellie Resetar

    Kellie Resetar TS Rookie Topic Starter

    I ran the FRST Fixlist and everything worked fine. Log is below:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-09-2012 03
    Ran by SYSTEM at 2012-09-16 07:27:37 Run:1
    Running from G:\
    ==============================================
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Value was restored successfully .
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
    ==== End of Fixlog ====

    Can I go back to using my PC normally?
     
  8. Kellie Resetar

    Kellie Resetar TS Rookie Topic Starter

    Hi Jay,
    Wanted to let you know that my Window Firewall not working again (seemed to be working right after I ran the above) so not sure if this would have fixed.
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yeah, that's usual with this infection. Let's continue disinfection. I doubt the machine is clean just yet...

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  10. Kellie Resetar

    Kellie Resetar TS Rookie Topic Starter

    Good morning.
    Here's the log from this step -

    ComboFix 12-09-16.01 - Kellie 09/17/2012 7:33.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2255 [GMT -4:00]
    Running from: c:\users\Kellie\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Kellie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
    c:\users\Kellie\Documents\ZDS08027.TMP
    c:\users\Kellie\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-17 11:40 . 2012-09-17 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-17 11:40 . 2012-09-17 11:40 -------- d-----w- c:\users\Admin\AppData\Local\temp
    2012-09-16 11:42 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2332E9A-98D5-47CB-B4A5-FB18DE0AC7B8}\mpengine.dll
    2012-09-15 20:41 . 2012-09-15 20:42 -------- d-----w- C:\FRST
    2012-09-15 11:37 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\users\Kellie\AppData\Roaming\Malwarebytes
    2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-14 20:35 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-14 12:05 . 2012-09-14 12:05 -------- d-----w- c:\programdata\Intel
    2012-09-14 11:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-14 11:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-09-14 11:53 . 2012-09-14 11:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
    2012-09-14 00:43 . 2012-09-14 00:43 -------- d-----w- c:\users\Admin\AppData\Local\Adobe
    2012-09-14 00:43 . 2012-09-14 00:43 -------- d-----w- c:\users\Admin\AppData\Roaming\Bullzip
    2012-09-14 00:41 . 2012-09-14 00:41 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-14 00:40 . 2012-09-14 00:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-14 00:40 . 2012-09-14 00:40 -------- d-----w- c:\program files (x86)\Java
    2012-09-13 23:52 . 2012-09-14 01:40 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
    2012-09-13 23:35 . 2012-09-13 23:35 -------- d-----w- c:\users\Admin\AppData\Local\Google
    2012-09-13 17:14 . 2012-02-09 18:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82831D0D-4E57-43F7-93A7-B82ECC7D7DF1}\gapaengine.dll
    2012-09-13 17:13 . 2012-09-13 17:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-09-13 17:13 . 2012-09-13 17:13 -------- d-----w- c:\program files\Microsoft Security Client
    2012-09-13 13:15 . 2012-09-13 13:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-09-13 13:12 . 2012-09-13 13:37 -------- d-----w- c:\programdata\7531CC9202C75886D6CFC216F875F002
    2012-09-12 15:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-12 15:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-12 15:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-12 15:04 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-12 15:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 15:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 15:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-23 15:54 . 2012-09-13 16:56 -------- d-----w- c:\program files\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-14 00:40 . 2012-06-07 00:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-14 00:40 . 2012-06-07 00:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-31 04:43 . 2011-08-28 15:04 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-08-23 11:12 . 2012-04-04 10:30 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-23 11:12 . 2011-09-06 22:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-18 18:15 . 2012-08-15 20:17 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-04 22:16 . 2012-08-15 20:17 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-07-04 22:13 . 2012-08-15 20:17 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 22:13 . 2012-08-15 20:17 136704 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 21:14 . 2012-08-15 20:17 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-06-29 04:55 . 2012-08-15 23:56 17809920 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-29 04:09 . 2012-08-15 23:56 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-29 03:56 . 2012-08-15 23:56 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-29 03:49 . 2012-08-15 23:56 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-29 03:49 . 2012-08-15 23:56 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-29 03:48 . 2012-08-15 23:56 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-29 03:47 . 2012-08-15 23:56 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-29 03:45 . 2012-08-15 23:56 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-29 03:44 . 2012-08-15 23:56 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-06-29 03:43 . 2012-08-15 23:56 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-29 03:42 . 2012-08-15 23:56 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-29 03:40 . 2012-08-15 23:56 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-29 03:39 . 2012-08-15 23:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-29 03:35 . 2012-08-15 23:56 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-29 00:16 . 2012-08-15 23:56 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-29 00:09 . 2012-08-15 23:56 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-29 00:08 . 2012-08-15 23:56 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04 . 2012-08-15 23:56 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00 . 2012-08-15 23:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-08 5663616]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-10 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
    "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-10-22 600688]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-06-17 246376]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-28 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-29 243232]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-17 c:\windows\Tasks\ActiveMail Chrome Watcher.job
    - c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-09-12 12:11]
    .
    2012-09-17 c:\windows\Tasks\ActiveMail Updater.job
    - c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-09-12 12:11]
    .
    2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:12]
    .
    2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 21:50]
    .
    2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 21:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
    "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = proxy_name:8080
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    Trusted Zone: ameritrade.com\wwws
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Kellie\AppData\Roaming\Mozilla\Firefox\Profiles\48adz0vn.default\
    FF - prefs.js: browser.startup.homepage - about:home
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKCU-Run-PCShowServer - c:\users\Kellie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-17 07:50:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-17 11:50
    .
    Pre-Run: 410,044,534,784 bytes free
    Post-Run: 409,713,094,656 bytes free
    .
    - - End Of File - - F3B07188FA500548603C545319C91293
     
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
     
     
  12. Kellie Resetar

    Kellie Resetar TS Rookie Topic Starter

    Here's result of last ComboFix. Going to run the ESET Scan now.

    ComboFix 12-09-16.01 - Kellie 09/17/2012 16:56:04.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2249 [GMT -4:00]
    Running from: c:\users\Kellie\Downloads\ComboFix.exe
    Command switches used :: c:\users\Kellie\Downloads\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-17 21:00 . 2012-09-17 21:00 -------- d-----w- c:\users\Rob\AppData\Local\temp
    2012-09-17 21:00 . 2012-09-17 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-17 21:00 . 2012-09-17 21:00 -------- d-----w- c:\users\Admin\AppData\Local\temp
    2012-09-17 13:28 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E8E1E93-BC2E-4D9F-94BA-DD1D84C6E27F}\mpengine.dll
    2012-09-17 11:59 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-15 20:41 . 2012-09-15 20:42 -------- d-----w- C:\FRST
    2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\users\Kellie\AppData\Roaming\Malwarebytes
    2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-14 20:35 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-14 12:05 . 2012-09-14 12:05 -------- d-----w- c:\programdata\Intel
    2012-09-14 11:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-14 11:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-09-14 11:53 . 2012-09-14 11:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
    2012-09-14 00:43 . 2012-09-14 00:43 -------- d-----w- c:\users\Admin\AppData\Local\Adobe
    2012-09-14 00:43 . 2012-09-14 00:43 -------- d-----w- c:\users\Admin\AppData\Roaming\Bullzip
    2012-09-14 00:41 . 2012-09-14 00:41 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-14 00:40 . 2012-09-14 00:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-14 00:40 . 2012-09-14 00:40 -------- d-----w- c:\program files (x86)\Java
    2012-09-13 23:52 . 2012-09-14 01:40 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
    2012-09-13 23:35 . 2012-09-13 23:35 -------- d-----w- c:\users\Admin\AppData\Local\Google
    2012-09-13 17:14 . 2012-02-09 18:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82831D0D-4E57-43F7-93A7-B82ECC7D7DF1}\gapaengine.dll
    2012-09-13 17:13 . 2012-09-13 17:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-09-13 17:13 . 2012-09-13 17:13 -------- d-----w- c:\program files\Microsoft Security Client
    2012-09-13 13:15 . 2012-09-13 13:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-09-13 13:12 . 2012-09-13 13:37 -------- d-----w- c:\programdata\7531CC9202C75886D6CFC216F875F002
    2012-09-12 15:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-12 15:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-12 15:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-12 15:04 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-12 15:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 15:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 15:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-23 15:54 . 2012-09-13 16:56 -------- d-----w- c:\program files\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-14 00:40 . 2012-06-07 00:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-14 00:40 . 2012-06-07 00:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-31 04:43 . 2011-08-28 15:04 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-08-23 11:12 . 2012-04-04 10:30 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-23 11:12 . 2011-09-06 22:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-18 18:15 . 2012-08-15 20:17 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-04 22:16 . 2012-08-15 20:17 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-07-04 22:13 . 2012-08-15 20:17 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 22:13 . 2012-08-15 20:17 136704 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 21:14 . 2012-08-15 20:17 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-06-29 04:55 . 2012-08-15 23:56 17809920 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-29 04:09 . 2012-08-15 23:56 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-29 03:56 . 2012-08-15 23:56 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-29 03:49 . 2012-08-15 23:56 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-29 03:49 . 2012-08-15 23:56 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-29 03:48 . 2012-08-15 23:56 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-29 03:47 . 2012-08-15 23:56 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-29 03:45 . 2012-08-15 23:56 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-29 03:44 . 2012-08-15 23:56 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-06-29 03:43 . 2012-08-15 23:56 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-29 03:42 . 2012-08-15 23:56 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-29 03:40 . 2012-08-15 23:56 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-29 03:39 . 2012-08-15 23:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-29 03:35 . 2012-08-15 23:56 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-29 00:16 . 2012-08-15 23:56 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-29 00:09 . 2012-08-15 23:56 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-29 00:08 . 2012-08-15 23:56 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04 . 2012-08-15 23:56 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00 . 2012-08-15 23:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-09-17_11.44.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-16 03:17 . 2012-09-17 11:57 55288 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-09-17 21:03 38192 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-08-28 08:45 . 2012-09-17 21:03 13426 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2248584434-4130743615-47422387-1001_UserData.bin
    + 2011-08-29 02:18 . 2012-09-17 11:53 7552 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2012-09-17 11:42 . 2012-09-17 11:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-09-17 21:01 . 2012-09-17 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-09-17 11:42 . 2012-09-17 11:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-09-17 21:01 . 2012-09-17 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-08-31 19:15 . 2012-09-17 20:48 254844 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:36 . 2012-09-17 20:49 626540 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-09-17 01:23 626540 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-09-17 01:23 107784 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-09-17 20:49 107784 c:\windows\system32\perfc009.dat
    + 2011-03-14 06:59 . 2012-09-17 11:56 163840 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-03-14 06:59 . 2012-09-14 20:30 163840 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 05:01 . 2012-09-17 11:41 292800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-09-17 21:00 292800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-03-14 06:59 . 2012-09-17 11:56 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-14 06:59 . 2012-09-14 20:30 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-09-14 20:30 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-17 11:56 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-08-29 02:18 . 2012-09-17 11:41 33239643 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2248584434-4130743615-47422387-1001-4096.dat
    + 2011-08-29 02:18 . 2012-09-17 21:00 33239643 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2248584434-4130743615-47422387-1001-4096.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-08 5663616]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-10 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
    "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-10-22 600688]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-06-17 246376]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-28 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-29 243232]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-17 c:\windows\Tasks\ActiveMail Chrome Watcher.job
    - c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-09-12 12:11]
    .
    2012-09-17 c:\windows\Tasks\ActiveMail Updater.job
    - c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-09-12 12:11]
    .
    2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:12]
    .
    2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 21:50]
    .
    2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 21:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
    "ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
    "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    Trusted Zone: ameritrade.com\wwws
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Kellie\AppData\Roaming\Mozilla\Firefox\Profiles\48adz0vn.default\
    FF - prefs.js: browser.startup.homepage - about:home
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-17 17:07:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-17 21:07
    ComboFix2.txt 2012-09-17 11:50
    .
    Pre-Run: 410,733,531,136 bytes free
    Post-Run: 410,547,015,680 bytes free
    .
    - - End Of File - - 7854D6209071249709CFBDF6ECB57714
     
  13. Kellie Resetar

    Kellie Resetar TS Rookie Topic Starter

    The ESET Scan completed and No Threats were found.
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! Your logs appear to be clean. If there are no more issues, then we shall finish up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advanced System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  15. Kellie Resetar

    Kellie Resetar TS Rookie Topic Starter

    Here is checkup.txt -
    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    JavaFX 2.1.1
    Java 7 Update 7
    Adobe Reader X (10.1.4)
    Mozilla Firefox 14.0.1 Firefox out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    Thank you for all of your help. This is a great site - very professional and organized. I'll send another thank you your way in the next day or so.
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent!

    Firefox update
    Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > About Firefox > Check for Updates.

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
     
  17. Kellie Resetar

    Kellie Resetar TS Rookie Topic Starter

    Firefox is now updated and everything appears to be working fine. No more questions. Thank again for your help!
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Your contribution is appreciated! :)

    Topic marked solved. :D
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.