Serifef.ab and p

Solved
By Sistrunk
Dec 9, 2012
  1. Hello there!
    I recently found that my computer was not able to connect to the internet through certain wifi routers. After digging a little deeper I found that my firewall has been disabled and connot get it back on. Did a scan with security essentials and found the serifef trojans. Also did the scan with malwarebytes and a different threat was detected. But when I choose to remove the threat I can no longer reboot the computer without doing a restore. The attached Malwarebytes file is the one before the removal. Since I had to restore. Been reading some of the threads and I'm very impressed with your guys work here. So I'll thank you guys ahead of time and I'm sure after.


    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jose :: RYAN-LAPTOP [administrator]
    12/9/2012 5:18:20 PM
    mbam-log-2012-12-09 (17-18-20).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222090
    Time elapsed: 19 minute(s), 44 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    c:\users\jose\appdata\local\temp\ms0cfg32.exe (Exploit.Drop.GS) -> Delete on reboot.
    (end)
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_15
    Run by Jose at 21:57:23 on 2012-12-09
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Windows\system32\agr64svc.exe
    C:\Windows\System32\alg.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\SMINST\BLService.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\ThreatFire\TFService.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\ThreatFire\TFTray.exe
    C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
    C:\Windows\SysWow64\perfhost.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\System32\mobsync.exe
    C:\Windows\System32\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uProxyServer = 127.0.0.1:5555
    uProxyOverride = <local>;*.local
    uURLSearchHooks: agihelper.AGUtils: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} -
    dURLSearchHooks: agihelper.AGUtils: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} -
    mWinlogon: Userinit = userinit.exe,
    BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} -
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - <orphaned>
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: Kiwee Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} -
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB5; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; .NET CLR 3.5.21022)" -"http://www.miniclip.com/games/alien-hive/en/"
    mRun: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe"
    mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: mswsock.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {4DFE522A-5D3D-4711-9437-67E066BE1E6E} - hxxp://192.168.254.254/gc2/weblib.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 8.8.8.8
    TCP: Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : DHCPNameServer = 8.8.8.8
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableLUA = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://jvhpropheticgeneration.blogspot.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npNavIn.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
    FF - plugin: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - ExtSQL: !HIDDEN! 2009-06-27 03:03; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----

    ============= SERVICES / DRIVERS ===============
    .
    R? AGCoreService;AG Core Services
    R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
    R? Com4QLBEx;Com4QLBEx
    R? fssfltr;fssfltr
    R? fsssvc;Windows Live Family Safety Service
    R? GamesAppService;GamesAppService
    R? hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver
    R? hcw72ATV;WinTV HVR-950 NTSC
    R? hcw72DTV;WinTV HVR-950 ATSC/QAM
    R? JMCR;JMCR
    R? libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1
    R? NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit
    R? NisDrv;Microsoft Network Inspection System
    R? NisSrv;Microsoft Network Inspection
    R? USBAAPL64;Apple Mobile USB Driver
    R? w7Svc;webcam 7 Service
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    R? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller
    S? {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49}
    S? AESTFilters;Andrea ST Filters Service
    S? afcdp;afcdp
    S? afcdpsrv;Acronis Nonstop Backup service
    S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    S? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    S? cmdGuard;COMODO Internet Security Sandbox Driver
    S? cmdHlp;COMODO Internet Security Helper Driver
    S? DragonUpdater;COMODO Dragon Update Service
    S? enecir;ENE CIR Receiver
    S? FontCache;Windows Font Cache Service
    S? HauppaugeTVServer;HauppaugeTVServer
    S? hpsrv;HP Service
    S? jjtAutoLaunch;jjtAutoLaunch
    S? MpFilter;Microsoft Malware Protection Driver
    S? PerfHost;Performance Counter DLL Host
    S? RDPDISPM;RDPDISPM
    S? Recovery Service for Windows;Recovery Service for Windows
    S? ScrybeUpdater;Scrybe Updater
    S? tdrpman258;Acronis Try&Decide and Restore Points filter (build 258)
    S? TeamViewer6;TeamViewer 6
    S? TfFsMon;TfFsMon
    S? TfNetMon;TfNetMon
    S? TfSysMon;TfSysMon
    S? ThreatFire;ThreatFire
    S? TVCapSvc;TV Background Capture Service (TVBCS)
    S? TVSched;TV Task Scheduler (TVTS)
    S? usbfilter;AMD USB Filter Driver
    S? wlcrasvc;Windows Live Mesh remote connections service
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-11-23 13:47:16 50952 ----a-w- C:\Windows\System32\certsentry.dll
    2012-11-23 13:47:16 42760 ----a-w- C:\Windows\SysWow64\certsentry.dll
    2012-11-23 13:35:39 65309168 ----a-w- C:\Windows\System32\mrt.exe
    2012-11-08 04:37:52 94288 ----a-w- C:\Windows\System32\drivers\inspect.sys
    2012-11-08 04:37:50 584056 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2012-11-08 04:37:50 45872 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2012-11-08 04:37:48 22736 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2012-11-08 04:37:38 41240 ----a-w- C:\Windows\System32\cmdcsr.dll
    2012-11-08 04:37:36 301264 ----a-w- C:\Windows\SysWow64\guard32.dll
    2012-11-08 04:37:32 390392 ----a-w- C:\Windows\System32\guard64.dll
    2012-10-21 17:04:57 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-21 17:04:57 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-21 17:04:50 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 22:03:45.66 ===============
  2. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/12/2009 5:45:36 PM
    System Uptime: 12/9/2012 9:29:54 PM (1 hours ago)
    .
    Motherboard: Compal | | 30FC
    Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-75 | Socket M2/S1G1 | 2200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 285 GiB total, 114.421 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 2.018 GiB free.
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0005
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter
    PNP Device ID: ROOT\*ISATAP\0005
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP885: 10/9/2012 2:26:06 AM - Scheduled Checkpoint
    RP886: 10/11/2012 2:42:17 AM - Scheduled Checkpoint
    RP889: 11/19/2012 11:39:21 PM - Scheduled Checkpoint
    RP890: 11/21/2012 7:05:26 PM - Device Driver Package Install: Microsoft Display adapters
    RP891: 11/21/2012 7:35:14 PM - Windows Update
    RP893: 11/22/2012 4:57:19 AM - Microsoft Antimalware Checkpoint
    RP895: 11/22/2012 12:15:34 PM - Microsoft Antimalware Checkpoint
    RP896: 11/22/2012 4:56:56 PM - before update
    RP897: 11/22/2012 5:42:16 PM - Windows Update
    RP898: 11/22/2012 7:23:10 PM - Windows Update
    RP899: 11/23/2012 8:18:26 AM - Windows Update
    RP900: 11/23/2012 8:50:56 AM - Device Driver Package Install: COMODO Network Service
    RP901: 12/9/2012 6:07:09 PM - AFTER SCAN
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Acronis True Image Home
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9
    Adobe Shockwave Player 11.5
    Agere Systems HDA Modem
    AMD USB Audio Driver Filter
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    Audia
    AVS Audio Editor version 4.2
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.3
    Battlefield 2(TM)
    BitTorrent
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCP Accelerator
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Cognitive Tutor
    Comcast High-Speed Internet Install Wizard
    Comodo Dragon
    COMODO Internet Security
    Compatibility Pack for the 2007 Office system
    Complete Control Program
    Complete Control Program (Commercial Version)
    CyberLink DVD Suite
    D3DX10
    daVinci
    DNA
    Drag Net
    Dropbox
    EA Download Manager
    EAWManager 1.0.15
    EAWPilot 1.1.60.0
    ESU for Microsoft Vista
    Extron Electronics - DataViewer
    Extron Electronics - Global Configurator 3.2
    Extron Electronics - USB Driver Installer v1.0.0
    ExtronCorLib
    Google SketchUp 8
    Graboid Video 1.73
    grandMA 3D 6 [2.5.3][6.6] v6.0.20.5248
    grandMA2 onPC 2.5.3.6
    Harman How To Listen (Public) 2.0.4
    Hauppauge MCE XP/Vista Software Encoder (2.0.28062)
    Hauppauge WinTV 7
    Hauppauge WinTV Infrared Remote
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Games
    HP Help and Support
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP MediaSmart TV
    HP MediaSmart Webcam
    HP MULTIPLE MODEM INSTALLER for VISTA
    HP Product Detection
    HP Quick Launch Buttons
    HP Total Care Advisor
    HP Update
    HP User Guides 0129
    HP Wireless Assistant
    HPSSupply
    HPTCSSetup
    IDT Audio
    iLive Editor V1.83
    iTunes
    Java(TM) 6 Update 15
    Java(TM) 6 Update 7
    JMicron JMB38X Flash Media Controller
    Junk Mail filter update
    Kiwee Chatbar
    Kiwee Toolbar for Firefox
    Kiwee Toolbar for Internet Explorer
    Kramer Software
    LabelPrint
    Lantronix CPR 4.3.0.0 (x64)
    LightScribe System Software 1.14.17.1
    LightScribe Template Designs - Music Pack 1
    Live 7.0.10
    Logitech Gaming Software 5.10
    Malwarebytes Anti-Malware version 1.61.0.1400
    Martin LightJockey version 2.95
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    MobileMe Control Panel
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB973688)
    Navionics PC App-1.7.1.0
    Navionics PC App-1.7.2.0
    Navionics PC App-1.7.3.0
    Navionics World
    ooVoo
    PA095 / PA075 USB2.0 DOCK 7.10
    Performance Manager
    Power2Go
    PowerDirector
    ProtectSmart Hard Drive Protection
    PunkBuster Services
    QLBCASL
    QuickTime
    Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Segoe UI
    Shop for HP Supplies
    Shure Wireless Workbench Software 4.3
    Skins
    Skype™ 5.3
    Smaart 7
    SPORE Creature Creator Trial Edition
    SR 4 Label Maker
    Studio Manager 64bit
    Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
    Synaptics Pointing Device Driver
    System Architect 2.30
    TeamViewer 6
    The Sims™ 3
    ThreatFire
    Transparent TaskBar
    Unlocker 1.8.7
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    USBPre Microphone Interface
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC media player 1.0.1
    webcam 7
    WildTangent Games App (HP Games)
    Windows Driver Package - Extron Electronics (WinUSB) Extron (12/01/2009 1.0.0.11)
    Windows Driver Package - Synaptics (SynTP) Mouse (03/31/2011 15.2.20.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Wireless Systems Manager
    Yahoo! Install Manager
    Yamaha DME-N Network Driver
    Yamaha LS9 Editor
    .
    ==== End Of File ===========================
  3. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    What exactly do you mean by "restore"?
  4. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    After I chose to remove the checked threat on malwarebytes I could not reboot and the windows auto repair could not fix it. So restored to an earlier restore point from the other options menu.
  5. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  6. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    I downloaded and ran the roguekiller and it wants to reboot and directed me to their website. Should I reboot now? I also downloaded the aswMBR but have not run it yet
  7. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    Tried to include the reports from rouguekiller but my ie has stopped responding.
  8. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    Try different browser.
  9. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    Ok, got it back running! and here are the reports before the reboot:
    RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 11 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hostsRogueKiller V8.3.2 [Dec 7 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 10 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> NOT REMOVED, USE PROXYFIX
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
    --- User ---
    [MBR] b424df27bf04a85c6a2b283f75a9bf42
    [BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Ativa 1GB USB Device +++++
    --- User ---
    [MBR] 9d91487f44fb2ffb075e82c1d7101251
    [BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 8 | Size: 953 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2]_D_12092012_02d2341.txt >>
    RKreport[1]_S_12092012_02d2338.txt ; RKreport[2]_D_12092012_02d2341.txt


    127.0.0.1 localhost
    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
    --- User ---
    [MBR] b424df27bf04a85c6a2b283f75a9bf42
    [BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Ativa 1GB USB Device +++++
    --- User ---
    [MBR] 9d91487f44fb2ffb075e82c1d7101251
    [BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 8 | Size: 953 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1]_S_12092012_02d2338.txt >>
    RKreport[1]_S_12092012_02d2338.txt
    RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 10 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> NOT REMOVED, USE PROXYFIX
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
    --- User ---
    [MBR] b424df27bf04a85c6a2b283f75a9bf42
    [BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Ativa 1GB USB Device +++++
    --- User ---
    [MBR] 9d91487f44fb2ffb075e82c1d7101251
    [BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 8 | Size: 953 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2]_D_12092012_02d2341.txt >>
    RKreport[1]_S_12092012_02d2338.txt ; RKreport[2]_D_12092012_02d2341.txt
  10. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    Tried to reboot after but now won't reboot. Goes to windows repair screen. I just shut the comp down for now and I'll wait for further instructions. Hitting the hay I'll check back tomorrow afternoon.
  11. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  12. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    Sorry Broni, but this is about as frustrating as the NHL lockout! Can't get anything online but my phone. So I'll download the files from work tomorrow and try to post then.
  13. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    No problem :)
     
  14. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    Ok, here are the FRST and Search logs
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012
    Ran by SYSTEM at 11-12-2012 17:47:06
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
    HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9577680 2012-11-07] (COMODO)
    HKLM-x32\...\Run: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe" [378128 2010-01-14] (PC Tools)
    HKLM-x32\...\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
    HKU\Jose\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\Jose\...\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB5; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; .NET CLR 3.5.21022)" -"http://www.miniclip.com/games/alien-hive/en/" [460216 2009-03-19] (Adobe Systems, Inc.)
    HKU\Jose\...\Winlogon: [Shell] Explorer.exe
    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
    Tcpip\..\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039}: [NameServer]8.26.56.26,156.154.70.22
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Scrybe.lnk
    ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)

    ==================== Services (Whitelisted) ===================

    2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1054568 2010-03-27] (Acronis)
    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-11-21] (Acronis)
    2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2828408 2012-11-07] (COMODO)
    2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1853584 2012-09-28] ()
    2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works)
    2 jjtAutoLaunch; "C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe" [114688 2002-01-22] (Sound Devices, LLC)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-24] ()
    2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-06-29] ()
    2 ScrybeUpdater; "C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe" [1300264 2011-05-27] (Synaptics, Inc.)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)
    2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe service [70928 2010-01-14] (PC Tools)
    2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2008-09-24] ()
    2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116096 2008-09-24] ()
    3 w7Svc; C:\Program Files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV [4999680 2011-07-27] (Moonware Studios)
    2 AGCoreService; "C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" [x]

    ==================== Drivers (Whitelisted) =====================

    1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [584056 2012-11-07] (COMODO)
    1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [45872 2012-11-07] (COMODO)
    3 hcw72ADFilter; C:\Windows\System32\Drivers\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.)
    3 hcw72ATV; C:\Windows\System32\Drivers\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.)
    3 hcw72DTV; C:\Windows\System32\Drivers\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.)
    3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [28672 2011-08-26] (http://libusb-win32.sourceforge.net)
    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
    3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
    0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-11-21] (Acronis)
    0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
    3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
    0 TfSysMon; C:\Windows\System32\Drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
    4 eabfiltr; [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    1 toocpocs; \??\C:\Windows\system32\drivers\toocpocs.sys [x]
    1 xlleposz; \??\C:\Windows\system32\drivers\xlleposz.sys [x]
    1 zxjqdcmu; \??\C:\Windows\system32\drivers\zxjqdcmu.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-12-09 20:41 - 2012-12-09 20:41 - 00003021 ____A C:\Users\Jose\Desktop\RKreport[2]_D_12092012_02d2341.txt
    2012-12-09 20:38 - 2012-12-09 20:38 - 00002918 ____A C:\Users\Jose\Desktop\RKreport[1]_S_12092012_02d2338.txt
    2012-12-09 20:36 - 2012-12-09 20:40 - 00000000 ____D C:\Users\Jose\Desktop\RK_Quarantine
    2012-12-09 20:34 - 2012-12-09 20:35 - 04732416 ____A (AVAST Software) C:\Users\Jose\Desktop\aswMBR.exe
    2012-12-09 20:34 - 2012-12-09 20:34 - 00753664 ____A C:\Users\Jose\Desktop\RogueKiller.exe
    2012-12-09 19:03 - 2012-12-09 19:03 - 00015931 ____A C:\Users\Jose\Desktop\dds.txt
    2012-12-09 19:03 - 2012-12-09 19:03 - 00013584 ____A C:\Users\Jose\Desktop\attach.txt
    2012-12-09 18:53 - 2012-12-09 18:53 - 00688992 ____R (Swearware) C:\Users\Jose\Desktop\dds.com
    2012-12-09 18:52 - 2012-12-09 18:52 - 00688992 ____A (Swearware) C:\Users\Jose\Downloads\dds.com
    2012-11-23 05:50 - 2012-12-09 20:48 - 00000000 ____D C:\Users\Jose\{945e8b33-257c-47a6-a7b1-1bea1374f118}
    2012-11-23 05:48 - 2012-11-23 05:48 - 00001753 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
    2012-11-23 05:48 - 2012-11-23 05:48 - 00001753 ____A C:\Users\All Users\Desktop\COMODO Firewall.lnk
    2012-11-23 05:47 - 2012-12-09 18:36 - 00000000 ____D C:\Users\All Users\Comodo
    2012-11-23 05:47 - 2012-12-09 18:36 - 00000000 ____D C:\Users\All Users\Application Data\Comodo
    2012-11-23 05:47 - 2012-11-23 05:47 - 00050952 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
    2012-11-23 05:47 - 2012-11-23 05:47 - 00042760 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000951 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000951 ____A C:\Users\All Users\Desktop\Comodo Dragon.lnk
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\Local Settings\Comodo
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\Local Settings\Application Data\Comodo
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\AppData\Local\Comodo
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Program Files (x86)\Comodo
    2012-11-23 05:46 - 2012-11-23 05:46 - 00000000 ____D C:\Program Files\COMODO
    2012-11-23 05:34 - 2012-11-23 05:34 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-11-23 05:33 - 2012-11-23 05:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-11-23 05:30 - 2012-11-23 05:43 - 98142048 ____A (COMODO) C:\Users\Jose\Downloads\cfw_installer.exe
    2012-11-23 05:30 - 2010-04-06 00:34 - 00345984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-11-23 05:21 - 2012-11-23 05:22 - 02202416 ____A (Check Point Software Technologies LTD) C:\Users\Jose\Downloads\zaSetupWeb_102_078_000 (1).exe
    2012-11-23 05:21 - 2012-02-29 07:37 - 00005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2012-11-23 05:21 - 2012-02-29 07:35 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2012-11-23 05:21 - 2012-02-29 07:11 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2012-11-23 05:21 - 2012-02-29 07:09 - 00157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2012-11-23 05:21 - 2012-02-29 05:52 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2012-11-23 05:18 - 2012-09-13 05:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-11-23 05:18 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-11-23 05:17 - 2012-07-04 06:33 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-11-23 05:15 - 2012-08-24 08:07 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-11-23 05:15 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-11-23 05:14 - 2012-06-01 16:20 - 01268736 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-11-23 05:14 - 2012-06-01 16:20 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-11-23 05:14 - 2012-06-01 16:20 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-11-23 05:14 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-11-23 05:14 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-11-23 05:14 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-11-23 05:11 - 2012-08-29 03:40 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-11-22 16:22 - 2012-11-22 16:22 - 00000000 __AHT C:\Windows\wusa.lock
    2012-11-22 16:20 - 2012-11-22 16:21 - 02202416 ____A (Check Point Software Technologies LTD) C:\Users\Jose\Downloads\zaSetupWeb_102_078_000.exe
    2012-11-22 16:16 - 2012-11-22 22:14 - 00000000 ____D C:\c40bedb1496b4042420d2909bd
    2012-11-22 16:15 - 2012-11-22 16:16 - 13529576 ____A (Microsoft Corporation) C:\Users\Jose\Downloads\mseinstall.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 17773056 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 12268544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 10884096 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 09702400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-11-22 14:51 - 2012-11-22 14:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-11-22 14:51 - 2012-11-22 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-11-22 14:51 - 2012-11-22 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-11-22 14:51 - 2012-11-22 14:51 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 02136064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01797632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01785344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-11-22 14:51 - 2012-11-22 14:51 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-11-22 14:51 - 2012-11-22 14:51 - 01389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01344000 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01102336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-11-22 14:51 - 2012-11-22 14:51 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-11-22 14:51 - 2012-11-22 14:51 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00236544 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-11-22 14:51 - 2012-11-22 14:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-11-22 14:51 - 2012-11-22 14:51 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-11-22 02:02 - 2012-11-22 02:06 - 00000000 ____D C:\Program Files\Microsoft Fix it Center
    2012-11-21 20:00 - 2012-11-23 05:33 - 00000000 ____D C:\Program Files\Microsoft Security Client


    ==================== One Month Modified Files and Folders =======

    2012-12-11 17:46 - 2012-12-11 17:46 - 00000000 ____D C:\FRST
    2012-12-09 23:02 - 2008-01-20 19:26 - 00193650 ____A C:\Windows\PFRO.log
    2012-12-09 23:01 - 2009-02-12 14:44 - 01831480 ____A C:\Windows\WindowsUpdate.log
    2012-12-09 23:01 - 2008-10-22 23:45 - 00000012 ____A C:\Windows\bthservsdp.dat
    2012-12-09 23:01 - 2006-11-02 07:42 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-12-09 23:01 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-09 23:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-12-09 23:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-12-09 23:00 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\tracing
    2012-12-09 22:04 - 2012-04-01 00:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\Local Settings\Windows Live
    2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\Local Settings\Application Data\Windows Live
    2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\AppData\Local\Windows Live
    2012-12-09 20:48 - 2012-11-23 05:50 - 00000000 ____D C:\Users\Jose\{945e8b33-257c-47a6-a7b1-1bea1374f118}
    2012-12-09 20:48 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
    2012-12-09 20:48 - 2006-11-02 04:33 - 86245376 ____A C:\Windows\System32\config\software_previous
    2012-12-09 20:47 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
    2012-12-09 20:47 - 2006-11-02 04:33 - 26214400 ____A C:\Windows\System32\config\system_previous
    2012-12-09 20:41 - 2012-12-09 20:41 - 00003021 ____A C:\Users\Jose\Desktop\RKreport[2]_D_12092012_02d2341.txt
    2012-12-09 20:40 - 2012-12-09 20:36 - 00000000 ____D C:\Users\Jose\Desktop\RK_Quarantine
    2012-12-09 20:38 - 2012-12-09 20:38 - 00002918 ____A C:\Users\Jose\Desktop\RKreport[1]_S_12092012_02d2338.txt
    2012-12-09 20:35 - 2012-12-09 20:34 - 04732416 ____A (AVAST Software) C:\Users\Jose\Desktop\aswMBR.exe
    2012-12-09 20:34 - 2012-12-09 20:34 - 00753664 ____A C:\Users\Jose\Desktop\RogueKiller.exe
    2012-12-09 20:28 - 2006-11-02 04:33 - 00057344 ____A C:\Windows\System32\config\sam_previous
    2012-12-09 20:28 - 2006-11-02 04:33 - 00024576 ____A C:\Windows\System32\config\security_previous
    2012-12-09 19:05 - 2006-11-02 04:46 - 00756338 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-12-09 19:03 - 2012-12-09 19:03 - 00015931 ____A C:\Users\Jose\Desktop\dds.txt
    2012-12-09 19:03 - 2012-12-09 19:03 - 00013584 ____A C:\Users\Jose\Desktop\attach.txt
    2012-12-09 18:54 - 2006-11-02 07:27 - 00189181 ____A C:\Windows\setupact.log
    2012-12-09 18:53 - 2012-12-09 18:53 - 00688992 ____R (Swearware) C:\Users\Jose\Desktop\dds.com
    2012-12-09 18:52 - 2012-12-09 18:52 - 00688992 ____A (Swearware) C:\Users\Jose\Downloads\dds.com
    2012-12-09 18:48 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
    2012-12-09 18:36 - 2012-11-23 05:47 - 00000000 ____D C:\Users\All Users\Comodo
    2012-12-09 18:36 - 2012-11-23 05:47 - 00000000 ____D C:\Users\All Users\Application Data\Comodo
    2012-12-09 18:34 - 2009-03-01 17:29 - 00000000 ____D C:\users\Jose
    2012-12-09 18:32 - 2006-11-02 07:21 - 00325464 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-12-09 18:29 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2012-12-09 18:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Journal
    2012-12-09 17:25 - 2006-11-02 04:33 - 55574528 ____A C:\Windows\System32\config\components_previous
    2012-12-09 17:25 - 2006-11-02 04:33 - 00524288 ____A C:\Windows\System32\config\default_previous
    2012-11-23 05:48 - 2012-11-23 05:48 - 00001753 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
    2012-11-23 05:48 - 2012-11-23 05:48 - 00001753 ____A C:\Users\All Users\Desktop\COMODO Firewall.lnk
    2012-11-23 05:47 - 2012-11-23 05:47 - 00050952 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
    2012-11-23 05:47 - 2012-11-23 05:47 - 00042760 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000951 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000951 ____A C:\Users\All Users\Desktop\Comodo Dragon.lnk
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\Local Settings\Comodo
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\Local Settings\Application Data\Comodo
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\AppData\Local\Comodo
    2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Program Files (x86)\Comodo
    2012-11-23 05:46 - 2012-11-23 05:46 - 00000000 ____D C:\Program Files\COMODO
    2012-11-23 05:43 - 2012-11-23 05:30 - 98142048 ____A (COMODO) C:\Users\Jose\Downloads\cfw_installer.exe
    2012-11-23 05:35 - 2006-11-02 04:35 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-11-23 05:34 - 2012-11-23 05:34 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-11-23 05:33 - 2012-11-23 05:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-11-23 05:33 - 2012-11-21 20:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-11-23 05:22 - 2012-11-23 05:21 - 02202416 ____A (Check Point Software Technologies LTD) C:\Users\Jose\Downloads\zaSetupWeb_102_078_000 (1).exe
    2012-11-22 22:14 - 2012-11-22 16:16 - 00000000 ____D C:\c40bedb1496b4042420d2909bd
    2012-11-22 16:40 - 2011-04-11 19:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-22 16:22 - 2012-11-22 16:22 - 00000000 __AHT C:\Windows\wusa.lock
    2012-11-22 16:21 - 2012-11-22 16:20 - 02202416 ____A (Check Point Software Technologies LTD) C:\Users\Jose\Downloads\zaSetupWeb_102_078_000.exe
    2012-11-22 16:16 - 2012-11-22 16:15 - 13529576 ____A (Microsoft Corporation) C:\Users\Jose\Downloads\mseinstall.exe
    2012-11-22 14:54 - 2006-11-02 05:33 - 00000000 ___RD C:\Windows\Offline Web Pages
    2012-11-22 14:54 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-11-22 14:52 - 2012-01-08 10:14 - 00004753 ____A C:\Windows\IE9_main.log
    2012-11-22 14:52 - 2006-11-02 04:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
    2012-11-22 14:52 - 2006-11-02 04:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
    2012-11-22 14:52 - 2006-11-01 22:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
    2012-11-22 14:52 - 2006-11-01 22:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
    2012-11-22 14:51 - 2012-11-22 14:51 - 17773056 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 12268544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 10884096 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 09702400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-11-22 14:51 - 2012-11-22 14:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-11-22 14:51 - 2012-11-22 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-11-22 14:51 - 2012-11-22 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-11-22 14:51 - 2012-11-22 14:51 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 02136064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01797632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01785344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-11-22 14:51 - 2012-11-22 14:51 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-11-22 14:51 - 2012-11-22 14:51 - 01389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01344000 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 01102336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-11-22 14:51 - 2012-11-22 14:51 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-11-22 14:51 - 2012-11-22 14:51 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00236544 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-11-22 14:51 - 2012-11-22 14:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-11-22 14:51 - 2012-11-22 14:51 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-11-22 14:51 - 2012-11-22 14:51 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-11-22 14:51 - 2012-11-22 14:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-11-22 14:49 - 2008-10-23 00:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
    2012-11-22 14:44 - 2008-10-23 01:11 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-11-22 14:44 - 2008-10-23 01:11 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
    2012-11-22 02:06 - 2012-11-22 02:02 - 00000000 ____D C:\Program Files\Microsoft Fix it Center
    2012-11-21 15:31 - 2009-04-15 14:28 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-11-19 20:54 - 2009-03-02 20:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-11-13 17:37 - 2009-03-16 11:46 - 00000000 ____D C:\Users\Jose\Application Data\DNA
    2012-11-13 17:37 - 2009-03-16 11:46 - 00000000 ____D C:\Users\Jose\AppData\Roaming\DNA
    2012-11-13 17:37 - 2009-03-02 13:46 - 00000000 ____D C:\Users\Jose\Tracing
    2012-11-13 17:36 - 2010-11-07 18:34 - 00000000 ____D C:\Windows\pss
    2012-11-13 17:33 - 2010-11-20 05:46 - 00000000 ____D C:\Users\Jose\Application Data\Dropbox
    2012-11-13 17:33 - 2010-11-20 05:46 - 00000000 ____D C:\Users\Jose\AppData\Roaming\Dropbox
    2012-11-13 17:32 - 2009-03-16 11:46 - 00000000 ____D C:\Program Files (x86)\DNA

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-08 22:26:41
    Restore point made on: 2012-10-10 22:42:47
    Restore point made on: 2012-11-12 00:44:20
    Restore point made on: 2012-11-19 20:39:37
    Restore point made on: 2012-11-21 16:06:14
    Restore point made on: 2012-11-21 16:35:25
    Restore point made on: 2012-11-22 01:58:39
    Restore point made on: 2012-11-22 09:16:18
    Restore point made on: 2012-11-22 13:57:29
    Restore point made on: 2012-11-22 14:42:25
    Restore point made on: 2012-11-22 16:23:52
    Restore point made on: 2012-11-23 05:18:55
    Restore point made on: 2012-11-23 05:51:24
    Restore point made on: 2012-12-09 15:07:43

    ==================== Memory info ===========================

    Percentage of memory in use: 32%
    Total physical RAM: 1789.02 MB
    Available physical RAM: 1202.84 MB
    Total Pagefile: 1535.46 MB
    Available Pagefile: 1173.11 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:285.18 GB) (Free:114.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (My 1GB) (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB
    Disk 1 Online 954 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 285 GB 1024 KB
    Partition 2 Primary 13 GB 285 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 285 GB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D RECOVERY NTFS Partition 13 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 953 MB 4096 B

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F My 1GB FAT Removable 953 MB Healthy

    =========================================================

    Last Boot: 2012-12-09 18:38

    ==================== End Of Log =============================
    Farbar Recovery Scan Tool (x64) Version: 11-12-2012
    Ran by SYSTEM at 2012-12-11 17:51:08
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2010-08-27 19:51] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2010-08-27 19:51] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

    C:\Windows\SysWOW64\services.exe
    [2010-08-27 19:51] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\system64\services.exe
    [2008-01-18 22:03] - [2008-01-19 00:00] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

    C:\Windows\System32\services.exe
    [2010-08-27 19:51] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-07-21 23:09] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009-07-21 23:10] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2010-07-16 23:09] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2010-07-16 23:04] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    ====== End Of Search ======
  15. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.

    Attached Files:

  16. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    Uploaded and ran the fixlist file but still not booting. Unfortunately I can not post the log file right now for as I don't have an online comp at home. But will get it up ASAP.
  17. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    That's fine.
    We'll run another fix.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot now.

    Attached Files:

  18. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    Since I can't download the file, can I just manually copy the file you sent and run it?
  19. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    You can download it on a computer you're posting from.
  20. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    I've been posting from my phone and been trying to take a drive to work to download the files. But have been on the road recently.
  21. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    Keep me posted....
  22. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    Okay have the file now. Here's the post from the first fix where the comp still did not boot.
    going to load new file later and hopefully post back tonight.

    RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Jose [Admin rights]
    Mode : Scan -- Date : 12/09/2012 23:38:03

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
    --- User ---
    [MBR] b424df27bf04a85c6a2b283f75a9bf42
    [BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Ativa 1GB USB Device +++++
    --- User ---
    [MBR] 9d91487f44fb2ffb075e82c1d7101251
    [BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 8 | Size: 953 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_12092012_02d2338.txt >>
    RKreport[1]_S_12092012_02d2338.txt
  23. Broni

    Broni Malware Annihilator Posts: 45,279   +243

    This is not Fixlog.txt log.
    It's RogueKiller log.
  24. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    Sorry clicked on the wrong one. Still trying to get a comp online at home. 
  25. Sistrunk

    Sistrunk Newcomer, in training Topic Starter Posts: 70

    The comp is still not booting and here is the fix log.
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
    Ran by SYSTEM at 2012-12-19 17:58:59 Run:3
    Running from F:\

    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.