Inactive Sirefef-BB

mjamike · Aug 16, 2012

Hello,
I am new to the forum. I'd greatly appreciate a fixlist.txt for this...

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 16-08-2012 21:24:59
Running from F:\
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [142616 2011-06-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [176408 2011-06-28] (Intel Corporation)
HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2011-12-06] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\QBDataServiceUser22\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)

================================ Services (Whitelisted) ==================

2 atashost; "C:\Windows\system32\atashost.exe" [134456 2012-07-17] (Cisco WebEx LLC)
2 CSAPrintService; C:\Windows\csasvc.exe [118784 2009-11-10] (Thomson Reuters)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe" Start=service [16680 2012-01-12] (Citrix Online, a division of Citrix Systems, Inc.)
2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-23] (Intel Corporation)
2 QBVSS; "C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe" [1248256 2011-08-19] (Intuit Inc.)
3 QuickBooksDB22; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB22 [679936 2011-08-19] (Intuit, Inc.)
3 RoxMediaDB12OEM; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
3 catchme; \??\C:\Users\ACCOUN~1\AppData\Local\Temp\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-16 15:31 - 2012-08-16 15:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-16 15:26 - 2012-08-16 15:26 - 00254152 ____A (Secure By Design Inc.) C:\Users\accountant\Downloads\Ninite Essentials Installer.exe
2012-08-16 15:19 - 2012-08-16 15:19 - 04009167 ____A C:\Users\accountant\Downloads\ServicesRepair.exe
2012-08-16 15:18 - 2012-08-16 15:18 - 00138120 ____A (ESET) C:\Users\accountant\Downloads\ESETSirefefRemover.exe
2012-08-16 15:13 - 2012-08-16 15:15 - 02030547 ____A C:\Users\accountant\Downloads\EZ_Sirefix.exe
2012-08-16 14:27 - 2012-08-16 14:27 - 00000000 ____D C:\Users\All Users\Sophos
2012-08-16 14:26 - 2012-08-16 14:26 - 77801992 ____A (Sophos Limited) C:\Users\accountant\Downloads\Sophos Virus Removal Tool.exe
2012-08-16 14:26 - 2012-08-16 14:26 - 00003217 ____A C:\Users\accountant\Desktop\Sophos Virus Removal Tool.lnk
2012-08-16 14:26 - 2012-08-16 14:26 - 00000000 ____D C:\Program Files\Sophos
2012-08-16 14:04 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-08-16 13:55 - 2012-08-16 14:07 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-08-16 13:55 - 2012-08-16 13:55 - 00000207 ____A C:\Windows\tweaking.com-regbackup-ACCOUNTING1A-Microsoft-Windows-7-Professional-(32-bit).dat
2012-08-16 13:55 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-08-16 13:54 - 2012-08-16 13:54 - 00000000 ____D C:\RegBackup
2012-08-16 13:53 - 2012-08-16 13:53 - 00002239 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-08-16 13:53 - 2012-08-16 13:53 - 00000000 ____D C:\Program Files\Tweaking.com
2012-08-16 13:49 - 2012-08-16 15:15 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-08-16 13:13 - 2012-08-16 13:13 - 00014705 ____A C:\ComboFix.txt
2012-08-16 13:01 - 2012-08-16 13:01 - 00000000 ____D C:\Users\accountant\AppData\Roaming\TeamViewer
2012-08-16 12:53 - 2012-08-16 12:53 - 00001917 ____A C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2012-08-16 12:32 - 2012-08-16 12:32 - 00000000 ____D C:\Users\All Users\Dumps
2012-08-16 11:26 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-08-16 11:24 - 2012-08-16 11:24 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-16 11:24 - 2012-08-16 11:24 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-08-16 11:24 - 2012-08-16 11:24 - 00000000 ____D C:\Program Files\Common Files\Java
2012-08-16 10:31 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-16 10:31 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-16 10:31 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-16 10:31 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-16 10:31 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-16 10:31 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-16 10:31 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-16 10:31 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-16 10:31 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-16 10:31 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-16 10:31 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-16 10:31 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-16 10:31 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-16 10:31 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-16 10:30 - 2012-07-18 09:47 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-16 10:30 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-16 10:30 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-16 10:30 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-16 10:30 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-16 10:30 - 2012-05-04 23:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-16 10:30 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-16 10:30 - 2012-02-10 21:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-16 10:19 - 2012-08-16 10:19 - 00000000 ____D C:\Windows\SoftwareDistribution.old
2012-08-16 10:06 - 2012-08-16 10:06 - 00000376 ____A C:\Users\accountant\AppData\Roamingprivacy.xml
2012-08-15 13:49 - 2012-08-16 09:45 - 00000347 ____A C:\Windows\System32\checkdnsid.xml
2012-08-15 13:37 - 2012-08-15 13:37 - 00000000 ____D C:\Users\All Users\bdch
2012-08-15 13:34 - 2012-08-15 13:34 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-08-15 13:33 - 2012-08-15 13:33 - 00000000 ____D C:\Users\All Users\BDLogging
2012-08-15 13:33 - 2009-07-14 10:27 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2012-08-15 13:33 - 2007-04-11 07:11 - 00511328 ____A (Microsoft Corporation) C:\Windows\capicom.dll
2012-08-15 13:32 - 2012-08-16 12:36 - 00000000 ____D C:\Program Files\Bitdefender
2012-08-15 13:32 - 2012-08-16 12:34 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-08-15 13:32 - 2012-08-15 13:32 - 02426224 ____A C:\Users\accountant\Downloads\bitdefender_antivirus.exe
2012-08-15 13:32 - 2012-08-15 13:32 - 00000000 ____D C:\Users\accountant\AppData\Roaming\QuickScan
2012-08-15 11:13 - 2012-08-15 11:13 - 00017408 ____A C:\Users\accountant\AppData\Local\WebpageIcons.db
2012-08-15 10:56 - 2012-08-15 10:57 - 181528160 ____A (Kaspersky Lab) C:\Users\accountant\Downloads\kav2012_12.0.0.374aEN_2839.exe
2012-08-15 10:02 - 2012-08-15 10:02 - 03098616 ____A (Secunia) C:\Users\accountant\Downloads\PSISetup.exe
2012-08-15 10:02 - 2012-08-15 10:02 - 00000000 ____D C:\Users\accountant\AppData\Local\Secunia PSI
2012-08-15 10:02 - 2012-08-15 10:02 - 00000000 ____D C:\Program Files\Secunia
2012-08-15 09:40 - 2012-08-16 13:14 - 00000000 ____D C:\Qoobox
2012-08-15 09:40 - 2012-08-15 09:54 - 00000000 ____D C:\Windows\erdnt
2012-08-15 09:40 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-15 09:40 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-15 09:40 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-15 09:40 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-15 09:40 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-15 09:40 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-15 09:40 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-15 09:40 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-15 09:30 - 2012-08-15 09:30 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-15 09:25 - 2012-08-15 09:25 - 00144936 ____A C:\Windows\Minidump\081512-43555-01.dmp
2012-08-15 09:17 - 2012-08-15 09:17 - 00053248 ____A C:\Windows\System32\zlib.dll
2012-08-15 09:16 - 2012-08-16 13:28 - 00000000 ____D C:\Users\accountant\Desktop\D7
2012-08-15 09:15 - 2012-08-16 15:12 - 00000583 ____A C:\Users\accountant\Desktop\notes.txt
2012-08-15 09:10 - 2012-08-15 09:10 - 00000000 ____D C:\smtmp
2012-08-15 09:07 - 2012-08-15 09:10 - 00000064 ____A C:\Users\All Users\-o7Df7eFNHOSv6Sr
2012-08-15 09:07 - 2012-08-15 09:10 - 00000064 ____A C:\Users\All Users\-o7Df7eFNHOSv6S
2012-08-14 05:58 - 2012-08-15 09:25 - 00000000 ____D C:\Windows\Minidump
2012-08-14 05:58 - 2012-08-14 05:58 - 00151112 ____A C:\Windows\Minidump\081412-47923-01.dmp
2012-08-14 05:57 - 2012-08-15 09:24 - 383022766 ____A C:\Windows\MEMORY.DMP
2012-08-09 12:07 - 2012-08-09 12:07 - 00000496 ___RA C:\CSI Realty Investment LLC6.30.12.lgb
2012-08-09 12:03 - 2012-08-09 13:04 - 17731584 ___RA C:\CSI Realty Investment LLC6.30.12.QBW
2012-08-09 12:03 - 2012-08-09 13:04 - 05373952 ___RA C:\CSI Realty Investment LLC6.30.12.QBW.TLG
2012-08-09 12:03 - 2012-08-09 13:04 - 00000382 ____A C:\CSI Realty Investment LLC6.30.12.QBW.ND
2012-08-09 12:03 - 2012-08-09 12:04 - 00000389 ____A C:\CSI Realty Investment LLC6.30.12.QBW.DSN
2012-08-09 12:03 - 2012-08-09 12:03 - 00000388 ____A C:\CSI Realty Investment LLC6.30.12.ND
2012-08-09 12:03 - 2012-08-09 12:03 - 00000000 ____D C:\Restored_CSI Realty Investment LLC6.30.12_Files
2012-07-31 09:46 - 2012-07-31 09:46 - 00000496 ___RA C:\FL_LARSO.QBB.lgb
2012-07-31 09:40 - 2012-08-09 12:03 - 138842112 ___RA C:\FL_LARSO.QBB.QBW
2012-07-31 09:40 - 2012-08-09 12:03 - 05832704 ___RA C:\FL_LARSO.QBB.QBW.TLG
2012-07-31 09:40 - 2012-08-09 12:03 - 00000362 ____A C:\FL_LARSO.QBB.QBW.ND
2012-07-31 09:40 - 2012-08-09 11:56 - 00000389 ____A C:\FL_LARSO.QBB.QBW.DSN
2012-07-31 09:40 - 2012-07-31 09:40 - 00000393 ____A C:\FL_LARSO.QBB.ND
2012-07-31 09:40 - 2012-07-31 09:40 - 00000000 ____D C:\Restored_FL_LARSO.QBB_Files
2012-07-31 09:39 - 2012-07-31 09:39 - 110243840 ____A C:\FL_LARSON.QBW
2012-07-31 09:39 - 2012-07-31 09:39 - 00000393 ____A C:\FL_LARSON.ND
2012-07-31 09:39 - 2012-07-31 09:39 - 00000389 ____A C:\FL_LARSON.QBW.DSN
2012-07-31 09:39 - 2012-07-31 09:39 - 00000355 ____A C:\FL_LARSON.QBW.ND
2012-07-31 09:39 - 2012-07-31 09:39 - 00000000 ____D C:\Restored_FL_LARSON_Files
2012-07-19 14:20 - 2012-07-19 14:20 - 00000496 ___RA C:\george_a.PICKERING.lgb
2012-07-17 09:03 - 2012-07-19 07:06 - 00000000 ____D C:\Users\All Users\WebEx
2012-07-17 08:58 - 2012-07-17 08:58 - 00170738 ____A C:\Users\accountant\Downloads\WBXRemoveTool.zip
2012-07-17 08:41 - 2012-07-17 08:41 - 00217400 ____A (Cisco WebEx LLC) C:\Windows\System32\atsckernel.exe
2012-07-17 08:41 - 2012-07-17 08:41 - 00134456 ____A (Cisco WebEx LLC) C:\Windows\System32\atashost.exe

============ 3 Months Modified Files ========================

2012-08-16 17:14 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-16 17:14 - 2009-07-13 20:39 - 00049306 ____A C:\Windows\setupact.log
2012-08-16 17:14 - 2009-07-13 20:34 - 00021312 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-16 17:14 - 2009-07-13 20:34 - 00021312 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-16 17:11 - 2011-12-15 07:58 - 01481260 ____A C:\Windows\WindowsUpdate.log
2012-08-16 15:31 - 2012-05-03 06:55 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-16 15:31 - 2010-11-20 13:01 - 00800016 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-16 15:26 - 2012-08-16 15:26 - 00254152 ____A (Secure By Design Inc.) C:\Users\accountant\Downloads\Ninite Essentials Installer.exe
2012-08-16 15:19 - 2012-08-16 15:19 - 04009167 ____A C:\Users\accountant\Downloads\ServicesRepair.exe
2012-08-16 15:18 - 2012-08-16 15:18 - 00138120 ____A (ESET) C:\Users\accountant\Downloads\ESETSirefefRemover.exe
2012-08-16 15:15 - 2012-08-16 15:13 - 02030547 ____A C:\Users\accountant\Downloads\EZ_Sirefix.exe
2012-08-16 15:12 - 2012-08-15 09:15 - 00000583 ____A C:\Users\accountant\Desktop\notes.txt
2012-08-16 14:56 - 2012-04-11 03:57 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-16 14:26 - 2012-08-16 14:26 - 77801992 ____A (Sophos Limited) C:\Users\accountant\Downloads\Sophos Virus Removal Tool.exe
2012-08-16 14:26 - 2012-08-16 14:26 - 00003217 ____A C:\Users\accountant\Desktop\Sophos Virus Removal Tool.lnk
2012-08-16 14:10 - 2011-12-28 05:57 - 00124464 ____A C:\Users\accountant\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-16 14:09 - 2009-07-13 20:33 - 00436384 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-16 14:07 - 2012-08-16 13:55 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-08-16 13:55 - 2012-08-16 13:55 - 00000207 ____A C:\Windows\tweaking.com-regbackup-ACCOUNTING1A-Microsoft-Windows-7-Professional-(32-bit).dat
2012-08-16 13:53 - 2012-08-16 13:53 - 00002239 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-08-16 13:15 - 2010-11-20 13:48 - 00123400 ____A C:\Windows\PFRO.log
2012-08-16 13:13 - 2012-08-16 13:13 - 00014705 ____A C:\ComboFix.txt
2012-08-16 13:12 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-08-16 13:12 - 2009-07-13 18:04 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts_bak_858
2012-08-16 12:53 - 2012-08-16 12:53 - 00001917 ____A C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2012-08-16 11:24 - 2012-08-16 11:24 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-16 11:24 - 2012-08-16 11:24 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-08-16 11:24 - 2011-12-25 12:03 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-16 11:24 - 2011-12-25 12:03 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-16 11:24 - 2011-12-25 12:03 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-16 11:24 - 2011-12-15 08:07 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-16 10:34 - 2011-12-25 11:53 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-16 10:06 - 2012-08-16 10:06 - 00000376 ____A C:\Users\accountant\AppData\Roamingprivacy.xml
2012-08-16 09:45 - 2012-08-15 13:49 - 00000347 ____A C:\Windows\System32\checkdnsid.xml
2012-08-15 13:34 - 2012-08-15 13:34 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-08-15 13:32 - 2012-08-15 13:32 - 02426224 ____A C:\Users\accountant\Downloads\bitdefender_antivirus.exe
2012-08-15 11:13 - 2012-08-15 11:13 - 00017408 ____A C:\Users\accountant\AppData\Local\WebpageIcons.db
2012-08-15 11:03 - 2012-02-09 05:01 - 00002016 ____A C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2012-08-15 10:57 - 2012-08-15 10:56 - 181528160 ____A (Kaspersky Lab) C:\Users\accountant\Downloads\kav2012_12.0.0.374aEN_2839.exe
2012-08-15 10:56 - 2012-04-11 03:57 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-15 10:56 - 2011-12-15 08:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-15 10:02 - 2012-08-15 10:02 - 03098616 ____A (Secunia) C:\Users\accountant\Downloads\PSISetup.exe
2012-08-15 09:25 - 2012-08-15 09:25 - 00144936 ____A C:\Windows\Minidump\081512-43555-01.dmp
2012-08-15 09:24 - 2012-08-14 05:57 - 383022766 ____A C:\Windows\MEMORY.DMP
2012-08-15 09:17 - 2012-08-15 09:17 - 00053248 ____A C:\Windows\System32\zlib.dll
2012-08-15 09:10 - 2012-08-15 09:07 - 00000064 ____A C:\Users\All Users\-o7Df7eFNHOSv6Sr
2012-08-15 09:10 - 2012-08-15 09:07 - 00000064 ____A C:\Users\All Users\-o7Df7eFNHOSv6S
2012-08-14 05:58 - 2012-08-14 05:58 - 00151112 ____A C:\Windows\Minidump\081412-47923-01.dmp
2012-08-11 00:07 - 2011-12-28 05:30 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl
2012-08-09 13:04 - 2012-08-09 12:03 - 17731584 ___RA C:\CSI Realty Investment LLC6.30.12.QBW
2012-08-09 13:04 - 2012-08-09 12:03 - 05373952 ___RA C:\CSI Realty Investment LLC6.30.12.QBW.TLG
2012-08-09 13:04 - 2012-08-09 12:03 - 00000382 ____A C:\CSI Realty Investment LLC6.30.12.QBW.ND
2012-08-09 13:04 - 2011-12-28 07:44 - 00000324 ____A C:\Windows\CSAAPP.INI
2012-08-09 12:07 - 2012-08-09 12:07 - 00000496 ___RA C:\CSI Realty Investment LLC6.30.12.lgb
2012-08-09 12:04 - 2012-08-09 12:03 - 00000389 ____A C:\CSI Realty Investment LLC6.30.12.QBW.DSN
2012-08-09 12:03 - 2012-08-09 12:03 - 00000388 ____A C:\CSI Realty Investment LLC6.30.12.ND
2012-08-09 12:03 - 2012-07-31 09:40 - 138842112 ___RA C:\FL_LARSO.QBB.QBW
2012-08-09 12:03 - 2012-07-31 09:40 - 05832704 ___RA C:\FL_LARSO.QBB.QBW.TLG
2012-08-09 12:03 - 2012-07-31 09:40 - 00000362 ____A C:\FL_LARSO.QBB.QBW.ND
2012-08-09 11:56 - 2012-07-31 09:40 - 00000389 ____A C:\FL_LARSO.QBB.QBW.DSN
2012-08-04 03:13 - 2009-07-13 20:53 - 00022182 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-31 09:46 - 2012-07-31 09:46 - 00000496 ___RA C:\FL_LARSO.QBB.lgb
2012-07-31 09:40 - 2012-07-31 09:40 - 00000393 ____A C:\FL_LARSO.QBB.ND
2012-07-31 09:39 - 2012-07-31 09:39 - 110243840 ____A C:\FL_LARSON.QBW
2012-07-31 09:39 - 2012-07-31 09:39 - 00000393 ____A C:\FL_LARSON.ND
2012-07-31 09:39 - 2012-07-31 09:39 - 00000389 ____A C:\FL_LARSON.QBW.DSN
2012-07-31 09:39 - 2012-07-31 09:39 - 00000355 ____A C:\FL_LARSON.QBW.ND
2012-07-31 09:39 - 2012-03-28 04:23 - 00000386 ____A C:\Law Office Of David P Sorrenti, P.C..QBW.ND
2012-07-31 09:39 - 2012-03-28 04:21 - 21295104 ___RA C:\Law Office Of David P Sorrenti, P.C..QBW
2012-07-31 09:39 - 2011-12-28 06:37 - 00589824 ___RA C:\Law Office Of David P Sorrenti, P.C..QBW.TLG
2012-07-31 09:38 - 2012-03-28 04:23 - 00000389 ____A C:\Law Office Of David P Sorrenti, P.C..QBW.DSN
2012-07-30 10:48 - 2012-04-07 11:50 - 03473408 ___RA C:\DICKINSON0910.QBW.TLG
2012-07-30 10:48 - 2012-04-07 11:49 - 72265728 ___RA C:\DICKINSON0910.QBW
2012-07-30 10:48 - 2012-04-07 11:49 - 00000363 ____A C:\DICKINSON0910.QBW.ND
2012-07-23 07:04 - 2012-04-07 11:49 - 00000389 ____A C:\DICKINSON0910.QBW.DSN
2012-07-23 07:03 - 2012-02-28 06:00 - 96026624 ___RA C:\george_a.PICKERING.qbw
2012-07-23 07:03 - 2012-02-28 06:00 - 00327680 ___RA C:\george_a.PICKERING.QBW.TLG
2012-07-23 07:03 - 2012-02-28 06:00 - 00000368 ____A C:\george_a.PICKERING.qbw.ND
2012-07-19 14:20 - 2012-07-19 14:20 - 00000496 ___RA C:\george_a.PICKERING.lgb
2012-07-19 14:20 - 2012-02-28 06:00 - 00000389 ____A C:\george_a.PICKERING.qbw.DSN
2012-07-18 09:47 - 2012-08-16 10:30 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 10:48 - 2012-07-02 05:08 - 06684672 ___RA C:\NE Patriot Truck Tire Inc.QBW.TLG
2012-07-17 10:48 - 2012-07-02 05:07 - 198266880 ___RA C:\NE Patriot Truck Tire Inc.QBW
2012-07-17 10:48 - 2012-07-02 05:07 - 00000375 ____A C:\NE Patriot Truck Tire Inc.QBW.ND
2012-07-17 10:33 - 2012-07-02 05:07 - 00000389 ____A C:\NE Patriot Truck Tire Inc.QBW.DSN
2012-07-17 08:58 - 2012-07-17 08:58 - 00170738 ____A C:\Users\accountant\Downloads\WBXRemoveTool.zip
2012-07-17 08:41 - 2012-07-17 08:41 - 00217400 ____A (Cisco WebEx LLC) C:\Windows\System32\atsckernel.exe
2012-07-17 08:41 - 2012-07-17 08:41 - 00134456 ____A (Cisco WebEx LLC) C:\Windows\System32\atashost.exe
2012-07-13 04:04 - 2011-12-28 11:52 - 00001476 ____A C:\Users\accountant\Desktop\ProSystem fx Tax.LNK
2012-07-13 04:04 - 2011-12-28 07:22 - 00670574 ____A C:\sysfile.log
2012-07-12 08:22 - 2012-03-06 10:28 - 00000365 ____A C:\Club eX (PandL).QBW.ND
2012-07-12 08:22 - 2012-03-06 10:27 - 31801344 ___RA C:\Club eX (PandL).QBW
2012-07-12 08:22 - 2012-03-06 10:27 - 03735552 ___RA C:\Club eX (PandL).QBW.TLG
2012-07-12 05:22 - 2012-03-06 10:28 - 00000389 ____A C:\Club eX (PandL).QBW.DSN
2012-07-12 05:21 - 2012-03-12 10:01 - 10616832 ___RA C:\62_PORTER STREET RENTAL.QBW
2012-07-12 05:21 - 2012-03-12 10:01 - 00327680 ___RA C:\62_PORTER STREET RENTAL.QBW.TLG
2012-07-12 05:21 - 2012-03-12 10:01 - 00000389 ____A C:\62_PORTER STREET RENTAL.QBW.DSN
2012-07-12 05:21 - 2012-03-12 10:01 - 00000373 ____A C:\62_PORTER STREET RENTAL.QBW.ND
2012-07-11 23:01 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-07-11 23:00 - 2012-07-11 23:00 - 00264530 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-04 13:16 - 2012-08-16 10:30 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:14 - 2012-08-16 10:30 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:14 - 2012-08-16 10:30 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-02 05:17 - 2012-07-02 05:17 - 00000496 ___RA C:\NE Patriot Truck Tire Inc.lgb
2012-07-02 05:08 - 2012-07-02 05:08 - 00000521 ____A C:\NE Patriot Truck Tire Inc.ND
2012-07-02 05:07 - 2012-04-03 06:02 - 00327680 ___RA C:\Dickinson Weymouth Building.QBW.TLG
2012-07-02 05:07 - 2012-04-03 06:01 - 11735040 ___RA C:\Dickinson Weymouth Building.qbw
2012-07-02 05:07 - 2012-04-03 06:01 - 00000389 ____A C:\Dickinson Weymouth Building.qbw.DSN
2012-07-02 05:07 - 2012-04-03 06:01 - 00000377 ____A C:\Dickinson Weymouth Building.qbw.ND
2012-06-28 16:52 - 2012-08-16 10:31 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-16 10:31 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-16 10:31 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-16 10:31 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-16 10:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 16:08 - 2012-08-16 10:31 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-16 10:31 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-16 10:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-16 10:31 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:04 - 2012-08-16 10:31 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:01 - 2012-08-16 10:31 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-16 10:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-16 10:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-16 10:31 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
2012-06-21 05:27 - 2012-04-10 09:43 - 148955136 ___RA C:\kwalterqbb.QBW
2012-06-21 05:27 - 2012-04-10 09:43 - 02490368 ___RA C:\kwalterqbb.QBW.TLG
2012-06-21 05:27 - 2012-04-10 09:43 - 00000360 ____A C:\kwalterqbb.QBW.ND
2012-06-21 05:26 - 2012-04-10 09:43 - 00000389 ____A C:\kwalterqbb.QBW.DSN
2012-06-19 04:56 - 2012-03-29 12:38 - 00000368 ____A C:\MccormickInsurance.QBW.ND
2012-06-13 23:18 - 2012-03-29 12:38 - 69038080 ___RA C:\MccormickInsurance.QBW
2012-06-13 23:18 - 2012-03-29 12:38 - 00589824 ___RA C:\MccormickInsurance.QBW.TLG
2012-06-12 04:45 - 2012-03-29 12:38 - 00000389 ____A C:\MccormickInsurance.QBW.DSN
2012-06-08 20:41 - 2012-07-11 01:01 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 16:59 - 2012-06-06 16:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-06-05 21:05 - 2012-07-11 01:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-11 01:01 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-11 01:01 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 12:05 - 2012-06-05 11:05 - 17641472 ___RA C:\Advanced Service Inc.2011.QBW
2012-06-05 12:05 - 2012-06-05 11:05 - 02883584 ___RA C:\Advanced Service Inc.2011.QBW.TLG
2012-06-05 12:05 - 2012-06-05 11:05 - 00000375 ____A C:\Advanced Service Inc.2011.QBW.ND
2012-06-05 11:18 - 2012-06-05 11:18 - 00000496 ___RA C:\Advanced Service Inc.2011.lgb
2012-06-05 11:06 - 2012-06-05 11:05 - 00000389 ____A C:\Advanced Service Inc.2011.QBW.DSN
2012-06-05 11:05 - 2012-06-05 11:05 - 00000417 ____A C:\Advanced Service Inc.2011.ND
2012-06-05 11:03 - 2012-04-24 09:03 - 06619136 ___RA C:\Advanced Service Inc..QBW.TLG
2012-06-05 10:03 - 2012-04-24 09:09 - 00000496 ___RA C:\Advanced Service Inc..lgb
2012-06-02 14:19 - 2012-06-20 21:43 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 21:43 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 21:43 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 21:43 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 21:43 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-20 21:43 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-20 21:43 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 21:43 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-20 21:43 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:45 - 2012-07-11 01:01 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-11 01:01 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-11 01:01 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-11 01:01 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-11 01:01 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 05:48 - 2012-04-10 12:04 - 25780224 ___RA C:\KDS Vending Inc..QBW
2012-06-01 05:48 - 2012-04-10 12:04 - 00327680 ___RA C:\KDS Vending Inc..QBW.TLG
2012-06-01 05:48 - 2012-04-10 12:04 - 00000366 ____A C:\KDS Vending Inc..QBW.ND
2012-06-01 05:46 - 2012-04-10 12:04 - 00000389 ____A C:\KDS Vending Inc..QBW.DSN
2012-05-31 08:25 - 2011-12-25 11:53 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-29 07:19 - 2012-03-15 11:01 - 00000358 ____A C:\Ability_.QBW.ND
2012-05-29 07:16 - 2012-03-15 11:01 - 28905472 ___RA C:\Ability_.QBW
2012-05-29 07:16 - 2012-03-15 11:01 - 06553600 ___RA C:\Ability_.QBW.TLG
2012-05-22 04:33 - 2012-05-22 04:33 - 01393736 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\accountant\gotomypc_626.exe
2012-05-21 12:57 - 2012-03-15 11:01 - 00000389 ____A C:\Ability_.QBW.DSN

ZeroAccess:
C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}
C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}\L
C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}\U
C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}\L\00000004.@
C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}\L\201d3dde

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4068.94 MB
Available physical RAM: 3537.97 MB
Total Pagefile: 4067.23 MB
Available Pagefile: 3540.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.68 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:221.54 GB) (Free:161.08 GB) NTFS
3 Drive f: (HIRENS) (Removable) (Total:3.72 GB) (Free:2.88 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:11.29 GB) (Free:6.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3822 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 11 GB 40 MB
Partition 3 Primary 221 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 11 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 221 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3821 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F HIRENS FAT32 Removable 3821 MB Healthy

==================================================================================

Last Boot: 2012-08-06 20:06

======================= End Of Log ==========================

Here's the search.txt

Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 2012-08-16 21:34:19
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\erdnt\cache\services.exe
[2012-08-15 09:54] - [2012-08-15 09:32] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

mjamike · Aug 16, 2012

I made my own fixlist.txt that looks like this:

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\System32\consrv.dll
C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}
end
It seemed to do the trick, but then the user mode varient was detected. I then ran KillZA (https://sites.google.com/a/obxcompguy.com/foolish-it/vb6-projects/killza) which appears to have taken care of the rest of it.
- Mike

Broni · Aug 17, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

You did fine with your script

I still suggest we run some scans to make sure nothing is hiding.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

mjamike · Aug 17, 2012

I will run more scans. I got anxious and attempted to run a bitdefender scan but its service quits during the middle of the operation. The same happens with MSE. I'm wondering if I have a new variation?

Broni · Aug 17, 2012

Skip AV scan for now.
Post other logs.

mjamike · Aug 18, 2012

Hello - here are the logs...

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
accountant :: ACCOUNTING1A [administrator]

8/17/2012 9:53:54 PM
mbam-log-2012-08-17 (21-53-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262482
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

mjamike · Aug 18, 2012

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-18 07:29:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500AAKX-753CA1 rev.19.01H19
Running: 2nil9jl8.exe; Driver: C:\Users\ACCOUN~1\AppData\Local\Temp\pxrirkow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by accountant at 7:32:01 on 2012-08-18
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3317.2171 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\csasvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4D5DD321-0E93-45C1-89BA-A3BFF1718156} : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-15 176128]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-7-17 134456]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-5-12 249648]
R2 CSAPrintService;Creative Solutions Accounting Print Service;c:\windows\csasvc.exe [2011-12-28 118784]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-24 212944]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-12-26 1153368]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-12-15 2656280]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-15 7723008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-15 239616]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-12-15 41088]
R3 QuickBooksDB22;QuickBooksDB22;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb22 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB22 [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-6-7 191752]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-12-15 269824]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-25 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-08-18 11:31:316891424----a-w-c:\programdata\microsoft\windows defender\definition updates\{34af3494-8c44-4750-9146-821042c7c346}\mpengine.dll
2012-08-18 02:00:08973488-c----w-c:\programdata\microsoft\windows\wer\reportqueue\appcrash_svchost.exe_wind_5776d233341fceacaad18172ec37bd7dc0ef489_cab_0b8b5ee1\mbam.exe
2012-08-18 01:57:58118784-c----w-c:\programdata\microsoft\windows\wer\reportqueue\appcrash_svchost.exe_wind_c4ca1e13cd47a9129312c2452c7e34f431a5ee_cab_0ad16344\csasvc.exe
2012-08-18 01:46:48877432-c----w-c:\programdata\microsoft\windows\wer\reportqueue\appcrash_msmpeng.exe_e12731eaca546970b4913b9e2ba5bd987ae731bb_cab_08bd41d0\dbicu11.dll
2012-08-18 01:46:11252928-c----w-c:\programdata\microsoft\windows\wer\reportqueue\appcrash_msmpeng.exe_2537acc31e93ee24e6419559e295f7daf5c34957_cab_0b00b4ae\drvinst.exe
2012-08-17 14:00:3947616-c----w-c:\programdata\microsoft\windows\wer\reportqueue\appcrash_svchost.exe_wind_a466fbf6c850d4cdae8af33d8ad28491a28a3bd_cab_0d49427b\wbemsvc.dll
2012-08-17 12:16:58--------d-----w-c:\programdata\Kaspersky Lab
2012-08-17 11:50:27103075----a-w-c:\programdata\1345204175.bdinstall.bin
2012-08-17 05:24:54--------d-----w-C:\FRST
2012-08-17 04:16:25--------d-----w-c:\users\accountant\appdata\roaming\Malwarebytes
2012-08-17 04:16:1322344----a-w-c:\windows\system32\drivers\mbam.sys
2012-08-17 04:16:13--------d-----w-c:\programdata\Malwarebytes
2012-08-17 04:16:13--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-08-17 04:01:491530875----a-w-c:\programdata\1345176013.bdinstall.bin
2012-08-17 03:58:36783----a-w-c:\programdata\1345175906.3912.bin
2012-08-17 03:58:364497----a-w-c:\programdata\1345175906.1400.bin
2012-08-17 03:58:28876----a-w-c:\programdata\1345175906.3420.bin
2012-08-17 03:58:28876----a-w-c:\programdata\1345175906.2780.bin
2012-08-17 03:58:28180709----a-w-c:\programdata\1345175906.2344.bin
2012-08-17 03:58:2810311----a-w-c:\programdata\1345175906.724.bin
2012-08-17 03:58:267324----a-w-c:\programdata\1345175906.1980.bin
2012-08-17 03:58:2646006----a-w-c:\programdata\1345175906.3248.bin
2012-08-17 03:58:263965----a-w-c:\programdata\1345175906.3868.bin
2012-08-17 03:58:25--------d-----w-c:\program files\common files\Bitdefender
2012-08-17 03:48:50228265----a-w-c:\programdata\1345175316.bdinstall.bin
2012-08-17 03:48:50--------d-----w-c:\program files\Bitdefender
2012-08-17 03:42:08231825----a-w-c:\programdata\1345174916.bdinstall.bin
2012-08-17 03:12:28--------d-sh--w-C:\$RECYCLE.BIN
2012-08-17 02:55:23--------d-----w-C:\Support
2012-08-16 22:27:41--------d-----w-c:\programdata\Sophos
2012-08-16 22:26:5773728----a-r-c:\users\accountant\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-16 22:26:5773728----a-r-c:\users\accountant\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-16 22:26:5773728----a-r-c:\users\accountant\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-08-16 22:26:56--------d-----w-c:\program files\Sophos
2012-08-16 22:04:35303616----a-w-C:\SetACL.exe
2012-08-16 21:55:38290304----a-w-C:\subinacl.exe
2012-08-16 21:54:39--------d-----w-C:\RegBackup
2012-08-16 21:53:57--------d-----w-C:\Tweaking.com_Windows_Repair_Logs
2012-08-16 21:14:18--------d-----w-c:\users\accountant\appdata\local\temp
2012-08-16 21:01:53--------d-----w-c:\users\accountant\appdata\roaming\TeamViewer
2012-08-16 20:32:00--------d-----w-c:\programdata\Dumps
2012-08-16 19:26:32514560----a-w-c:\windows\system32\qdvd.dll
2012-08-16 19:24:24821736----a-w-c:\windows\system32\npDeployJava1.dll
2012-08-16 19:24:1793672----a-w-c:\windows\system32\WindowsAccessBridge.dll
2012-08-16 18:30:10400896----a-w-c:\windows\system32\srcore.dll
2012-08-16 18:30:09769024----a-w-c:\windows\system32\localspl.dll
2012-08-16 18:30:092345984----a-w-c:\windows\system32\win32k.sys
2012-08-16 18:30:04492032----a-w-c:\windows\system32\win32spl.dll
2012-08-16 18:30:04317440----a-w-c:\windows\system32\spoolsv.exe
2012-08-16 18:30:0341984----a-w-c:\windows\system32\browcli.dll
2012-08-16 18:30:03102912----a-w-c:\windows\system32\browser.dll
2012-08-16 18:19:50--------d-----w-c:\windows\system32\catroot2
2012-08-16 18:19:13--------d-----w-c:\windows\SoftwareDistribution.old
2012-08-15 21:37:03--------d-----w-c:\programdata\bdch
2012-08-15 21:33:54--------d-----w-c:\programdata\BDLogging
2012-08-15 21:33:52511328----a-w-c:\windows\capicom.dll
2012-08-15 21:33:511461992----a-w-c:\windows\system32\WdfCoInstaller01009.dll
2012-08-15 21:32:47--------d-----w-c:\users\accountant\appdata\roaming\QuickScan
2012-08-15 18:02:52--------d-----w-c:\users\accountant\appdata\local\Secunia PSI
2012-08-15 18:02:37--------d-----w-c:\program files\Secunia
2012-08-15 17:17:1453248----a-w-c:\windows\system32\zlib.dll
2012-08-15 17:10:34--------d-----w-C:\smtmp
2012-08-09 20:03:11--------d-----w-C:\Restored_CSI Realty Investment LLC6.30.12_Files
2012-07-31 17:40:40--------d-----w-C:\Restored_FL_LARSO.QBB_Files
2012-07-31 17:39:47--------d-----w-C:\Restored_FL_LARSON_Files
.
==================== Find3M ====================
.
2012-08-16 19:24:12746984----a-w-c:\windows\system32\deployJava1.dll
2012-08-15 18:56:2070344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 18:56:20426184----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-07-17 16:41:52134456----a-w-c:\windows\system32\atashost.exe
2012-07-17 16:41:50217400----a-w-c:\windows\system32\atsckernel.exe
2012-06-29 00:16:581800704----a-w-c:\windows\system32\jscript9.dll
2012-06-29 00:09:011129472----a-w-c:\windows\system32\wininet.dll
2012-06-29 00:08:591427968----a-w-c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43142848----a-w-c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:452382848----a-w-c:\windows\system32\mshtml.tlb
2012-06-25 20:04:241394248----a-w-c:\windows\system32\msxml4.dll
2012-06-07 00:59:421070152----a-w-c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05:521390080----a-w-c:\windows\system32\msxml6.dll
2012-06-06 05:05:521236992----a-w-c:\windows\system32\msxml3.dll
2012-06-06 05:03:06805376----a-w-c:\windows\system32\cdosys.dll
2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19:42171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:12:2033792----a-w-c:\windows\system32\wuapp.exe
2012-06-02 04:45:0467440----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59369336----a-w-c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39225280----a-w-c:\windows\system32\schannel.dll
2012-06-02 04:39:10219136----a-w-c:\windows\system32\ncrypt.dll
2012-05-31 16:25:14237072------w-c:\windows\system32\MpSigStub.exe
2012-05-22 12:33:141393736----a-w-c:\users\accountant\gotomypc_626.exe
.
============= FINISH: 7:32:19.17 ===============

mjamike · Aug 18, 2012

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2011 2:18:17 PM
System Uptime: 8/17/2012 9:47:44 PM (10 hours ago)
.
Motherboard: Dell Inc. | | 0M5DCD
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 170.239 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_04F51028&REV_06\4&213E82F8&0&00E4
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_04F51028&REV_06\4&213E82F8&0&00E4
Service: RTL8167
.
==== System Restore Points ===================
.
RP104: 8/17/2012 10:20:33 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Acrobat X Standard
Adobe AIR
Adobe Flash Player 11 ActiveX
Bing Bar
Catalyst Control Center
Catalyst Control Center - Branding
Conexant HD Audio
Creative Solutions Accounting
Crystal Reports9
CyberLink PowerDVD 9.5
D3DX10
Dell Backup and Recovery Manager
Dell Client System Update
Dell Edoc Viewer
DirectX 9 Runtime
GoToAssist Corporate
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java 7 Update 6
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft OLE DB Provider for Visual FoxPro
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
PDFlyer
PhotoShowExpress
Portal
ProSystem fx Scan Workstation
ProSystem fx Tax
ProSystem fx Workstation
QuickBooks
QuickBooks Premier Edition 2012
QuickBooks Premier: Accountant Edition 2011
QuickBooks Remote Access
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Sonic CinePlayer Decoder Pack
Sophos Virus Removal Tool
Spybot - Search & Destroy
System Files
Tax Forms Helper 2010 9.5
Tax Forms Helper 2011 10.0
TaxInstallFiles
TValue 5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/17/2012 9:57:58 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/17/2012 9:53:49 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/17/2012 9:49:09 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
8/17/2012 9:49:09 PM, Error: Microsoft Antimalware [5008] -
8/17/2012 9:48:52 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
8/17/2012 9:48:12 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: An attempt was made to logon, but the network logon service was not started.
8/17/2012 9:48:11 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/17/2012 9:48:11 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
8/17/2012 9:48:09 PM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
8/17/2012 9:48:01 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
8/17/2012 9:48:01 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
8/17/2012 9:48:01 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/17/2012 9:47:59 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
8/17/2012 8:36:45 AM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 4 time(s).
8/17/2012 8:32:00 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: An instance of the service is already running.
8/17/2012 8:31:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/17/2012 8:22:55 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2012 8:22:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/17/2012 8:22:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/17/2012 8:22:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/17/2012 8:22:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/17/2012 8:22:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/17/2012 8:22:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/17/2012 8:22:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2012 7:48:38 AM, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
8/17/2012 7:48:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdfwfpf BDVEDISK
8/17/2012 12:13:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
8/17/2012 12:13:49 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/17/2012 12:08:22 AM, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 3 time(s).
8/17/2012 12:07:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application User Notification Service service to connect.
8/17/2012 12:07:36 AM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/17/2012 12:05:17 AM, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 2 time(s).
8/17/2012 12:04:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBIDPService service to connect.
8/17/2012 11:27:01 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
8/17/2012 10:00:08 PM, Error: Service Control Manager [7034] - The Windows Defender service terminated unexpectedly. It has done this 3 time(s).
8/16/2012 9:14:50 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/16/2012 9:14:50 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
8/16/2012 9:14:49 PM, Error: Service Control Manager [7038] - The W32Time service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/16/2012 9:14:49 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/16/2012 9:14:49 PM, Error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not start due to a logon failure.
8/16/2012 9:14:49 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
8/16/2012 9:14:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/16/2012 7:35:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Defender service, but this action failed with the following error: An instance of the service is already running.
8/16/2012 7:35:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Software Protection service, but this action failed with the following error: An instance of the service is already running.
8/16/2012 7:35:01 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/16/2012 5:50:38 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain OMALLY due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
8/16/2012 5:35:32 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 6 time(s).
8/16/2012 5:34:47 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 5 time(s).
8/16/2012 5:00:19 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 8 time(s).
8/16/2012 4:59:20 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 7 time(s).
8/16/2012 4:55:29 PM, Error: Service Control Manager [7038] - The MsMpSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/16/2012 4:55:29 PM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not start due to a logon failure.
8/16/2012 4:40:58 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/16/2012 4:33:53 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
8/16/2012 4:33:04 PM, Error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
8/16/2012 4:12:35 PM, Error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 3 time(s).
8/16/2012 3:46:35 PM, Error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 2 time(s).
8/16/2012 3:45:16 PM, Error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
8/16/2012 2:41:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.
8/16/2012 2:41:05 PM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/16/2012 2:09:36 PM, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/16/2012 2:09:36 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
8/16/2012 2:08:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
8/16/2012 2:08:32 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/16/2012 11:46:55 PM, Error: Service Control Manager [7034] - The QuickBooksDB22 service terminated unexpectedly. It has done this 1 time(s).
8/16/2012 11:11:59 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/16/2012 11:01:23 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/16/2012 10:56:04 PM, Error: Service Control Manager [7023] - The Roxio Hard Drive Watcher 12 service terminated with the following error: %%-2147467243
8/15/2012 5:57:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.
8/15/2012 4:54:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
8/15/2012 4:50:31 PM, Error: Service Control Manager [7034] - The Software Protection service terminated unexpectedly. It has done this 3 time(s).
8/15/2012 1:32:49 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
8/15/2012 1:32:47 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/15/2012 1:25:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82e390a8, 0x8dbd6764, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081512-43555-01.
8/14/2012 9:58:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0466db8, 0xc000000e, 0xbb544be0, 0x8cdb7000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081412-47923-01.
8/13/2012 9:45:34 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/13/2012 9:45:34 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
8/13/2012 9:43:34 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/13/2012 9:43:34 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/13/2012 9:43:34 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/12/2012 3:51:53 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
8/12/2012 3:51:53 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
8/12/2012 3:51:53 AM, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).
8/11/2012 4:53:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
8/11/2012 4:51:37 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/11/2012 4:51:37 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/11/2012 4:51:37 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/11/2012 4:07:12 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/11/2012 4:07:12 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/11/2012 4:04:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
8/11/2012 4:04:09 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Broni · Aug 18, 2012

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

=========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

mjamike · Aug 18, 2012

Thanks...

Rkill 2.2.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/18/2012 01:56:19 PM in x86 mode.
Windows Version: Windows 7
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* C:\Windows\csasvc.exe (PID: 1664) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks.
* No issues found.
Checking Windows Service Integrity:
* WatAdminSvc => C:\Windows\system32\Wat\WatAdminSvc.exe [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Program finished at: 08/18/2012 01:56:24 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
--------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-18 13:56:38
-----------------------------
13:56:38.034 OS Version: Windows 6.1.7601 Service Pack 1
13:56:38.034 Number of processors: 4 586 0x2A07
13:56:38.034 ComputerName: ACCOUNTING1A UserName: accountant
13:56:38.908 Initialize success
13:57:18.666 AVAST engine defs: 12081800
13:57:27.153 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:57:27.153 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 19.01H19 Size: 238475MB BusType: 3
13:57:27.153 Disk 0 MBR read successfully
13:57:27.153 Disk 0 MBR scan
13:57:27.153 Disk 0 Windows 7 default MBR code
13:57:27.153 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
13:57:27.168 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11566 MB offset 81920
13:57:27.184 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226868 MB offset 23769088
13:57:27.200 Disk 0 scanning sectors +488394752
13:57:27.278 Disk 0 scanning C:\Windows\system32\drivers
13:57:32.644 Service scanning
13:57:36.482 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
13:57:36.653 Service bdselfpr C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys **LOCKED** 5
13:57:49.570 Modules scanning
13:58:03.236 Disk 0 trace - called modules:
13:58:03.251 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
13:58:03.251 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863f5440]
13:58:03.251 3 CLASSPNP.SYS[8bd7d59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8559b908]
13:58:04.172 AVAST engine scan C:\Windows
13:58:05.981 AVAST engine scan C:\Windows\system32
13:59:31.719 AVAST engine scan C:\Windows\system32\drivers
13:59:36.883 AVAST engine scan C:\Users\accountant
14:00:12.341 AVAST engine scan C:\ProgramData
14:00:41.460 Scan finished successfully
14:01:06.623 Disk 0 MBR has been saved successfully to "C:\Users\accountant\Desktop\MBR.dat"
14:01:06.623 The log file has been saved successfully to "C:\Users\accountant\Desktop\aswMBR.txt"

Broni · Aug 18, 2012

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

mjamike · Aug 18, 2012

ComboFix 12-08-18.03 - accountant 08/18/2012 16:55:36.5.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3317.2169 [GMT -4:00]
Running from: c:\users\accountant\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1345311764.bdinstall.bin
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2012-08-18 20:59 . 2012-08-18 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 20:56 . 2009-07-14 01:16 262144 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_e735c5afb43e144d6b14d54def79c9da527ea_cab_0830e262\wevtapi.dll
2012-08-18 20:50 . 2010-11-20 21:29 1288488 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_3234db5ff7c7198312062bb3459e64a5a3571a_cab_0fcbae48\ntdll.dll
2012-08-18 20:50 . 2009-07-14 01:14 69632 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_3234db5ff7c7198312062bb3459e64a5a3571a_cab_0fcbae48\smss.exe
2012-08-18 18:50 . 2012-08-18 15:31 -------- d-----w- c:\windows\Panther
2012-08-18 18:44 . 2012-08-18 15:15 -------- d-----w- C:\$WINDOWS.~Q
2012-08-18 18:40 . 2012-08-18 18:42 -------- d-----w- C:\$INPLACE.~TR
2012-08-18 17:48 . 2011-11-17 21:38 63056 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-08-18 17:48 . 2012-03-21 00:22 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-08-18 17:48 . 2012-02-17 20:45 447208 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-08-18 17:48 . 2012-08-18 17:48 -------- d-----w- c:\programdata\Bitdefender
2012-08-18 17:46 . 2012-04-11 21:03 154464 ----a-w- c:\windows\system32\drivers\gzflt.sys
2012-08-18 17:46 . 2012-04-24 19:28 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-08-18 16:02 . 2012-07-27 20:51 341448 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_388daa3a98cbcf81b0c8c82d26b63c36d6e7578_cab_0bdce1b7\AcroIEFavClient.dll
2012-08-18 15:31 . 2012-08-18 15:31 -------- d-----w- C:\Recovery
2012-08-18 15:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-18 15:29 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-18 15:29 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-18 15:26 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-18 15:26 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-18 15:26 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-18 15:26 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-18 15:26 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-18 15:26 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-18 15:26 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-18 15:26 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-18 15:26 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-18 15:08 . 2012-08-18 15:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-08-18 14:55 . 2012-08-18 15:07 -------- d-----w- c:\users\administrator
2012-08-18 14:55 . 2012-08-18 15:07 -------- d-----w- c:\users\fcampbell
2012-08-18 14:55 . 2012-08-18 15:22 -------- d-----w- c:\users\QBDataServiceUser22
2012-08-18 14:55 . 2012-08-18 15:32 -------- d-----w- c:\users\accountant
2012-08-18 14:54 . 2012-08-18 14:57 -------- d-----w- c:\program files\CONEXANT
2012-08-18 14:53 . 2012-08-18 14:53 0 ----a-w- c:\windows\ativpsrm.bin
2012-08-18 11:31 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34AF3494-8C44-4750-9146-821042C7C346}\mpengine.dll
2012-08-17 12:16 . 2012-08-18 14:59 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-17 05:24 . 2012-08-17 05:24 -------- d-----w- C:\FRST
2012-08-17 04:16 . 2012-08-18 14:59 -------- d-----w- c:\programdata\Malwarebytes
2012-08-17 04:16 . 2012-08-18 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-17 04:16 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-17 03:58 . 2012-08-18 17:46 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-08-17 03:48 . 2012-08-18 14:57 -------- d-----w- c:\program files\Bitdefender
2012-08-17 02:55 . 2012-08-17 02:57 -------- d-----w- C:\Support
2012-08-16 22:27 . 2012-08-18 14:59 -------- d-----w- c:\programdata\Sophos
2012-08-16 22:26 . 2012-08-18 14:58 -------- d-----w- c:\program files\Sophos
2012-08-16 22:04 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-08-16 21:55 . 2012-08-16 22:07 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-16 21:55 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-08-16 21:54 . 2012-08-16 21:54 -------- d-----w- C:\RegBackup
2012-08-16 21:53 . 2012-08-16 22:07 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-16 20:32 . 2012-08-18 14:59 -------- d-----w- c:\programdata\Dumps
2012-08-16 19:24 . 2012-08-18 14:57 -------- d-----w- c:\program files\Common Files\Java
2012-08-16 19:24 . 2012-08-16 19:24 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-16 19:24 . 2012-08-16 19:24 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-16 18:31 . 2012-06-29 00:16 1800704 ------w- c:\windows\system32\jscript9.dll
2012-08-15 21:37 . 2012-08-18 14:59 -------- d-----w- c:\programdata\bdch
2012-08-15 21:33 . 2012-08-18 14:59 -------- d-----w- c:\programdata\BDLogging
2012-08-15 21:33 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2012-08-15 21:33 . 2009-07-14 18:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-08-15 21:33 . 2011-11-25 18:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-08-15 18:02 . 2012-08-18 14:58 -------- d-----w- c:\program files\Secunia
2012-08-15 17:17 . 2012-08-15 17:17 53248 ----a-w- c:\windows\system32\zlib.dll
2012-08-15 17:10 . 2012-08-15 17:10 -------- d-----w- C:\smtmp
2012-08-09 20:03 . 2012-08-09 20:03 -------- d-----w- C:\Restored_CSI Realty Investment LLC6.30.12_Files
2012-07-31 17:40 . 2012-07-31 17:40 -------- d-----w- C:\Restored_FL_LARSO.QBB_Files
2012-07-31 17:39 . 2012-07-31 17:39 -------- d-----w- C:\Restored_FL_LARSON_Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 19:24 . 2011-12-15 16:07 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 18:56 . 2012-04-11 11:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 18:56 . 2011-12-15 16:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 16:41 . 2012-07-17 16:41 134456 ----a-w- c:\windows\system32\atashost.exe
2012-07-17 16:41 . 2012-07-17 16:41 217400 ----a-w- c:\windows\system32\atsckernel.exe
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-05-31 16:25 . 2011-12-25 19:53 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-05-22 12:33 . 2012-05-22 12:33 1393736 ----a-w- c:\users\accountant\gotomypc_626.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-07-31 1578872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-12-6 5980504]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-9-30 1178400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-01-12 16:58 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 QuickBooksDB22;QuickBooksDB22;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 CSAPrintService;Creative Solutions Accounting Print Service;c:\windows\csasvc.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [x]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-18 17:01:26
ComboFix-quarantined-files.txt 2012-08-18 21:01
.
Pre-Run: 177,626,796,032 bytes free
Post-Run: 177,458,683,904 bytes free
.
- - End Of File - - 877050BCF58834F61B9E0C23FFA18063

Broni · Aug 18, 2012

Looks good

Any current issues?

=====================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

mjamike · Aug 18, 2012

Unfortunately I still am experiencing issues, but maybe they aren't virus related? They feel like they are though. Basically any antivirus I install will become disabled mid scan. I don't know if MSE, Kaspersky and Bitdefender all have an underlying common denominator that is coincidenatlly causing their services to crash (.net maybe?)?? I also had IE stop responding while simply trying to navigate to this site, but that has only happened once. The computer isn't acting like it's infected.... except for that all antivirus software fails to run a scan. Here are my logs:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.18.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
accountant :: ACCOUNTING1A [administrator]
8/18/2012 8:12:04 PM
mbam-log-2012-08-18 (20-12-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255821
Time elapsed: 2 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
----------------------------------------------------------------------

OTL logfile created on: 8/18/2012 8:15:36 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\accountant\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 76.18% Memory free
6.48 Gb Paging File | 5.53 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.54 Gb Total Space | 165.37 Gb Free Space | 74.65% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 1.28 Gb Free Space | 34.25% Space Free | Partition Type: NTFS

Computer Name: ACCOUNTING1A | User Name: accountant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/18 20:11:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Accountant\Desktop\OTL.exe
PRC - [2012/07/31 16:06:32 | 001,578,872 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
PRC - [2012/07/27 16:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/26 17:05:12 | 001,280,720 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
PRC - [2012/07/17 12:41:52 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
PRC - [2012/07/03 12:04:45 | 000,055,544 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
PRC - [2011/12/06 13:41:18 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/12/06 12:48:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/19 22:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/19 11:45:34 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/02/19 11:45:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/12/03 19:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/03 19:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 17:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/01 18:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/09/30 17:51:04 | 001,178,400 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2009/11/10 15:33:22 | 000,118,784 | ---- | M] (Thomson Reuters) -- C:\Windows\csasvc.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 12:24:09 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
MOD - [2010/09/30 17:51:32 | 000,124,704 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2010/09/30 17:51:30 | 000,020,256 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2010/09/30 17:51:22 | 000,041,248 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2010/09/30 17:51:12 | 000,175,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2010/09/30 17:51:10 | 000,337,184 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2010/09/30 17:51:10 | 000,268,064 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/08/15 14:56:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/26 17:05:12 | 001,280,720 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV - [2012/07/17 12:41:52 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2012/07/03 12:04:45 | 000,055,544 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV - [2012/01/12 12:58:47 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/12/25 17:01:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/12/06 12:48:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/19 22:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 22:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/08/19 22:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe -- (QuickBooksDB22)
SRV - [2011/06/07 14:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/19 11:45:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/12/03 19:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/03 19:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2009/11/10 15:33:22 | 000,118,784 | ---- | M] (Thomson Reuters) [Auto | Running] -- C:\Windows\csasvc.exe -- (CSAPrintService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ACCOUN~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/12 17:12:20 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
DRV - [2012/04/24 15:28:36 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2012/04/11 17:03:33 | 000,154,464 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2012/03/20 20:22:08 | 000,611,520 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2012/02/17 16:45:12 | 000,447,208 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2011/11/25 14:59:40 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV - [2011/11/17 17:38:32 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2011/11/14 20:16:27 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2011/03/10 19:28:24 | 001,281,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2011/02/19 12:26:22 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/02/19 11:03:28 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 17:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/19 20:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {48E1A694-D427-4ABB-8079-7BC1FAF8EB83}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{48E1A694-D427-4ABB-8079-7BC1FAF8EB83}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\..\SearchScopes,DefaultScope = {77666860-5432-44D8-A9C2-A01BAE83D5C0}
IE - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\..\SearchScopes\{77666860-5432-44D8-A9C2-A01BAE83D5C0}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...5b6a56a762c&lang=en&ds=AVG&pr=fr&d=2012-07-02 12:39:44&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/18 10:57:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

O1 HOSTS File: ([2012/08/18 16:59:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Omally.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D5DD321-0E93-45C1-89BA-A3BFF1718156}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/08/18 09:59:54 | 000,000,043 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/18 20:11:42 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\accountant\Desktop\OTL.exe
[2012/08/18 17:01:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/18 17:01:37 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Local\temp
[2012/08/18 16:54:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/18 16:54:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/18 16:54:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/18 16:54:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/18 16:53:39 | 004,735,580 | R--- | C] (Swearware) -- C:\Users\accountant\Desktop\ComboFix.exe
[2012/08/18 16:48:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2012/08/18 14:50:51 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/18 14:44:04 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
[2012/08/18 14:40:59 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
[2012/08/18 13:56:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\accountant\Desktop\aswMBR.exe
[2012/08/18 13:55:27 | 001,545,120 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\accountant\Desktop\iExplore.exe
[2012/08/18 13:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2012/08/18 13:48:21 | 000,063,056 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2012/08/18 13:48:13 | 000,611,520 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2012/08/18 13:48:13 | 000,447,208 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2012/08/18 13:48:11 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\Bitdefender
[2012/08/18 13:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012/08/18 13:46:37 | 000,154,464 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2012/08/18 13:46:36 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2012/08/18 11:31:53 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/08/18 10:55:35 | 000,000,000 | --SD | C] -- C:\Users\accountant\AppData\Roaming\Microsoft
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Videos
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Saved Games
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Pictures
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Music
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Links
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Favorites
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Downloads
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Documents
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Desktop
[2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\AppData\Local\Temporary Internet Files
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Templates
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Start Menu
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\SendTo
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Recent
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\PrintHood
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\NetHood
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Documents\My Videos
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Documents\My Pictures
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Documents\My Music
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\My Documents
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Local Settings
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\AppData\Local\History
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Cookies
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Application Data
[2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\AppData\Local\Application Data
[2012/08/18 10:55:35 | 000,000,000 | -H-D | C] -- C:\Users\accountant\AppData
[2012/08/18 10:55:35 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Local\Microsoft
[2012/08/18 10:55:35 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\Media Center Programs
[2012/08/18 10:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/08/18 10:52:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/18 07:30:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\accountant\Desktop\dds.com
[2012/08/17 08:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/08/17 01:24:54 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/17 00:16:25 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\Malwarebytes
[2012/08/17 00:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/17 00:16:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/17 00:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/17 00:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/17 00:14:25 | 000,000,000 | ---D | C] -- C:\Users\accountant\Desktop\D7
[2012/08/16 23:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/08/16 23:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/08/16 22:55:23 | 000,000,000 | ---D | C] -- C:\Support
[2012/08/16 18:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/08/16 18:26:57 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/08/16 18:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/08/16 18:07:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/16 17:55:43 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/08/16 17:54:39 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/08/16 17:53:57 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/08/16 17:49:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/08/16 17:01:53 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\TeamViewer
[2012/08/16 16:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps
[2012/08/16 15:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/16 14:19:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution.old
[2012/08/15 17:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2012/08/15 17:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/08/15 17:33:49 | 000,240,184 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2012/08/15 17:32:47 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\QuickScan
[2012/08/15 14:02:52 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Local\Secunia PSI
[2012/08/15 14:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/08/15 13:40:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/15 13:10:34 | 000,000,000 | ---D | C] -- C:\smtmp
[2012/08/09 16:03:11 | 000,000,000 | ---D | C] -- C:\Restored_CSI Realty Investment LLC6.30.12_Files
[2012/07/31 13:40:40 | 000,000,000 | ---D | C] -- C:\Restored_FL_LARSO.QBB_Files
[2012/07/31 13:39:47 | 000,000,000 | ---D | C] -- C:\Restored_FL_LARSON_Files
[2012/05/22 08:33:08 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\accountant\gotomypc_626.exe
[2011/12/28 10:46:27 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\accountant\gotomypc_437.exe

========== Files - Modified Within 30 Days ==========

[2012/08/18 20:11:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\accountant\Desktop\OTL.exe
[2012/08/18 19:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/18 19:25:20 | 000,021,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 19:25:20 | 000,021,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 17:02:10 | 000,000,347 | ---- | M] () -- C:\Windows\System32\checkdnsid.xml
[2012/08/18 16:59:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/18 16:53:45 | 004,735,580 | R--- | M] (Swearware) -- C:\Users\accountant\Desktop\ComboFix.exe
[2012/08/18 16:51:16 | 000,662,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/18 16:51:16 | 000,121,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/18 16:46:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/18 16:46:46 | 2608,545,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/18 14:01:06 | 000,000,512 | ---- | M] () -- C:\Users\accountant\Desktop\MBR.dat
[2012/08/18 13:56:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\accountant\Desktop\aswMBR.exe
[2012/08/18 13:55:28 | 001,545,120 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\accountant\Desktop\iExplore.exe
[2012/08/18 13:48:37 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2012/08/18 13:48:37 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2012/08/18 13:48:37 | 000,000,403 | -H-- | M] () -- C:\bdr-cf01
[2012/08/18 11:35:15 | 000,001,413 | ---- | M] () -- C:\Users\accountant\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/18 11:19:13 | 000,122,093 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/08/18 11:12:55 | 000,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2012/08/18 11:10:17 | 000,437,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/18 10:53:58 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/08/18 10:53:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/18 10:19:51 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/08/18 10:19:51 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/08/18 10:17:14 | 000,002,610 | ---- | M] () -- C:\Users\accountant\Desktop\Windows Compatibility Report.htm
[2012/08/18 07:35:24 | 000,006,283 | ---- | M] () -- C:\Users\accountant\Desktop\Attach.zip
[2012/08/18 07:31:10 | 000,000,126 | ---- | M] () -- C:\Users\accountant\Desktop\dds.htm
[2012/08/18 07:30:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\accountant\Desktop\dds.com
[2012/08/17 21:54:34 | 000,302,592 | ---- | M] () -- C:\Users\accountant\Desktop\2nil9jl8.exe
[2012/08/17 21:52:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/17 09:12:47 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/17 00:01:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/08/16 18:26:57 | 000,003,217 | ---- | M] () -- C:\Users\accountant\Desktop\Sophos Virus Removal Tool.lnk
[2012/08/16 18:07:52 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/08/16 17:55:10 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ACCOUNTING1A-Microsoft-Windows-7-Professional-(32-bit).dat
[2012/08/16 17:12:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_858
[2012/08/15 17:34:18 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2012/08/15 15:03:57 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
[2012/08/15 13:24:40 | 383,022,766 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/15 13:17:14 | 000,053,248 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2012/08/15 13:06:33 | 000,020,881 | ---- | M] () -- C:\Users\accountant\Desktop\ip.png
[2012/08/09 17:04:20 | 017,731,584 | R--- | M] () -- C:\CSI Realty Investment LLC6.30.12.QBW
[2012/08/09 17:04:20 | 005,373,952 | R--- | M] () -- C:\CSI Realty Investment LLC6.30.12.QBW.TLG
[2012/08/09 17:04:20 | 000,000,382 | ---- | M] () -- C:\CSI Realty Investment LLC6.30.12.QBW.ND
[2012/08/09 17:04:12 | 000,000,324 | ---- | M] () -- C:\Windows\CSAAPP.INI
[2012/08/09 16:07:46 | 000,000,496 | R--- | M] () -- C:\CSI Realty Investment LLC6.30.12.lgb
[2012/08/09 16:04:37 | 000,000,389 | ---- | M] () -- C:\CSI Realty Investment LLC6.30.12.QBW.DSN
[2012/08/09 16:03:11 | 000,000,388 | ---- | M] () -- C:\CSI Realty Investment LLC6.30.12.ND
[2012/08/09 16:03:04 | 000,000,362 | ---- | M] () -- C:\FL_LARSO.QBB.QBW.ND
[2012/08/09 16:03:03 | 138,842,112 | R--- | M] () -- C:\FL_LARSO.QBB.QBW
[2012/08/09 16:03:03 | 005,832,704 | R--- | M] () -- C:\FL_LARSO.QBB.QBW.TLG
[2012/08/09 15:56:37 | 000,000,389 | ---- | M] () -- C:\FL_LARSO.QBB.QBW.DSN
[2012/07/31 13:46:04 | 000,000,496 | R--- | M] () -- C:\FL_LARSO.QBB.lgb
[2012/07/31 13:40:40 | 000,000,393 | ---- | M] () -- C:\FL_LARSO.QBB.ND
[2012/07/31 13:39:47 | 110,243,840 | ---- | M] () -- C:\FL_LARSON.QBW
[2012/07/31 13:39:47 | 000,000,393 | ---- | M] () -- C:\FL_LARSON.ND
[2012/07/31 13:39:38 | 021,295,104 | R--- | M] () -- C:\Law Office Of David P Sorrenti, P.C..QBW
[2012/07/31 13:39:38 | 000,589,824 | R--- | M] () -- C:\Law Office Of David P Sorrenti, P.C..QBW.TLG
[2012/07/31 13:39:38 | 000,000,389 | ---- | M] () -- C:\FL_LARSON.QBW.DSN
[2012/07/31 13:39:38 | 000,000,386 | ---- | M] () -- C:\Law Office Of David P Sorrenti, P.C..QBW.ND
[2012/07/31 13:39:38 | 000,000,355 | ---- | M] () -- C:\FL_LARSON.QBW.ND
[2012/07/31 13:38:53 | 000,000,389 | ---- | M] () -- C:\Law Office Of David P Sorrenti, P.C..QBW.DSN
[2012/07/30 14:48:44 | 000,000,363 | ---- | M] () -- C:\DICKINSON0910.QBW.ND
[2012/07/30 14:48:43 | 072,265,728 | R--- | M] () -- C:\DICKINSON0910.QBW
[2012/07/30 14:48:43 | 003,473,408 | R--- | M] () -- C:\DICKINSON0910.QBW.TLG
[2012/07/25 16:47:38 | 141,854,280 | ---- | M] () -- C:\Users\accountant\Desktop\setup_11.0.0.1245.x01_2012_07_25_23_01.exe
[2012/07/23 11:04:27 | 000,000,389 | ---- | M] () -- C:\DICKINSON0910.QBW.DSN
[2012/07/23 11:03:48 | 096,026,624 | R--- | M] () -- C:\george_a.PICKERING.qbw
[2012/07/23 11:03:48 | 000,327,680 | R--- | M] () -- C:\george_a.PICKERING.QBW.TLG
[2012/07/23 11:03:48 | 000,000,368 | ---- | M] () -- C:\george_a.PICKERING.qbw.ND

========== Files Created - No Company Name ==========

[2012/08/18 16:54:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/18 16:54:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/18 16:54:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/18 16:54:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/18 16:54:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/18 14:01:06 | 000,000,512 | ---- | C] () -- C:\Users\accountant\Desktop\MBR.dat
[2012/08/18 13:48:37 | 000,000,403 | -H-- | C] () -- C:\bdr-cf01
[2012/08/18 13:48:10 | 035,184,649 | -H-- | C] () -- C:\bdr-im01.gz
[2012/08/18 13:48:10 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01
[2012/08/18 13:48:10 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2012/08/18 13:48:10 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2012/08/18 11:35:15 | 000,001,419 | ---- | C] () -- C:\Users\accountant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/18 11:20:17 | 2608,545,792 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/18 11:12:55 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/08/18 10:55:35 | 000,000,290 | ---- | C] () -- C:\Users\accountant\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/18 10:55:35 | 000,000,272 | ---- | C] () -- C:\Users\accountant\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/18 10:55:22 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/08/18 10:55:21 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/08/18 10:53:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/18 10:53:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/18 09:19:28 | 000,002,610 | ---- | C] () -- C:\Users\accountant\Desktop\Windows Compatibility Report.htm
[2012/08/18 09:17:57 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/08/18 09:17:57 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/08/18 07:35:24 | 000,006,283 | ---- | C] () -- C:\Users\accountant\Desktop\Attach.zip
[2012/08/18 07:31:10 | 000,000,126 | ---- | C] () -- C:\Users\accountant\Desktop\dds.htm
[2012/08/17 21:54:34 | 000,302,592 | ---- | C] () -- C:\Users\accountant\Desktop\2nil9jl8.exe
[2012/08/17 09:27:18 | 141,854,280 | ---- | C] () -- C:\Users\accountant\Desktop\setup_11.0.0.1245.x01_2012_07_25_23_01.exe
[2012/08/17 00:16:14 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/17 00:01:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/08/16 18:26:57 | 000,003,217 | ---- | C] () -- C:\Users\accountant\Desktop\Sophos Virus Removal Tool.lnk
[2012/08/16 18:04:35 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/08/16 17:55:10 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ACCOUNTING1A-Microsoft-Windows-7-Professional-(32-bit).dat
[2012/08/15 17:49:00 | 000,000,347 | ---- | C] () -- C:\Windows\System32\checkdnsid.xml
[2012/08/15 17:34:18 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2012/08/15 13:17:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2012/08/15 13:06:33 | 000,020,881 | ---- | C] () -- C:\Users\accountant\Desktop\ip.png
[2012/08/14 09:57:54 | 383,022,766 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/09 16:07:46 | 000,000,496 | R--- | C] () -- C:\CSI Realty Investment LLC6.30.12.lgb
[2012/08/09 16:03:19 | 005,373,952 | R--- | C] () -- C:\CSI Realty Investment LLC6.30.12.QBW.TLG
[2012/08/09 16:03:11 | 000,000,388 | ---- | C] () -- C:\CSI Realty Investment LLC6.30.12.ND
[2012/08/09 16:03:01 | 017,731,584 | R--- | C] () -- C:\CSI Realty Investment LLC6.30.12.QBW
[2012/08/09 16:03:01 | 000,000,389 | ---- | C] () -- C:\CSI Realty Investment LLC6.30.12.QBW.DSN
[2012/08/09 16:03:01 | 000,000,382 | ---- | C] () -- C:\CSI Realty Investment LLC6.30.12.QBW.ND
[2012/07/31 13:46:04 | 000,000,496 | R--- | C] () -- C:\FL_LARSO.QBB.lgb
[2012/07/31 13:40:49 | 005,832,704 | R--- | C] () -- C:\FL_LARSO.QBB.QBW.TLG
[2012/07/31 13:40:40 | 000,000,393 | ---- | C] () -- C:\FL_LARSO.QBB.ND
[2012/07/31 13:40:38 | 138,842,112 | R--- | C] () -- C:\FL_LARSO.QBB.QBW
[2012/07/31 13:40:38 | 000,000,389 | ---- | C] () -- C:\FL_LARSO.QBB.QBW.DSN
[2012/07/31 13:40:38 | 000,000,362 | ---- | C] () -- C:\FL_LARSO.QBB.QBW.ND
[2012/07/31 13:39:47 | 000,000,393 | ---- | C] () -- C:\FL_LARSON.ND
[2012/07/31 13:39:38 | 110,243,840 | ---- | C] () -- C:\FL_LARSON.QBW
[2012/07/31 13:39:38 | 000,000,389 | ---- | C] () -- C:\FL_LARSON.QBW.DSN
[2012/07/31 13:39:38 | 000,000,355 | ---- | C] () -- C:\FL_LARSON.QBW.ND
[2012/01/03 16:46:48 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/12/28 15:52:04 | 000,304,640 | ---- | C] () -- C:\Windows\System32\O2PSEPR.DLL
[2011/12/28 15:52:04 | 000,095,232 | ---- | C] () -- C:\Windows\System32\OSMFC.DLL
[2011/12/28 11:44:50 | 000,000,324 | ---- | C] () -- C:\Windows\CSAAPP.INI
[2011/12/28 11:07:45 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/12/28 09:31:38 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/15 13:43:53 | 000,030,895 | ---- | C] () -- C:\Windows\System32\drivers\Mixer.ini
[2011/12/15 13:43:50 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/12/15 13:43:50 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/12/15 13:43:49 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/15 12:08:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011/08/19 22:26:28 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2011/08/19 22:26:28 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2011/08/19 22:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\System32\Gsw32.exe.config
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/08/18 11:07:06 | 000,000,000 | ---D | M] -- C:\Users\accountant\AppData\Roaming\AVG2012
[2012/08/18 13:48:11 | 000,000,000 | ---D | M] -- C:\Users\accountant\AppData\Roaming\Bitdefender
[2012/02/14 14:54:11 | 000,000,000 | ---D | M] -- C:\Users\accountant\AppData\Roaming\PDFlyer
[2012/08/15 17:32:47 | 000,000,000 | ---D | M] -- C:\Users\accountant\AppData\Roaming\QuickScan
[2012/08/18 11:07:08 | 000,000,000 | ---D | M] -- C:\Users\accountant\AppData\Roaming\TeamViewer
[2009/07/14 00:53:46 | 000,002,886 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Broni · Aug 18, 2012

Is BitDefender your current AV program?

I still need Extras.txt.

mjamike · Aug 18, 2012

Bitdefender is a trial. Willing to use anything. I ran OTL again and it only pops up one log file at the end. I checked for an extras one on the desktop (where I ran otl.exe from) and its not there. Any guess as to why?

Broni · Aug 18, 2012

That's OK.

Is BD working OK at this moment?

OTL log is clean

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

mjamike · Aug 18, 2012

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 30
Java 7 Update 6
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
doing others now...

mjamike · Aug 18, 2012

Farbar Service Scanner Version: 06-08-2012
Ran by accountant (administrator) on 18-08-2012 at 22:13:34
Running from "C:\Users\accountant\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2010-11-20 17:29] - [2010-11-20 17:29] - 0132608 ____A (Microsoft Corporation) 2FE30D71919C51131405797620E0A714
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

mjamike · Aug 18, 2012

ESET found nothing. No log. Hmmmmmm. Event viewer shows that the windows defender service is shutting down. I just tried opening event viewer and MMC crashed. Ugh! I've also tried an in place upgrade to repair the windows installation and SFC. I am running out of ideas. You've all been so helpful! I just don't want to give in and reload the OS!

Broni · Aug 19, 2012

Uninstall Java(TM) 6 Update 30.

Windows Defender is totally useless so I strongly suggest you keep it OFF.

Is BitDefender working OK?

mjamike · Aug 19, 2012

Windows defender was on because I had removed bit defender temporarily. I reinstalled bitdefender and its still not working. The service randomly stops. I've never seen an infection like this.

Broni · Aug 19, 2012

I don't think it's an infection anymore.
I don't see anything malicious.

Uninstall BitDefender.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Let me know how it goes.

mjamike · Aug 19, 2012

Broni,
First of all - thanks for everything. Now, I installed Avast and it worked normally. It scanned and found nothing to be concerned with. More importantly, its service never unexpectedly quit like MSE, Bit & Kaspersky. After running avast scan I uninstalled it and put Bitdefender back in and sure enough it kept quitting. At that point I threw in the towel and restored the factory image of the PC (dell optiplex 390 with windows 7 pro 32-bit). Once the restore completed I installed MSE and THE PROBLEM WAS STILL THERE! The service just quits. Have you ever seen anything like this? I actually formatted the OS partition before manually restoring the Dell factory WIM. My only plan now is to install a new drive and load it from scratch to see what happens.

I'm beyond baffled.

Broni · Aug 19, 2012

This is beyond the scope of this forum.

In here we only deal with infected computers.
Since you reinstalled Windows....

Inactive Sirefef-BB

Posts: 16 +0

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 16 +0

Posts: 16 +0

Attachments

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 16 +0

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Attachments

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Similar threads