Sirefef-BB

Inactive
By mjamike
Aug 16, 2012
  1. Hello,
    I am new to the forum. I'd greatly appreciate a fixlist.txt for this...

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012
    Ran by SYSTEM at 16-08-2012 21:24:59
    Running from F:\
    Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [142616 2011-06-28] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [176408 2011-06-28] (Intel Corporation)
    HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
    HKLM\...\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
    HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
    HKLM\...\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2011-12-06] (Intuit Inc. All rights reserved.)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
    HKU\QBDataServiceUser22\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)

    ================================ Services (Whitelisted) ==================

    2 atashost; "C:\Windows\system32\atashost.exe" [134456 2012-07-17] (Cisco WebEx LLC)
    2 CSAPrintService; C:\Windows\csasvc.exe [118784 2009-11-10] (Thomson Reuters)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe" Start=service [16680 2012-01-12] (Citrix Online, a division of Citrix Systems, Inc.)
    2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-23] (Intel Corporation)
    2 QBVSS; "C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe" [1248256 2011-08-19] (Intuit Inc.)
    3 QuickBooksDB22; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB22 [679936 2011-08-19] (Intuit, Inc.)
    3 RoxMediaDB12OEM; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
    2 RoxWatch12; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
    2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

    ========================== Drivers (Whitelisted) =============

    3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
    3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
    3 catchme; \??\C:\Users\ACCOUN~1\AppData\Local\Temp\catchme.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-16 15:31 - 2012-08-16 15:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-16 15:26 - 2012-08-16 15:26 - 00254152 ____A (Secure By Design Inc.) C:\Users\accountant\Downloads\Ninite Essentials Installer.exe
    2012-08-16 15:19 - 2012-08-16 15:19 - 04009167 ____A C:\Users\accountant\Downloads\ServicesRepair.exe
    2012-08-16 15:18 - 2012-08-16 15:18 - 00138120 ____A (ESET) C:\Users\accountant\Downloads\ESETSirefefRemover.exe
    2012-08-16 15:13 - 2012-08-16 15:15 - 02030547 ____A C:\Users\accountant\Downloads\EZ_Sirefix.exe
    2012-08-16 14:27 - 2012-08-16 14:27 - 00000000 ____D C:\Users\All Users\Sophos
    2012-08-16 14:26 - 2012-08-16 14:26 - 77801992 ____A (Sophos Limited) C:\Users\accountant\Downloads\Sophos Virus Removal Tool.exe
    2012-08-16 14:26 - 2012-08-16 14:26 - 00003217 ____A C:\Users\accountant\Desktop\Sophos Virus Removal Tool.lnk
    2012-08-16 14:26 - 2012-08-16 14:26 - 00000000 ____D C:\Program Files\Sophos
    2012-08-16 14:04 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
    2012-08-16 13:55 - 2012-08-16 14:07 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-08-16 13:55 - 2012-08-16 13:55 - 00000207 ____A C:\Windows\tweaking.com-regbackup-ACCOUNTING1A-Microsoft-Windows-7-Professional-(32-bit).dat
    2012-08-16 13:55 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2012-08-16 13:54 - 2012-08-16 13:54 - 00000000 ____D C:\RegBackup
    2012-08-16 13:53 - 2012-08-16 13:53 - 00002239 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2012-08-16 13:53 - 2012-08-16 13:53 - 00000000 ____D C:\Program Files\Tweaking.com
    2012-08-16 13:49 - 2012-08-16 15:15 - 00000000 ____D C:\Users\Public\Desktop\CC Support
    2012-08-16 13:13 - 2012-08-16 13:13 - 00014705 ____A C:\ComboFix.txt
    2012-08-16 13:01 - 2012-08-16 13:01 - 00000000 ____D C:\Users\accountant\AppData\Roaming\TeamViewer
    2012-08-16 12:53 - 2012-08-16 12:53 - 00001917 ____A C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
    2012-08-16 12:32 - 2012-08-16 12:32 - 00000000 ____D C:\Users\All Users\Dumps
    2012-08-16 11:26 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-08-16 11:24 - 2012-08-16 11:24 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-08-16 11:24 - 2012-08-16 11:24 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
    2012-08-16 11:24 - 2012-08-16 11:24 - 00000000 ____D C:\Program Files\Common Files\Java
    2012-08-16 10:31 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-16 10:31 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-16 10:31 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-16 10:31 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-16 10:31 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-16 10:31 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-16 10:31 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-16 10:31 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-16 10:31 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-16 10:31 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-16 10:31 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-16 10:31 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-16 10:31 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-16 10:31 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-16 10:30 - 2012-07-18 09:47 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-16 10:30 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-16 10:30 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-16 10:30 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-16 10:30 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-08-16 10:30 - 2012-05-04 23:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-16 10:30 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-16 10:30 - 2012-02-10 21:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-16 10:19 - 2012-08-16 10:19 - 00000000 ____D C:\Windows\SoftwareDistribution.old
    2012-08-16 10:06 - 2012-08-16 10:06 - 00000376 ____A C:\Users\accountant\AppData\Roamingprivacy.xml
    2012-08-15 13:49 - 2012-08-16 09:45 - 00000347 ____A C:\Windows\System32\checkdnsid.xml
    2012-08-15 13:37 - 2012-08-15 13:37 - 00000000 ____D C:\Users\All Users\bdch
    2012-08-15 13:34 - 2012-08-15 13:34 - 00000385 ____A C:\Windows\System32\user_gensett.xml
    2012-08-15 13:33 - 2012-08-15 13:33 - 00000000 ____D C:\Users\All Users\BDLogging
    2012-08-15 13:33 - 2009-07-14 10:27 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
    2012-08-15 13:33 - 2007-04-11 07:11 - 00511328 ____A (Microsoft Corporation) C:\Windows\capicom.dll
    2012-08-15 13:32 - 2012-08-16 12:36 - 00000000 ____D C:\Program Files\Bitdefender
    2012-08-15 13:32 - 2012-08-16 12:34 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2012-08-15 13:32 - 2012-08-15 13:32 - 02426224 ____A C:\Users\accountant\Downloads\bitdefender_antivirus.exe
    2012-08-15 13:32 - 2012-08-15 13:32 - 00000000 ____D C:\Users\accountant\AppData\Roaming\QuickScan
    2012-08-15 11:13 - 2012-08-15 11:13 - 00017408 ____A C:\Users\accountant\AppData\Local\WebpageIcons.db
    2012-08-15 10:56 - 2012-08-15 10:57 - 181528160 ____A (Kaspersky Lab) C:\Users\accountant\Downloads\kav2012_12.0.0.374aEN_2839.exe
    2012-08-15 10:02 - 2012-08-15 10:02 - 03098616 ____A (Secunia) C:\Users\accountant\Downloads\PSISetup.exe
    2012-08-15 10:02 - 2012-08-15 10:02 - 00000000 ____D C:\Users\accountant\AppData\Local\Secunia PSI
    2012-08-15 10:02 - 2012-08-15 10:02 - 00000000 ____D C:\Program Files\Secunia
    2012-08-15 09:40 - 2012-08-16 13:14 - 00000000 ____D C:\Qoobox
    2012-08-15 09:40 - 2012-08-15 09:54 - 00000000 ____D C:\Windows\erdnt
    2012-08-15 09:40 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-08-15 09:40 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-08-15 09:40 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-08-15 09:40 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-08-15 09:40 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-08-15 09:40 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-08-15 09:40 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-08-15 09:40 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-08-15 09:30 - 2012-08-15 09:30 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-08-15 09:25 - 2012-08-15 09:25 - 00144936 ____A C:\Windows\Minidump\081512-43555-01.dmp
    2012-08-15 09:17 - 2012-08-15 09:17 - 00053248 ____A C:\Windows\System32\zlib.dll
    2012-08-15 09:16 - 2012-08-16 13:28 - 00000000 ____D C:\Users\accountant\Desktop\D7
    2012-08-15 09:15 - 2012-08-16 15:12 - 00000583 ____A C:\Users\accountant\Desktop\notes.txt
    2012-08-15 09:10 - 2012-08-15 09:10 - 00000000 ____D C:\smtmp
    2012-08-15 09:07 - 2012-08-15 09:10 - 00000064 ____A C:\Users\All Users\-o7Df7eFNHOSv6Sr
    2012-08-15 09:07 - 2012-08-15 09:10 - 00000064 ____A C:\Users\All Users\-o7Df7eFNHOSv6S
    2012-08-14 05:58 - 2012-08-15 09:25 - 00000000 ____D C:\Windows\Minidump
    2012-08-14 05:58 - 2012-08-14 05:58 - 00151112 ____A C:\Windows\Minidump\081412-47923-01.dmp
    2012-08-14 05:57 - 2012-08-15 09:24 - 383022766 ____A C:\Windows\MEMORY.DMP
    2012-08-09 12:07 - 2012-08-09 12:07 - 00000496 ___RA C:\CSI Realty Investment LLC6.30.12.lgb
    2012-08-09 12:03 - 2012-08-09 13:04 - 17731584 ___RA C:\CSI Realty Investment LLC6.30.12.QBW
    2012-08-09 12:03 - 2012-08-09 13:04 - 05373952 ___RA C:\CSI Realty Investment LLC6.30.12.QBW.TLG
    2012-08-09 12:03 - 2012-08-09 13:04 - 00000382 ____A C:\CSI Realty Investment LLC6.30.12.QBW.ND
    2012-08-09 12:03 - 2012-08-09 12:04 - 00000389 ____A C:\CSI Realty Investment LLC6.30.12.QBW.DSN
    2012-08-09 12:03 - 2012-08-09 12:03 - 00000388 ____A C:\CSI Realty Investment LLC6.30.12.ND
    2012-08-09 12:03 - 2012-08-09 12:03 - 00000000 ____D C:\Restored_CSI Realty Investment LLC6.30.12_Files
    2012-07-31 09:46 - 2012-07-31 09:46 - 00000496 ___RA C:\FL_LARSO.QBB.lgb
    2012-07-31 09:40 - 2012-08-09 12:03 - 138842112 ___RA C:\FL_LARSO.QBB.QBW
    2012-07-31 09:40 - 2012-08-09 12:03 - 05832704 ___RA C:\FL_LARSO.QBB.QBW.TLG
    2012-07-31 09:40 - 2012-08-09 12:03 - 00000362 ____A C:\FL_LARSO.QBB.QBW.ND
    2012-07-31 09:40 - 2012-08-09 11:56 - 00000389 ____A C:\FL_LARSO.QBB.QBW.DSN
    2012-07-31 09:40 - 2012-07-31 09:40 - 00000393 ____A C:\FL_LARSO.QBB.ND
    2012-07-31 09:40 - 2012-07-31 09:40 - 00000000 ____D C:\Restored_FL_LARSO.QBB_Files
    2012-07-31 09:39 - 2012-07-31 09:39 - 110243840 ____A C:\FL_LARSON.QBW
    2012-07-31 09:39 - 2012-07-31 09:39 - 00000393 ____A C:\FL_LARSON.ND
    2012-07-31 09:39 - 2012-07-31 09:39 - 00000389 ____A C:\FL_LARSON.QBW.DSN
    2012-07-31 09:39 - 2012-07-31 09:39 - 00000355 ____A C:\FL_LARSON.QBW.ND
    2012-07-31 09:39 - 2012-07-31 09:39 - 00000000 ____D C:\Restored_FL_LARSON_Files
    2012-07-19 14:20 - 2012-07-19 14:20 - 00000496 ___RA C:\george_a.PICKERING.lgb
    2012-07-17 09:03 - 2012-07-19 07:06 - 00000000 ____D C:\Users\All Users\WebEx
    2012-07-17 08:58 - 2012-07-17 08:58 - 00170738 ____A C:\Users\accountant\Downloads\WBXRemoveTool.zip
    2012-07-17 08:41 - 2012-07-17 08:41 - 00217400 ____A (Cisco WebEx LLC) C:\Windows\System32\atsckernel.exe
    2012-07-17 08:41 - 2012-07-17 08:41 - 00134456 ____A (Cisco WebEx LLC) C:\Windows\System32\atashost.exe


    ============ 3 Months Modified Files ========================

    2012-08-16 17:14 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-16 17:14 - 2009-07-13 20:39 - 00049306 ____A C:\Windows\setupact.log
    2012-08-16 17:14 - 2009-07-13 20:34 - 00021312 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-16 17:14 - 2009-07-13 20:34 - 00021312 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-16 17:11 - 2011-12-15 07:58 - 01481260 ____A C:\Windows\WindowsUpdate.log
    2012-08-16 15:31 - 2012-05-03 06:55 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-16 15:31 - 2010-11-20 13:01 - 00800016 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-16 15:26 - 2012-08-16 15:26 - 00254152 ____A (Secure By Design Inc.) C:\Users\accountant\Downloads\Ninite Essentials Installer.exe
    2012-08-16 15:19 - 2012-08-16 15:19 - 04009167 ____A C:\Users\accountant\Downloads\ServicesRepair.exe
    2012-08-16 15:18 - 2012-08-16 15:18 - 00138120 ____A (ESET) C:\Users\accountant\Downloads\ESETSirefefRemover.exe
    2012-08-16 15:15 - 2012-08-16 15:13 - 02030547 ____A C:\Users\accountant\Downloads\EZ_Sirefix.exe
    2012-08-16 15:12 - 2012-08-15 09:15 - 00000583 ____A C:\Users\accountant\Desktop\notes.txt
    2012-08-16 14:56 - 2012-04-11 03:57 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-16 14:26 - 2012-08-16 14:26 - 77801992 ____A (Sophos Limited) C:\Users\accountant\Downloads\Sophos Virus Removal Tool.exe
    2012-08-16 14:26 - 2012-08-16 14:26 - 00003217 ____A C:\Users\accountant\Desktop\Sophos Virus Removal Tool.lnk
    2012-08-16 14:10 - 2011-12-28 05:57 - 00124464 ____A C:\Users\accountant\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-16 14:09 - 2009-07-13 20:33 - 00436384 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-16 14:07 - 2012-08-16 13:55 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2012-08-16 13:55 - 2012-08-16 13:55 - 00000207 ____A C:\Windows\tweaking.com-regbackup-ACCOUNTING1A-Microsoft-Windows-7-Professional-(32-bit).dat
    2012-08-16 13:53 - 2012-08-16 13:53 - 00002239 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2012-08-16 13:15 - 2010-11-20 13:48 - 00123400 ____A C:\Windows\PFRO.log
    2012-08-16 13:13 - 2012-08-16 13:13 - 00014705 ____A C:\ComboFix.txt
    2012-08-16 13:12 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
    2012-08-16 13:12 - 2009-07-13 18:04 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts_bak_858
    2012-08-16 12:53 - 2012-08-16 12:53 - 00001917 ____A C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
    2012-08-16 11:24 - 2012-08-16 11:24 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-08-16 11:24 - 2012-08-16 11:24 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
    2012-08-16 11:24 - 2011-12-25 12:03 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-08-16 11:24 - 2011-12-25 12:03 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-08-16 11:24 - 2011-12-25 12:03 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-08-16 11:24 - 2011-12-15 08:07 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-08-16 10:34 - 2011-12-25 11:53 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-16 10:06 - 2012-08-16 10:06 - 00000376 ____A C:\Users\accountant\AppData\Roamingprivacy.xml
    2012-08-16 09:45 - 2012-08-15 13:49 - 00000347 ____A C:\Windows\System32\checkdnsid.xml
    2012-08-15 13:34 - 2012-08-15 13:34 - 00000385 ____A C:\Windows\System32\user_gensett.xml
    2012-08-15 13:32 - 2012-08-15 13:32 - 02426224 ____A C:\Users\accountant\Downloads\bitdefender_antivirus.exe
    2012-08-15 11:13 - 2012-08-15 11:13 - 00017408 ____A C:\Users\accountant\AppData\Local\WebpageIcons.db
    2012-08-15 11:03 - 2012-02-09 05:01 - 00002016 ____A C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
    2012-08-15 10:57 - 2012-08-15 10:56 - 181528160 ____A (Kaspersky Lab) C:\Users\accountant\Downloads\kav2012_12.0.0.374aEN_2839.exe
    2012-08-15 10:56 - 2012-04-11 03:57 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-15 10:56 - 2011-12-15 08:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-15 10:02 - 2012-08-15 10:02 - 03098616 ____A (Secunia) C:\Users\accountant\Downloads\PSISetup.exe
    2012-08-15 09:25 - 2012-08-15 09:25 - 00144936 ____A C:\Windows\Minidump\081512-43555-01.dmp
    2012-08-15 09:24 - 2012-08-14 05:57 - 383022766 ____A C:\Windows\MEMORY.DMP
    2012-08-15 09:17 - 2012-08-15 09:17 - 00053248 ____A C:\Windows\System32\zlib.dll
    2012-08-15 09:10 - 2012-08-15 09:07 - 00000064 ____A C:\Users\All Users\-o7Df7eFNHOSv6Sr
    2012-08-15 09:10 - 2012-08-15 09:07 - 00000064 ____A C:\Users\All Users\-o7Df7eFNHOSv6S
    2012-08-14 05:58 - 2012-08-14 05:58 - 00151112 ____A C:\Windows\Minidump\081412-47923-01.dmp
    2012-08-11 00:07 - 2011-12-28 05:30 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl
    2012-08-09 13:04 - 2012-08-09 12:03 - 17731584 ___RA C:\CSI Realty Investment LLC6.30.12.QBW
    2012-08-09 13:04 - 2012-08-09 12:03 - 05373952 ___RA C:\CSI Realty Investment LLC6.30.12.QBW.TLG
    2012-08-09 13:04 - 2012-08-09 12:03 - 00000382 ____A C:\CSI Realty Investment LLC6.30.12.QBW.ND
    2012-08-09 13:04 - 2011-12-28 07:44 - 00000324 ____A C:\Windows\CSAAPP.INI
    2012-08-09 12:07 - 2012-08-09 12:07 - 00000496 ___RA C:\CSI Realty Investment LLC6.30.12.lgb
    2012-08-09 12:04 - 2012-08-09 12:03 - 00000389 ____A C:\CSI Realty Investment LLC6.30.12.QBW.DSN
    2012-08-09 12:03 - 2012-08-09 12:03 - 00000388 ____A C:\CSI Realty Investment LLC6.30.12.ND
    2012-08-09 12:03 - 2012-07-31 09:40 - 138842112 ___RA C:\FL_LARSO.QBB.QBW
    2012-08-09 12:03 - 2012-07-31 09:40 - 05832704 ___RA C:\FL_LARSO.QBB.QBW.TLG
    2012-08-09 12:03 - 2012-07-31 09:40 - 00000362 ____A C:\FL_LARSO.QBB.QBW.ND
    2012-08-09 11:56 - 2012-07-31 09:40 - 00000389 ____A C:\FL_LARSO.QBB.QBW.DSN
    2012-08-04 03:13 - 2009-07-13 20:53 - 00022182 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-31 09:46 - 2012-07-31 09:46 - 00000496 ___RA C:\FL_LARSO.QBB.lgb
    2012-07-31 09:40 - 2012-07-31 09:40 - 00000393 ____A C:\FL_LARSO.QBB.ND
    2012-07-31 09:39 - 2012-07-31 09:39 - 110243840 ____A C:\FL_LARSON.QBW
    2012-07-31 09:39 - 2012-07-31 09:39 - 00000393 ____A C:\FL_LARSON.ND
    2012-07-31 09:39 - 2012-07-31 09:39 - 00000389 ____A C:\FL_LARSON.QBW.DSN
    2012-07-31 09:39 - 2012-07-31 09:39 - 00000355 ____A C:\FL_LARSON.QBW.ND
    2012-07-31 09:39 - 2012-03-28 04:23 - 00000386 ____A C:\Law Office Of David P Sorrenti, P.C..QBW.ND
    2012-07-31 09:39 - 2012-03-28 04:21 - 21295104 ___RA C:\Law Office Of David P Sorrenti, P.C..QBW
    2012-07-31 09:39 - 2011-12-28 06:37 - 00589824 ___RA C:\Law Office Of David P Sorrenti, P.C..QBW.TLG
    2012-07-31 09:38 - 2012-03-28 04:23 - 00000389 ____A C:\Law Office Of David P Sorrenti, P.C..QBW.DSN
    2012-07-30 10:48 - 2012-04-07 11:50 - 03473408 ___RA C:\DICKINSON0910.QBW.TLG
    2012-07-30 10:48 - 2012-04-07 11:49 - 72265728 ___RA C:\DICKINSON0910.QBW
    2012-07-30 10:48 - 2012-04-07 11:49 - 00000363 ____A C:\DICKINSON0910.QBW.ND
    2012-07-23 07:04 - 2012-04-07 11:49 - 00000389 ____A C:\DICKINSON0910.QBW.DSN
    2012-07-23 07:03 - 2012-02-28 06:00 - 96026624 ___RA C:\george_a.PICKERING.qbw
    2012-07-23 07:03 - 2012-02-28 06:00 - 00327680 ___RA C:\george_a.PICKERING.QBW.TLG
    2012-07-23 07:03 - 2012-02-28 06:00 - 00000368 ____A C:\george_a.PICKERING.qbw.ND
    2012-07-19 14:20 - 2012-07-19 14:20 - 00000496 ___RA C:\george_a.PICKERING.lgb
    2012-07-19 14:20 - 2012-02-28 06:00 - 00000389 ____A C:\george_a.PICKERING.qbw.DSN
    2012-07-18 09:47 - 2012-08-16 10:30 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-17 10:48 - 2012-07-02 05:08 - 06684672 ___RA C:\NE Patriot Truck Tire Inc.QBW.TLG
    2012-07-17 10:48 - 2012-07-02 05:07 - 198266880 ___RA C:\NE Patriot Truck Tire Inc.QBW
    2012-07-17 10:48 - 2012-07-02 05:07 - 00000375 ____A C:\NE Patriot Truck Tire Inc.QBW.ND
    2012-07-17 10:33 - 2012-07-02 05:07 - 00000389 ____A C:\NE Patriot Truck Tire Inc.QBW.DSN
    2012-07-17 08:58 - 2012-07-17 08:58 - 00170738 ____A C:\Users\accountant\Downloads\WBXRemoveTool.zip
    2012-07-17 08:41 - 2012-07-17 08:41 - 00217400 ____A (Cisco WebEx LLC) C:\Windows\System32\atsckernel.exe
    2012-07-17 08:41 - 2012-07-17 08:41 - 00134456 ____A (Cisco WebEx LLC) C:\Windows\System32\atashost.exe
    2012-07-13 04:04 - 2011-12-28 11:52 - 00001476 ____A C:\Users\accountant\Desktop\ProSystem fx Tax.LNK
    2012-07-13 04:04 - 2011-12-28 07:22 - 00670574 ____A C:\sysfile.log
    2012-07-12 08:22 - 2012-03-06 10:28 - 00000365 ____A C:\Club eX (PandL).QBW.ND
    2012-07-12 08:22 - 2012-03-06 10:27 - 31801344 ___RA C:\Club eX (PandL).QBW
    2012-07-12 08:22 - 2012-03-06 10:27 - 03735552 ___RA C:\Club eX (PandL).QBW.TLG
    2012-07-12 05:22 - 2012-03-06 10:28 - 00000389 ____A C:\Club eX (PandL).QBW.DSN
    2012-07-12 05:21 - 2012-03-12 10:01 - 10616832 ___RA C:\62_PORTER STREET RENTAL.QBW
    2012-07-12 05:21 - 2012-03-12 10:01 - 00327680 ___RA C:\62_PORTER STREET RENTAL.QBW.TLG
    2012-07-12 05:21 - 2012-03-12 10:01 - 00000389 ____A C:\62_PORTER STREET RENTAL.QBW.DSN
    2012-07-12 05:21 - 2012-03-12 10:01 - 00000373 ____A C:\62_PORTER STREET RENTAL.QBW.ND
    2012-07-11 23:01 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
    2012-07-11 23:00 - 2012-07-11 23:00 - 00264530 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-07-04 13:16 - 2012-08-16 10:30 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 13:14 - 2012-08-16 10:30 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 13:14 - 2012-08-16 10:30 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-02 05:17 - 2012-07-02 05:17 - 00000496 ___RA C:\NE Patriot Truck Tire Inc.lgb
    2012-07-02 05:08 - 2012-07-02 05:08 - 00000521 ____A C:\NE Patriot Truck Tire Inc.ND
    2012-07-02 05:07 - 2012-04-03 06:02 - 00327680 ___RA C:\Dickinson Weymouth Building.QBW.TLG
    2012-07-02 05:07 - 2012-04-03 06:01 - 11735040 ___RA C:\Dickinson Weymouth Building.qbw
    2012-07-02 05:07 - 2012-04-03 06:01 - 00000389 ____A C:\Dickinson Weymouth Building.qbw.DSN
    2012-07-02 05:07 - 2012-04-03 06:01 - 00000377 ____A C:\Dickinson Weymouth Building.qbw.ND
    2012-06-28 16:52 - 2012-08-16 10:31 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 16:27 - 2012-08-16 10:31 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 16:16 - 2012-08-16 10:31 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 16:09 - 2012-08-16 10:31 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 16:09 - 2012-08-16 10:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 16:08 - 2012-08-16 10:31 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-16 10:31 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 16:06 - 2012-08-16 10:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 16:04 - 2012-08-16 10:31 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 16:04 - 2012-08-16 10:31 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-16 10:31 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 16:01 - 2012-08-16 10:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 16:00 - 2012-08-16 10:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 15:57 - 2012-08-16 10:31 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
    2012-06-21 05:27 - 2012-04-10 09:43 - 148955136 ___RA C:\kwalterqbb.QBW
    2012-06-21 05:27 - 2012-04-10 09:43 - 02490368 ___RA C:\kwalterqbb.QBW.TLG
    2012-06-21 05:27 - 2012-04-10 09:43 - 00000360 ____A C:\kwalterqbb.QBW.ND
    2012-06-21 05:26 - 2012-04-10 09:43 - 00000389 ____A C:\kwalterqbb.QBW.DSN
    2012-06-19 04:56 - 2012-03-29 12:38 - 00000368 ____A C:\MccormickInsurance.QBW.ND
    2012-06-13 23:18 - 2012-03-29 12:38 - 69038080 ___RA C:\MccormickInsurance.QBW
    2012-06-13 23:18 - 2012-03-29 12:38 - 00589824 ___RA C:\MccormickInsurance.QBW.TLG
    2012-06-12 04:45 - 2012-03-29 12:38 - 00000389 ____A C:\MccormickInsurance.QBW.DSN
    2012-06-08 20:41 - 2012-07-11 01:01 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-06 16:59 - 2012-06-06 16:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
    2012-06-05 21:05 - 2012-07-11 01:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 01:01 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 01:01 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 12:05 - 2012-06-05 11:05 - 17641472 ___RA C:\Advanced Service Inc.2011.QBW
    2012-06-05 12:05 - 2012-06-05 11:05 - 02883584 ___RA C:\Advanced Service Inc.2011.QBW.TLG
    2012-06-05 12:05 - 2012-06-05 11:05 - 00000375 ____A C:\Advanced Service Inc.2011.QBW.ND
    2012-06-05 11:18 - 2012-06-05 11:18 - 00000496 ___RA C:\Advanced Service Inc.2011.lgb
    2012-06-05 11:06 - 2012-06-05 11:05 - 00000389 ____A C:\Advanced Service Inc.2011.QBW.DSN
    2012-06-05 11:05 - 2012-06-05 11:05 - 00000417 ____A C:\Advanced Service Inc.2011.ND
    2012-06-05 11:03 - 2012-04-24 09:03 - 06619136 ___RA C:\Advanced Service Inc..QBW.TLG
    2012-06-05 10:03 - 2012-04-24 09:09 - 00000496 ___RA C:\Advanced Service Inc..lgb
    2012-06-02 14:19 - 2012-06-20 21:43 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-20 21:43 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-20 21:43 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-20 21:43 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-20 21:43 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-20 21:43 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-20 21:43 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-20 21:43 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:12 - 2012-06-20 21:43 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 20:45 - 2012-07-11 01:01 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 20:45 - 2012-07-11 01:01 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 20:40 - 2012-07-11 01:01 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 20:40 - 2012-07-11 01:01 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 20:39 - 2012-07-11 01:01 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 05:48 - 2012-04-10 12:04 - 25780224 ___RA C:\KDS Vending Inc..QBW
    2012-06-01 05:48 - 2012-04-10 12:04 - 00327680 ___RA C:\KDS Vending Inc..QBW.TLG
    2012-06-01 05:48 - 2012-04-10 12:04 - 00000366 ____A C:\KDS Vending Inc..QBW.ND
    2012-06-01 05:46 - 2012-04-10 12:04 - 00000389 ____A C:\KDS Vending Inc..QBW.DSN
    2012-05-31 08:25 - 2011-12-25 11:53 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-29 07:19 - 2012-03-15 11:01 - 00000358 ____A C:\Ability_.QBW.ND
    2012-05-29 07:16 - 2012-03-15 11:01 - 28905472 ___RA C:\Ability_.QBW
    2012-05-29 07:16 - 2012-03-15 11:01 - 06553600 ___RA C:\Ability_.QBW.TLG
    2012-05-22 04:33 - 2012-05-22 04:33 - 01393736 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\accountant\gotomypc_626.exe
    2012-05-21 12:57 - 2012-03-15 11:01 - 00000389 ____A C:\Ability_.QBW.DSN

    ZeroAccess:
    C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}
    C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}\L
    C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}\U
    C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}\L\00000004.@
    C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}\L\201d3dde

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 13%
    Total physical RAM: 4068.94 MB
    Available physical RAM: 3537.97 MB
    Total Pagefile: 4067.23 MB
    Available Pagefile: 3540.37 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.68 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:221.54 GB) (Free:161.08 GB) NTFS
    3 Drive f: (HIRENS) (Removable) (Total:3.72 GB) (Free:2.88 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (RECOVERY) (Fixed) (Total:11.29 GB) (Free:6.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 3822 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 11 GB 40 MB
    Partition 3 Primary 221 GB 11 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 11 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 221 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3821 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F HIRENS FAT32 Removable 3821 MB Healthy

    ==================================================================================

    Last Boot: 2012-08-06 20:06

    ======================= End Of Log ==========================

    Here's the search.txt

    Farbar Recovery Scan Tool Version: 15-08-2012
    Ran by SYSTEM at 2012-08-16 21:34:19
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\erdnt\cache\services.exe
    [2012-08-15 09:54] - [2012-08-15 09:32] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    === End Of Search ===
  2. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    I made my own fixlist.txt that looks like this:


    start
    SubSystems: [Windows] ==> ZeroAccess
    C:\Windows\System32\consrv.dll
    C:\Windows\Installer\{67e3dd18-32c0-b79c-cbac-30c508c782b5}
    end
    It seemed to do the trick, but then the user mode varient was detected. I then ran KillZA (https://sites.google.com/a/obxcompguy.com/foolish-it/vb6-projects/killza) which appears to have taken care of the rest of it.
    - Mike
  3. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    You did fine with your script :)

    I still suggest we run some scans to make sure nothing is hiding.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
  4. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    I will run more scans. I got anxious and attempted to run a bitdefender scan but its service quits during the middle of the operation. The same happens with MSE. I'm wondering if I have a new variation?
  5. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Skip AV scan for now.
    Post other logs.
  6. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    Hello - here are the logs...

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.17.08

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    accountant :: ACCOUNTING1A [administrator]

    8/17/2012 9:53:54 PM
    mbam-log-2012-08-17 (21-53-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 262482
    Time elapsed: 3 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  7. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-18 07:29:14
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500AAKX-753CA1 rev.19.01H19
    Running: 2nil9jl8.exe; Driver: C:\Users\ACCOUN~1\AppData\Local\Temp\pxrirkow.sys
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
    Run by accountant at 7:32:01 on 2012-08-18
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3317.2171 [GMT -4:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\csasvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\Services\IPT\jhi_service.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\PrintIsolationHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\WmiPrvSE.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc1.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{4D5DD321-0E93-45C1-89BA-A3BFF1718156} : DhcpNameServer = 192.168.1.1
    Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-15 176128]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-7-17 134456]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-5-12 249648]
    R2 CSAPrintService;Creative Solutions Accounting Print Service;c:\windows\csasvc.exe [2011-12-28 118784]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-24 212944]
    R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-12-26 1153368]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-12-15 2656280]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-15 7723008]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-15 239616]
    R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-12-15 41088]
    R3 QuickBooksDB22;QuickBooksDB22;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb22 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB22 [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-6-7 191752]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-12-15 269824]
    S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-25 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-08-18 11:31:316891424----a-w-c:\programdata\microsoft\windows defender\definition updates\{34af3494-8c44-4750-9146-821042c7c346}\mpengine.dll
    2012-08-18 02:00:08973488-c----w-c:\programdata\microsoft\windows\wer\reportqueue\appcrash_svchost.exe_wind_5776d233341fceacaad18172ec37bd7dc0ef489_cab_0b8b5ee1\mbam.exe
    2012-08-18 01:57:58118784-c----w-c:\programdata\microsoft\windows\wer\reportqueue\appcrash_svchost.exe_wind_c4ca1e13cd47a9129312c2452c7e34f431a5ee_cab_0ad16344\csasvc.exe
    2012-08-18 01:46:48877432-c----w-c:\programdata\microsoft\windows\wer\reportqueue\appcrash_msmpeng.exe_e12731eaca546970b4913b9e2ba5bd987ae731bb_cab_08bd41d0\dbicu11.dll
    2012-08-18 01:46:11252928-c----w-c:\programdata\microsoft\windows\wer\reportqueue\appcrash_msmpeng.exe_2537acc31e93ee24e6419559e295f7daf5c34957_cab_0b00b4ae\drvinst.exe
    2012-08-17 14:00:3947616-c----w-c:\programdata\microsoft\windows\wer\reportqueue\appcrash_svchost.exe_wind_a466fbf6c850d4cdae8af33d8ad28491a28a3bd_cab_0d49427b\wbemsvc.dll
    2012-08-17 12:16:58--------d-----w-c:\programdata\Kaspersky Lab
    2012-08-17 11:50:27103075----a-w-c:\programdata\1345204175.bdinstall.bin
    2012-08-17 05:24:54--------d-----w-C:\FRST
    2012-08-17 04:16:25--------d-----w-c:\users\accountant\appdata\roaming\Malwarebytes
    2012-08-17 04:16:1322344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-17 04:16:13--------d-----w-c:\programdata\Malwarebytes
    2012-08-17 04:16:13--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-08-17 04:01:491530875----a-w-c:\programdata\1345176013.bdinstall.bin
    2012-08-17 03:58:36783----a-w-c:\programdata\1345175906.3912.bin
    2012-08-17 03:58:364497----a-w-c:\programdata\1345175906.1400.bin
    2012-08-17 03:58:28876----a-w-c:\programdata\1345175906.3420.bin
    2012-08-17 03:58:28876----a-w-c:\programdata\1345175906.2780.bin
    2012-08-17 03:58:28180709----a-w-c:\programdata\1345175906.2344.bin
    2012-08-17 03:58:2810311----a-w-c:\programdata\1345175906.724.bin
    2012-08-17 03:58:267324----a-w-c:\programdata\1345175906.1980.bin
    2012-08-17 03:58:2646006----a-w-c:\programdata\1345175906.3248.bin
    2012-08-17 03:58:263965----a-w-c:\programdata\1345175906.3868.bin
    2012-08-17 03:58:25--------d-----w-c:\program files\common files\Bitdefender
    2012-08-17 03:48:50228265----a-w-c:\programdata\1345175316.bdinstall.bin
    2012-08-17 03:48:50--------d-----w-c:\program files\Bitdefender
    2012-08-17 03:42:08231825----a-w-c:\programdata\1345174916.bdinstall.bin
    2012-08-17 03:12:28--------d-sh--w-C:\$RECYCLE.BIN
    2012-08-17 02:55:23--------d-----w-C:\Support
    2012-08-16 22:27:41--------d-----w-c:\programdata\Sophos
    2012-08-16 22:26:5773728----a-r-c:\users\accountant\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-08-16 22:26:5773728----a-r-c:\users\accountant\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-08-16 22:26:5773728----a-r-c:\users\accountant\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
    2012-08-16 22:26:56--------d-----w-c:\program files\Sophos
    2012-08-16 22:04:35303616----a-w-C:\SetACL.exe
    2012-08-16 21:55:38290304----a-w-C:\subinacl.exe
    2012-08-16 21:54:39--------d-----w-C:\RegBackup
    2012-08-16 21:53:57--------d-----w-C:\Tweaking.com_Windows_Repair_Logs
    2012-08-16 21:14:18--------d-----w-c:\users\accountant\appdata\local\temp
    2012-08-16 21:01:53--------d-----w-c:\users\accountant\appdata\roaming\TeamViewer
    2012-08-16 20:32:00--------d-----w-c:\programdata\Dumps
    2012-08-16 19:26:32514560----a-w-c:\windows\system32\qdvd.dll
    2012-08-16 19:24:24821736----a-w-c:\windows\system32\npDeployJava1.dll
    2012-08-16 19:24:1793672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-08-16 18:30:10400896----a-w-c:\windows\system32\srcore.dll
    2012-08-16 18:30:09769024----a-w-c:\windows\system32\localspl.dll
    2012-08-16 18:30:092345984----a-w-c:\windows\system32\win32k.sys
    2012-08-16 18:30:04492032----a-w-c:\windows\system32\win32spl.dll
    2012-08-16 18:30:04317440----a-w-c:\windows\system32\spoolsv.exe
    2012-08-16 18:30:0341984----a-w-c:\windows\system32\browcli.dll
    2012-08-16 18:30:03102912----a-w-c:\windows\system32\browser.dll
    2012-08-16 18:19:50--------d-----w-c:\windows\system32\catroot2
    2012-08-16 18:19:13--------d-----w-c:\windows\SoftwareDistribution.old
    2012-08-15 21:37:03--------d-----w-c:\programdata\bdch
    2012-08-15 21:33:54--------d-----w-c:\programdata\BDLogging
    2012-08-15 21:33:52511328----a-w-c:\windows\capicom.dll
    2012-08-15 21:33:511461992----a-w-c:\windows\system32\WdfCoInstaller01009.dll
    2012-08-15 21:32:47--------d-----w-c:\users\accountant\appdata\roaming\QuickScan
    2012-08-15 18:02:52--------d-----w-c:\users\accountant\appdata\local\Secunia PSI
    2012-08-15 18:02:37--------d-----w-c:\program files\Secunia
    2012-08-15 17:17:1453248----a-w-c:\windows\system32\zlib.dll
    2012-08-15 17:10:34--------d-----w-C:\smtmp
    2012-08-09 20:03:11--------d-----w-C:\Restored_CSI Realty Investment LLC6.30.12_Files
    2012-07-31 17:40:40--------d-----w-C:\Restored_FL_LARSO.QBB_Files
    2012-07-31 17:39:47--------d-----w-C:\Restored_FL_LARSON_Files
    .
    ==================== Find3M ====================
    .
    2012-08-16 19:24:12746984----a-w-c:\windows\system32\deployJava1.dll
    2012-08-15 18:56:2070344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-15 18:56:20426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-07-17 16:41:52134456----a-w-c:\windows\system32\atashost.exe
    2012-07-17 16:41:50217400----a-w-c:\windows\system32\atsckernel.exe
    2012-06-29 00:16:581800704----a-w-c:\windows\system32\jscript9.dll
    2012-06-29 00:09:011129472----a-w-c:\windows\system32\wininet.dll
    2012-06-29 00:08:591427968----a-w-c:\windows\system32\inetcpl.cpl
    2012-06-29 00:04:43142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-06-29 00:00:452382848----a-w-c:\windows\system32\mshtml.tlb
    2012-06-25 20:04:241394248----a-w-c:\windows\system32\msxml4.dll
    2012-06-07 00:59:421070152----a-w-c:\windows\system32\MSCOMCTL.OCX
    2012-06-06 05:05:521390080----a-w-c:\windows\system32\msxml6.dll
    2012-06-06 05:05:521236992----a-w-c:\windows\system32\msxml3.dll
    2012-06-06 05:03:06805376----a-w-c:\windows\system32\cdosys.dll
    2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 19:19:42171904----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 19:12:2033792----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 04:45:0467440----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45:03134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40:59369336----a-w-c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40:39225280----a-w-c:\windows\system32\schannel.dll
    2012-06-02 04:39:10219136----a-w-c:\windows\system32\ncrypt.dll
    2012-05-31 16:25:14237072------w-c:\windows\system32\MpSigStub.exe
    2012-05-22 12:33:141393736----a-w-c:\users\accountant\gotomypc_626.exe
    .
    ============= FINISH: 7:32:19.17 ===============
  8. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/25/2011 2:18:17 PM
    System Uptime: 8/17/2012 9:47:44 PM (10 hours ago)
    .
    Motherboard: Dell Inc. | | 0M5DCD
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 222 GiB total, 170.239 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_04F51028&REV_06\4&213E82F8&0&00E4
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_04F51028&REV_06\4&213E82F8&0&00E4
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    RP104: 8/17/2012 10:20:33 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Adobe Acrobat X Standard
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Bing Bar
    Catalyst Control Center
    Catalyst Control Center - Branding
    Conexant HD Audio
    Creative Solutions Accounting
    Crystal Reports9
    CyberLink PowerDVD 9.5
    D3DX10
    Dell Backup and Recovery Manager
    Dell Client System Update
    Dell Edoc Viewer
    DirectX 9 Runtime
    GoToAssist Corporate
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java 7 Update 6
    Java Auto Updater
    Java(TM) 6 Update 30
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft OLE DB Provider for Visual FoxPro
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Tools for Office Runtime
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    PDFlyer
    PhotoShowExpress
    Portal
    ProSystem fx Scan Workstation
    ProSystem fx Tax
    ProSystem fx Workstation
    QuickBooks
    QuickBooks Premier Edition 2012
    QuickBooks Premier: Accountant Edition 2011
    QuickBooks Remote Access
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Roxio File Backup
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Sonic CinePlayer Decoder Pack
    Sophos Virus Removal Tool
    Spybot - Search & Destroy
    System Files
    Tax Forms Helper 2010 9.5
    Tax Forms Helper 2011 10.0
    TaxInstallFiles
    TValue 5
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/17/2012 9:57:58 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/17/2012 9:53:49 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/17/2012 9:49:09 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
    8/17/2012 9:49:09 PM, Error: Microsoft Antimalware [5008] -
    8/17/2012 9:48:52 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    8/17/2012 9:48:12 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: An attempt was made to logon, but the network logon service was not started.
    8/17/2012 9:48:11 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/17/2012 9:48:11 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    8/17/2012 9:48:09 PM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
    8/17/2012 9:48:01 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    8/17/2012 9:48:01 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    8/17/2012 9:48:01 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/17/2012 9:47:59 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    8/17/2012 8:36:45 AM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 4 time(s).
    8/17/2012 8:32:00 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: An instance of the service is already running.
    8/17/2012 8:31:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    8/17/2012 8:22:55 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/17/2012 8:22:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/17/2012 8:22:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/17/2012 8:22:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/17/2012 8:22:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/17/2012 8:22:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/17/2012 8:22:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/17/2012 8:22:24 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/17/2012 7:48:38 AM, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
    8/17/2012 7:48:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdfwfpf BDVEDISK
    8/17/2012 12:13:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    8/17/2012 12:13:49 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/17/2012 12:08:22 AM, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 3 time(s).
    8/17/2012 12:07:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application User Notification Service service to connect.
    8/17/2012 12:07:36 AM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/17/2012 12:05:17 AM, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 2 time(s).
    8/17/2012 12:04:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBIDPService service to connect.
    8/17/2012 11:27:01 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    8/17/2012 10:00:08 PM, Error: Service Control Manager [7034] - The Windows Defender service terminated unexpectedly. It has done this 3 time(s).
    8/16/2012 9:14:50 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/16/2012 9:14:50 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    8/16/2012 9:14:49 PM, Error: Service Control Manager [7038] - The W32Time service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/16/2012 9:14:49 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/16/2012 9:14:49 PM, Error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not start due to a logon failure.
    8/16/2012 9:14:49 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
    8/16/2012 9:14:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    8/16/2012 7:35:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Defender service, but this action failed with the following error: An instance of the service is already running.
    8/16/2012 7:35:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Software Protection service, but this action failed with the following error: An instance of the service is already running.
    8/16/2012 7:35:01 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    8/16/2012 5:50:38 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain OMALLY due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    8/16/2012 5:35:32 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 6 time(s).
    8/16/2012 5:34:47 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 5 time(s).
    8/16/2012 5:00:19 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 8 time(s).
    8/16/2012 4:59:20 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 7 time(s).
    8/16/2012 4:55:29 PM, Error: Service Control Manager [7038] - The MsMpSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/16/2012 4:55:29 PM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not start due to a logon failure.
    8/16/2012 4:40:58 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    8/16/2012 4:33:53 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
    8/16/2012 4:33:04 PM, Error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
    8/16/2012 4:12:35 PM, Error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 3 time(s).
    8/16/2012 3:46:35 PM, Error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 2 time(s).
    8/16/2012 3:45:16 PM, Error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
    8/16/2012 2:41:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.
    8/16/2012 2:41:05 PM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/16/2012 2:09:36 PM, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/16/2012 2:09:36 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
    8/16/2012 2:08:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    8/16/2012 2:08:32 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/16/2012 11:46:55 PM, Error: Service Control Manager [7034] - The QuickBooksDB22 service terminated unexpectedly. It has done this 1 time(s).
    8/16/2012 11:11:59 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    8/16/2012 11:01:23 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/16/2012 10:56:04 PM, Error: Service Control Manager [7023] - The Roxio Hard Drive Watcher 12 service terminated with the following error: %%-2147467243
    8/15/2012 5:57:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.
    8/15/2012 4:54:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    8/15/2012 4:50:31 PM, Error: Service Control Manager [7034] - The Software Protection service terminated unexpectedly. It has done this 3 time(s).
    8/15/2012 1:32:49 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    8/15/2012 1:32:47 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    8/15/2012 1:25:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82e390a8, 0x8dbd6764, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081512-43555-01.
    8/14/2012 9:58:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0466db8, 0xc000000e, 0xbb544be0, 0x8cdb7000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081412-47923-01.
    8/13/2012 9:45:34 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    8/13/2012 9:45:34 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    8/13/2012 9:43:34 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/13/2012 9:43:34 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/13/2012 9:43:34 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/12/2012 3:51:53 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
    8/12/2012 3:51:53 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    8/12/2012 3:51:53 AM, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).
    8/11/2012 4:53:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    8/11/2012 4:51:37 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/11/2012 4:51:37 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/11/2012 4:51:37 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    8/11/2012 4:07:12 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/11/2012 4:07:12 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/11/2012 4:04:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    8/11/2012 4:04:09 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    Attached Files:

  9. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    =========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  10. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    Thanks...

    Rkill 2.2.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 08/18/2012 01:56:19 PM in x86 mode.
    Windows Version: Windows 7
    Checking for Windows services to stop.
    * No malware services found to stop.
    Checking for processes to terminate.
    * C:\Windows\csasvc.exe (PID: 1664) [WD-HEUR]
    1 proccess terminated!
    Checking Registry for malware related settings.
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks.
    * No issues found.
    Checking Windows Service Integrity:
    * WatAdminSvc => C:\Windows\system32\Wat\WatAdminSvc.exe [Incorrect ImagePath]
    Searching for Missing Digital Signatures:
    * No issues found.
    Program finished at: 08/18/2012 01:56:24 PM
    Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
    --------------------------------------------------------------------------------------------------------------------

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-18 13:56:38
    -----------------------------
    13:56:38.034 OS Version: Windows 6.1.7601 Service Pack 1
    13:56:38.034 Number of processors: 4 586 0x2A07
    13:56:38.034 ComputerName: ACCOUNTING1A UserName: accountant
    13:56:38.908 Initialize success
    13:57:18.666 AVAST engine defs: 12081800
    13:57:27.153 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    13:57:27.153 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 19.01H19 Size: 238475MB BusType: 3
    13:57:27.153 Disk 0 MBR read successfully
    13:57:27.153 Disk 0 MBR scan
    13:57:27.153 Disk 0 Windows 7 default MBR code
    13:57:27.153 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    13:57:27.168 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11566 MB offset 81920
    13:57:27.184 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226868 MB offset 23769088
    13:57:27.200 Disk 0 scanning sectors +488394752
    13:57:27.278 Disk 0 scanning C:\Windows\system32\drivers
    13:57:32.644 Service scanning
    13:57:36.482 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
    13:57:36.653 Service bdselfpr C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys **LOCKED** 5
    13:57:49.570 Modules scanning
    13:58:03.236 Disk 0 trace - called modules:
    13:58:03.251 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
    13:58:03.251 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863f5440]
    13:58:03.251 3 CLASSPNP.SYS[8bd7d59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8559b908]
    13:58:04.172 AVAST engine scan C:\Windows
    13:58:05.981 AVAST engine scan C:\Windows\system32
    13:59:31.719 AVAST engine scan C:\Windows\system32\drivers
    13:59:36.883 AVAST engine scan C:\Users\accountant
    14:00:12.341 AVAST engine scan C:\ProgramData
    14:00:41.460 Scan finished successfully
    14:01:06.623 Disk 0 MBR has been saved successfully to "C:\Users\accountant\Desktop\MBR.dat"
    14:01:06.623 The log file has been saved successfully to "C:\Users\accountant\Desktop\aswMBR.txt"
  11. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    ComboFix 12-08-18.03 - accountant 08/18/2012 16:55:36.5.4 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3317.2169 [GMT -4:00]
    Running from: c:\users\accountant\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
    FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
    SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1345311764.bdinstall.bin
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-18 20:59 . 2012-08-18 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-18 20:56 . 2009-07-14 01:16 262144 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_e735c5afb43e144d6b14d54def79c9da527ea_cab_0830e262\wevtapi.dll
    2012-08-18 20:50 . 2010-11-20 21:29 1288488 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_3234db5ff7c7198312062bb3459e64a5a3571a_cab_0fcbae48\ntdll.dll
    2012-08-18 20:50 . 2009-07-14 01:14 69632 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_3234db5ff7c7198312062bb3459e64a5a3571a_cab_0fcbae48\smss.exe
    2012-08-18 18:50 . 2012-08-18 15:31 -------- d-----w- c:\windows\Panther
    2012-08-18 18:44 . 2012-08-18 15:15 -------- d-----w- C:\$WINDOWS.~Q
    2012-08-18 18:40 . 2012-08-18 18:42 -------- d-----w- C:\$INPLACE.~TR
    2012-08-18 17:48 . 2011-11-17 21:38 63056 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2012-08-18 17:48 . 2012-03-21 00:22 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-08-18 17:48 . 2012-02-17 20:45 447208 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-08-18 17:48 . 2012-08-18 17:48 -------- d-----w- c:\programdata\Bitdefender
    2012-08-18 17:46 . 2012-04-11 21:03 154464 ----a-w- c:\windows\system32\drivers\gzflt.sys
    2012-08-18 17:46 . 2012-04-24 19:28 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-08-18 16:02 . 2012-07-27 20:51 341448 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_388daa3a98cbcf81b0c8c82d26b63c36d6e7578_cab_0bdce1b7\AcroIEFavClient.dll
    2012-08-18 15:31 . 2012-08-18 15:31 -------- d-----w- C:\Recovery
    2012-08-18 15:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-08-18 15:29 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-08-18 15:29 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-08-18 15:26 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-08-18 15:26 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-08-18 15:26 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-08-18 15:26 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-08-18 15:26 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-08-18 15:26 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-08-18 15:26 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-08-18 15:26 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-08-18 15:26 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-08-18 15:08 . 2012-08-18 15:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-08-18 14:55 . 2012-08-18 15:07 -------- d-----w- c:\users\administrator
    2012-08-18 14:55 . 2012-08-18 15:07 -------- d-----w- c:\users\fcampbell
    2012-08-18 14:55 . 2012-08-18 15:22 -------- d-----w- c:\users\QBDataServiceUser22
    2012-08-18 14:55 . 2012-08-18 15:32 -------- d-----w- c:\users\accountant
    2012-08-18 14:54 . 2012-08-18 14:57 -------- d-----w- c:\program files\CONEXANT
    2012-08-18 14:53 . 2012-08-18 14:53 0 ----a-w- c:\windows\ativpsrm.bin
    2012-08-18 11:31 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34AF3494-8C44-4750-9146-821042C7C346}\mpengine.dll
    2012-08-17 12:16 . 2012-08-18 14:59 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-08-17 05:24 . 2012-08-17 05:24 -------- d-----w- C:\FRST
    2012-08-17 04:16 . 2012-08-18 14:59 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-17 04:16 . 2012-08-18 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-17 04:16 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-17 03:58 . 2012-08-18 17:46 -------- d-----w- c:\program files\Common Files\Bitdefender
    2012-08-17 03:48 . 2012-08-18 14:57 -------- d-----w- c:\program files\Bitdefender
    2012-08-17 02:55 . 2012-08-17 02:57 -------- d-----w- C:\Support
    2012-08-16 22:27 . 2012-08-18 14:59 -------- d-----w- c:\programdata\Sophos
    2012-08-16 22:26 . 2012-08-18 14:58 -------- d-----w- c:\program files\Sophos
    2012-08-16 22:04 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
    2012-08-16 21:55 . 2012-08-16 22:07 181064 ----a-w- c:\windows\PSEXESVC.EXE
    2012-08-16 21:55 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
    2012-08-16 21:54 . 2012-08-16 21:54 -------- d-----w- C:\RegBackup
    2012-08-16 21:53 . 2012-08-16 22:07 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
    2012-08-16 20:32 . 2012-08-18 14:59 -------- d-----w- c:\programdata\Dumps
    2012-08-16 19:24 . 2012-08-18 14:57 -------- d-----w- c:\program files\Common Files\Java
    2012-08-16 19:24 . 2012-08-16 19:24 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-16 19:24 . 2012-08-16 19:24 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-08-16 18:31 . 2012-06-29 00:16 1800704 ------w- c:\windows\system32\jscript9.dll
    2012-08-15 21:37 . 2012-08-18 14:59 -------- d-----w- c:\programdata\bdch
    2012-08-15 21:33 . 2012-08-18 14:59 -------- d-----w- c:\programdata\BDLogging
    2012-08-15 21:33 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
    2012-08-15 21:33 . 2009-07-14 18:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-08-15 21:33 . 2011-11-25 18:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
    2012-08-15 18:02 . 2012-08-18 14:58 -------- d-----w- c:\program files\Secunia
    2012-08-15 17:17 . 2012-08-15 17:17 53248 ----a-w- c:\windows\system32\zlib.dll
    2012-08-15 17:10 . 2012-08-15 17:10 -------- d-----w- C:\smtmp
    2012-08-09 20:03 . 2012-08-09 20:03 -------- d-----w- C:\Restored_CSI Realty Investment LLC6.30.12_Files
    2012-07-31 17:40 . 2012-07-31 17:40 -------- d-----w- C:\Restored_FL_LARSO.QBB_Files
    2012-07-31 17:39 . 2012-07-31 17:39 -------- d-----w- C:\Restored_FL_LARSON_Files
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-16 19:24 . 2011-12-15 16:07 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-15 18:56 . 2012-04-11 11:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 18:56 . 2011-12-15 16:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-17 16:41 . 2012-07-17 16:41 134456 ----a-w- c:\windows\system32\atashost.exe
    2012-07-17 16:41 . 2012-07-17 16:41 217400 ----a-w- c:\windows\system32\atsckernel.exe
    2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
    2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-05-31 16:25 . 2011-12-25 19:53 237072 ----a-w- c:\windows\system32\MpSigStub.exe
    2012-05-22 12:33 . 2012-05-22 12:33 1393736 ----a-w- c:\users\accountant\gotomypc_626.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
    "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
    "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-07-31 1578872]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-12-6 5980504]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
    QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-9-30 1178400]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2012-01-12 16:58 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
    R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
    R3 QuickBooksDB22;QuickBooksDB22;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [x]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
    S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
    S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
    S2 CSAPrintService;Creative Solutions Accounting Print Service;c:\windows\csasvc.exe [x]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [x]
    S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
    S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-18 17:01:26
    ComboFix-quarantined-files.txt 2012-08-18 21:01
    .
    Pre-Run: 177,626,796,032 bytes free
    Post-Run: 177,458,683,904 bytes free
    .
    - - End Of File - - 877050BCF58834F61B9E0C23FFA18063
  13. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Looks good :)

    Any current issues?

    =====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  14. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    Unfortunately I still am experiencing issues, but maybe they aren't virus related? They feel like they are though. Basically any antivirus I install will become disabled mid scan. I don't know if MSE, Kaspersky and Bitdefender all have an underlying common denominator that is coincidenatlly causing their services to crash (.net maybe?)?? I also had IE stop responding while simply trying to navigate to this site, but that has only happened once. The computer isn't acting like it's infected.... except for that all antivirus software fails to run a scan. Here are my logs:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.18.06
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    accountant :: ACCOUNTING1A [administrator]
    8/18/2012 8:12:04 PM
    mbam-log-2012-08-18 (20-12-04).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 255821
    Time elapsed: 2 minute(s), 36 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    ----------------------------------------------------------------------

    OTL logfile created on: 8/18/2012 8:15:36 PM - Run 2
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\accountant\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.24 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 76.18% Memory free
    6.48 Gb Paging File | 5.53 Gb Available in Paging File | 85.42% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 221.54 Gb Total Space | 165.37 Gb Free Space | 74.65% Space Free | Partition Type: NTFS
    Drive E: | 3.73 Gb Total Space | 1.28 Gb Free Space | 34.25% Space Free | Partition Type: NTFS

    Computer Name: ACCOUNTING1A | User Name: accountant | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/18 20:11:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Accountant\Desktop\OTL.exe
    PRC - [2012/07/31 16:06:32 | 001,578,872 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
    PRC - [2012/07/27 16:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/26 17:05:12 | 001,280,720 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    PRC - [2012/07/17 12:41:52 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
    PRC - [2012/07/03 12:04:45 | 000,055,544 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    PRC - [2011/12/06 13:41:18 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2011/12/06 12:48:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/08/19 22:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Services\IPT\jhi_service.exe
    PRC - [2011/02/19 11:45:34 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2011/02/19 11:45:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2010/12/03 19:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/03 19:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/20 17:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/01 18:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2010/09/30 17:51:04 | 001,178,400 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
    PRC - [2009/11/10 15:33:22 | 000,118,784 | ---- | M] (Thomson Reuters) -- C:\Windows\csasvc.exe
    PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/25 12:24:09 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
    MOD - [2010/09/30 17:51:32 | 000,124,704 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
    MOD - [2010/09/30 17:51:30 | 000,020,256 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.DLL
    MOD - [2010/09/30 17:51:22 | 000,041,248 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
    MOD - [2010/09/30 17:51:12 | 000,175,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
    MOD - [2010/09/30 17:51:10 | 000,337,184 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
    MOD - [2010/09/30 17:51:10 | 000,268,064 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
    MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2012/08/15 14:56:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/26 17:05:12 | 001,280,720 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
    SRV - [2012/07/17 12:41:52 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2012/07/03 12:04:45 | 000,055,544 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
    SRV - [2012/01/12 12:58:47 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
    SRV - [2011/12/25 17:01:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2011/12/06 12:48:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/08/19 22:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2011/08/19 22:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2011/08/19 22:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe -- (QuickBooksDB22)
    SRV - [2011/06/07 14:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2011/02/19 11:45:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/12/03 19:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/03 19:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2009/11/10 15:33:22 | 000,118,784 | ---- | M] (Thomson Reuters) [Auto | Running] -- C:\Windows\csasvc.exe -- (CSAPrintService)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ACCOUN~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/07/12 17:12:20 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
    DRV - [2012/04/24 15:28:36 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
    DRV - [2012/04/11 17:03:33 | 000,154,464 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
    DRV - [2012/03/20 20:22:08 | 000,611,520 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
    DRV - [2012/02/17 16:45:12 | 000,447,208 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
    DRV - [2011/11/25 14:59:40 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
    DRV - [2011/11/17 17:38:32 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (BDSandBox)
    DRV - [2011/11/14 20:16:27 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
    DRV - [2011/03/10 19:28:24 | 001,281,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2011/02/19 12:26:22 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/02/19 11:03:28 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 17:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
    DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/20 17:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
    DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/10/19 20:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {48E1A694-D427-4ABB-8079-7BC1FAF8EB83}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{48E1A694-D427-4ABB-8079-7BC1FAF8EB83}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\..\SearchScopes,DefaultScope = {77666860-5432-44D8-A9C2-A01BAE83D5C0}
    IE - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\..\SearchScopes\{77666860-5432-44D8-A9C2-A01BAE83D5C0}: "URL" = http://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...5b6a56a762c&lang=en&ds=AVG&pr=fr&d=2012-07-02 12:39:44&v=11.1.0.12&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/18 10:57:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\


    O1 HOSTS File: ([2012/08/18 16:59:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3848032696-3591330993-3296434788-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.6.2)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc1.cab (GpcContainer Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Omally.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D5DD321-0E93-45C1-89BA-A3BFF1718156}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/08/18 09:59:54 | 000,000,043 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/18 20:11:42 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\accountant\Desktop\OTL.exe
    [2012/08/18 17:01:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/18 17:01:37 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Local\temp
    [2012/08/18 16:54:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/18 16:54:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/18 16:54:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/18 16:54:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/18 16:53:39 | 004,735,580 | R--- | C] (Swearware) -- C:\Users\accountant\Desktop\ComboFix.exe
    [2012/08/18 16:48:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
    [2012/08/18 14:50:51 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2012/08/18 14:44:04 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
    [2012/08/18 14:40:59 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
    [2012/08/18 13:56:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\accountant\Desktop\aswMBR.exe
    [2012/08/18 13:55:27 | 001,545,120 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\accountant\Desktop\iExplore.exe
    [2012/08/18 13:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
    [2012/08/18 13:48:21 | 000,063,056 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
    [2012/08/18 13:48:13 | 000,611,520 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
    [2012/08/18 13:48:13 | 000,447,208 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
    [2012/08/18 13:48:11 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\Bitdefender
    [2012/08/18 13:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
    [2012/08/18 13:46:37 | 000,154,464 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
    [2012/08/18 13:46:36 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
    [2012/08/18 11:31:53 | 000,000,000 | ---D | C] -- C:\Recovery
    [2012/08/18 10:55:35 | 000,000,000 | --SD | C] -- C:\Users\accountant\AppData\Roaming\Microsoft
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Videos
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Saved Games
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Pictures
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Music
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Links
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Favorites
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Downloads
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Documents
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\Desktop
    [2012/08/18 10:55:35 | 000,000,000 | R--D | C] -- C:\Users\accountant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\AppData\Local\Temporary Internet Files
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Templates
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Start Menu
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\SendTo
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Recent
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\PrintHood
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\NetHood
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Documents\My Videos
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Documents\My Pictures
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Documents\My Music
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\My Documents
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Local Settings
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\AppData\Local\History
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Cookies
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\Application Data
    [2012/08/18 10:55:35 | 000,000,000 | -HSD | C] -- C:\Users\accountant\AppData\Local\Application Data
    [2012/08/18 10:55:35 | 000,000,000 | -H-D | C] -- C:\Users\accountant\AppData
    [2012/08/18 10:55:35 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Local\Microsoft
    [2012/08/18 10:55:35 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\Media Center Programs
    [2012/08/18 10:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
    [2012/08/18 10:52:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2012/08/18 07:30:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\accountant\Desktop\dds.com
    [2012/08/17 08:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/08/17 01:24:54 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/17 00:16:25 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\Malwarebytes
    [2012/08/17 00:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/17 00:16:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/08/17 00:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/17 00:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/17 00:14:25 | 000,000,000 | ---D | C] -- C:\Users\accountant\Desktop\D7
    [2012/08/16 23:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
    [2012/08/16 23:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
    [2012/08/16 22:55:23 | 000,000,000 | ---D | C] -- C:\Support
    [2012/08/16 18:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
    [2012/08/16 18:26:57 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
    [2012/08/16 18:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2012/08/16 18:07:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2012/08/16 17:55:43 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
    [2012/08/16 17:54:39 | 000,000,000 | ---D | C] -- C:\RegBackup
    [2012/08/16 17:53:57 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
    [2012/08/16 17:49:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
    [2012/08/16 17:01:53 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\TeamViewer
    [2012/08/16 16:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps
    [2012/08/16 15:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/08/16 14:19:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution.old
    [2012/08/15 17:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
    [2012/08/15 17:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
    [2012/08/15 17:33:49 | 000,240,184 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
    [2012/08/15 17:32:47 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Roaming\QuickScan
    [2012/08/15 14:02:52 | 000,000,000 | ---D | C] -- C:\Users\accountant\AppData\Local\Secunia PSI
    [2012/08/15 14:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
    [2012/08/15 13:40:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/15 13:10:34 | 000,000,000 | ---D | C] -- C:\smtmp
    [2012/08/09 16:03:11 | 000,000,000 | ---D | C] -- C:\Restored_CSI Realty Investment LLC6.30.12_Files
    [2012/07/31 13:40:40 | 000,000,000 | ---D | C] -- C:\Restored_FL_LARSO.QBB_Files
    [2012/07/31 13:39:47 | 000,000,000 | ---D | C] -- C:\Restored_FL_LARSON_Files
    [2012/05/22 08:33:08 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\accountant\gotomypc_626.exe
    [2011/12/28 10:46:27 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\accountant\gotomypc_437.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/08/18 20:11:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\accountant\Desktop\OTL.exe
    [2012/08/18 19:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/18 19:25:20 | 000,021,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/18 19:25:20 | 000,021,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/18 17:02:10 | 000,000,347 | ---- | M] () -- C:\Windows\System32\checkdnsid.xml
    [2012/08/18 16:59:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/08/18 16:53:45 | 004,735,580 | R--- | M] (Swearware) -- C:\Users\accountant\Desktop\ComboFix.exe
    [2012/08/18 16:51:16 | 000,662,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/18 16:51:16 | 000,121,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/18 16:46:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/18 16:46:46 | 2608,545,792 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/18 14:01:06 | 000,000,512 | ---- | M] () -- C:\Users\accountant\Desktop\MBR.dat
    [2012/08/18 13:56:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\accountant\Desktop\aswMBR.exe
    [2012/08/18 13:55:28 | 001,545,120 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\accountant\Desktop\iExplore.exe
    [2012/08/18 13:48:37 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
    [2012/08/18 13:48:37 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
    [2012/08/18 13:48:37 | 000,000,403 | -H-- | M] () -- C:\bdr-cf01
    [2012/08/18 11:35:15 | 000,001,413 | ---- | M] () -- C:\Users\accountant\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/08/18 11:19:13 | 000,122,093 | ---- | M] () -- C:\Windows\System32\license.rtf
    [2012/08/18 11:12:55 | 000,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
    [2012/08/18 11:10:17 | 000,437,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/08/18 10:53:58 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2012/08/18 10:53:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/08/18 10:19:51 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/08/18 10:19:51 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/08/18 10:17:14 | 000,002,610 | ---- | M] () -- C:\Users\accountant\Desktop\Windows Compatibility Report.htm
    [2012/08/18 07:35:24 | 000,006,283 | ---- | M] () -- C:\Users\accountant\Desktop\Attach.zip
    [2012/08/18 07:31:10 | 000,000,126 | ---- | M] () -- C:\Users\accountant\Desktop\dds.htm
    [2012/08/18 07:30:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\accountant\Desktop\dds.com
    [2012/08/17 21:54:34 | 000,302,592 | ---- | M] () -- C:\Users\accountant\Desktop\2nil9jl8.exe
    [2012/08/17 21:52:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/08/17 09:12:47 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/17 00:01:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
    [2012/08/16 18:26:57 | 000,003,217 | ---- | M] () -- C:\Users\accountant\Desktop\Sophos Virus Removal Tool.lnk
    [2012/08/16 18:07:52 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
    [2012/08/16 17:55:10 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ACCOUNTING1A-Microsoft-Windows-7-Professional-(32-bit).dat
    [2012/08/16 17:12:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_858
    [2012/08/15 17:34:18 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
    [2012/08/15 15:03:57 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
    [2012/08/15 13:24:40 | 383,022,766 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/15 13:17:14 | 000,053,248 | ---- | M] () -- C:\Windows\System32\zlib.dll
    [2012/08/15 13:06:33 | 000,020,881 | ---- | M] () -- C:\Users\accountant\Desktop\ip.png
    [2012/08/09 17:04:20 | 017,731,584 | R--- | M] () -- C:\CSI Realty Investment LLC6.30.12.QBW
    [2012/08/09 17:04:20 | 005,373,952 | R--- | M] () -- C:\CSI Realty Investment LLC6.30.12.QBW.TLG
    [2012/08/09 17:04:20 | 000,000,382 | ---- | M] () -- C:\CSI Realty Investment LLC6.30.12.QBW.ND
    [2012/08/09 17:04:12 | 000,000,324 | ---- | M] () -- C:\Windows\CSAAPP.INI
    [2012/08/09 16:07:46 | 000,000,496 | R--- | M] () -- C:\CSI Realty Investment LLC6.30.12.lgb
    [2012/08/09 16:04:37 | 000,000,389 | ---- | M] () -- C:\CSI Realty Investment LLC6.30.12.QBW.DSN
    [2012/08/09 16:03:11 | 000,000,388 | ---- | M] () -- C:\CSI Realty Investment LLC6.30.12.ND
    [2012/08/09 16:03:04 | 000,000,362 | ---- | M] () -- C:\FL_LARSO.QBB.QBW.ND
    [2012/08/09 16:03:03 | 138,842,112 | R--- | M] () -- C:\FL_LARSO.QBB.QBW
    [2012/08/09 16:03:03 | 005,832,704 | R--- | M] () -- C:\FL_LARSO.QBB.QBW.TLG
    [2012/08/09 15:56:37 | 000,000,389 | ---- | M] () -- C:\FL_LARSO.QBB.QBW.DSN
    [2012/07/31 13:46:04 | 000,000,496 | R--- | M] () -- C:\FL_LARSO.QBB.lgb
    [2012/07/31 13:40:40 | 000,000,393 | ---- | M] () -- C:\FL_LARSO.QBB.ND
    [2012/07/31 13:39:47 | 110,243,840 | ---- | M] () -- C:\FL_LARSON.QBW
    [2012/07/31 13:39:47 | 000,000,393 | ---- | M] () -- C:\FL_LARSON.ND
    [2012/07/31 13:39:38 | 021,295,104 | R--- | M] () -- C:\Law Office Of David P Sorrenti, P.C..QBW
    [2012/07/31 13:39:38 | 000,589,824 | R--- | M] () -- C:\Law Office Of David P Sorrenti, P.C..QBW.TLG
    [2012/07/31 13:39:38 | 000,000,389 | ---- | M] () -- C:\FL_LARSON.QBW.DSN
    [2012/07/31 13:39:38 | 000,000,386 | ---- | M] () -- C:\Law Office Of David P Sorrenti, P.C..QBW.ND
    [2012/07/31 13:39:38 | 000,000,355 | ---- | M] () -- C:\FL_LARSON.QBW.ND
    [2012/07/31 13:38:53 | 000,000,389 | ---- | M] () -- C:\Law Office Of David P Sorrenti, P.C..QBW.DSN
    [2012/07/30 14:48:44 | 000,000,363 | ---- | M] () -- C:\DICKINSON0910.QBW.ND
    [2012/07/30 14:48:43 | 072,265,728 | R--- | M] () -- C:\DICKINSON0910.QBW
    [2012/07/30 14:48:43 | 003,473,408 | R--- | M] () -- C:\DICKINSON0910.QBW.TLG
    [2012/07/25 16:47:38 | 141,854,280 | ---- | M] () -- C:\Users\accountant\Desktop\setup_11.0.0.1245.x01_2012_07_25_23_01.exe
    [2012/07/23 11:04:27 | 000,000,389 | ---- | M] () -- C:\DICKINSON0910.QBW.DSN
    [2012/07/23 11:03:48 | 096,026,624 | R--- | M] () -- C:\george_a.PICKERING.qbw
    [2012/07/23 11:03:48 | 000,327,680 | R--- | M] () -- C:\george_a.PICKERING.QBW.TLG
    [2012/07/23 11:03:48 | 000,000,368 | ---- | M] () -- C:\george_a.PICKERING.qbw.ND

    ========== Files Created - No Company Name ==========

    [2012/08/18 16:54:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/18 16:54:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/18 16:54:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/18 16:54:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/18 16:54:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/18 14:01:06 | 000,000,512 | ---- | C] () -- C:\Users\accountant\Desktop\MBR.dat
    [2012/08/18 13:48:37 | 000,000,403 | -H-- | C] () -- C:\bdr-cf01
    [2012/08/18 13:48:10 | 035,184,649 | -H-- | C] () -- C:\bdr-im01.gz
    [2012/08/18 13:48:10 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01
    [2012/08/18 13:48:10 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
    [2012/08/18 13:48:10 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
    [2012/08/18 11:35:15 | 000,001,419 | ---- | C] () -- C:\Users\accountant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2012/08/18 11:20:17 | 2608,545,792 | -HS- | C] () -- C:\hiberfil.sys
    [2012/08/18 11:12:55 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2012/08/18 10:55:35 | 000,000,290 | ---- | C] () -- C:\Users\accountant\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2012/08/18 10:55:35 | 000,000,272 | ---- | C] () -- C:\Users\accountant\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2012/08/18 10:55:22 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/08/18 10:55:21 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/08/18 10:53:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/08/18 10:53:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/08/18 09:19:28 | 000,002,610 | ---- | C] () -- C:\Users\accountant\Desktop\Windows Compatibility Report.htm
    [2012/08/18 09:17:57 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012/08/18 09:17:57 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012/08/18 07:35:24 | 000,006,283 | ---- | C] () -- C:\Users\accountant\Desktop\Attach.zip
    [2012/08/18 07:31:10 | 000,000,126 | ---- | C] () -- C:\Users\accountant\Desktop\dds.htm
    [2012/08/17 21:54:34 | 000,302,592 | ---- | C] () -- C:\Users\accountant\Desktop\2nil9jl8.exe
    [2012/08/17 09:27:18 | 141,854,280 | ---- | C] () -- C:\Users\accountant\Desktop\setup_11.0.0.1245.x01_2012_07_25_23_01.exe
    [2012/08/17 00:16:14 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/17 00:01:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
    [2012/08/16 18:26:57 | 000,003,217 | ---- | C] () -- C:\Users\accountant\Desktop\Sophos Virus Removal Tool.lnk
    [2012/08/16 18:04:35 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
    [2012/08/16 17:55:10 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ACCOUNTING1A-Microsoft-Windows-7-Professional-(32-bit).dat
    [2012/08/15 17:49:00 | 000,000,347 | ---- | C] () -- C:\Windows\System32\checkdnsid.xml
    [2012/08/15 17:34:18 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
    [2012/08/15 13:17:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
    [2012/08/15 13:06:33 | 000,020,881 | ---- | C] () -- C:\Users\accountant\Desktop\ip.png
    [2012/08/14 09:57:54 | 383,022,766 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/08/09 16:07:46 | 000,000,496 | R--- | C] () -- C:\CSI Realty Investment LLC6.30.12.lgb
    [2012/08/09 16:03:19 | 005,373,952 | R--- | C] () -- C:\CSI Realty Investment LLC6.30.12.QBW.TLG
    [2012/08/09 16:03:11 | 000,000,388 | ---- | C] () -- C:\CSI Realty Investment LLC6.30.12.ND
    [2012/08/09 16:03:01 | 017,731,584 | R--- | C] () -- C:\CSI Realty Investment LLC6.30.12.QBW
    [2012/08/09 16:03:01 | 000,000,389 | ---- | C] () -- C:\CSI Realty Investment LLC6.30.12.QBW.DSN
    [2012/08/09 16:03:01 | 000,000,382 | ---- | C] () -- C:\CSI Realty Investment LLC6.30.12.QBW.ND
    [2012/07/31 13:46:04 | 000,000,496 | R--- | C] () -- C:\FL_LARSO.QBB.lgb
    [2012/07/31 13:40:49 | 005,832,704 | R--- | C] () -- C:\FL_LARSO.QBB.QBW.TLG
    [2012/07/31 13:40:40 | 000,000,393 | ---- | C] () -- C:\FL_LARSO.QBB.ND
    [2012/07/31 13:40:38 | 138,842,112 | R--- | C] () -- C:\FL_LARSO.QBB.QBW
    [2012/07/31 13:40:38 | 000,000,389 | ---- | C] () -- C:\FL_LARSO.QBB.QBW.DSN
    [2012/07/31 13:40:38 | 000,000,362 | ---- | C] () -- C:\FL_LARSO.QBB.QBW.ND
    [2012/07/31 13:39:47 | 000,000,393 | ---- | C] () -- C:\FL_LARSON.ND
    [2012/07/31 13:39:38 | 110,243,840 | ---- | C] () -- C:\FL_LARSON.QBW
    [2012/07/31 13:39:38 | 000,000,389 | ---- | C] () -- C:\FL_LARSON.QBW.DSN
    [2012/07/31 13:39:38 | 000,000,355 | ---- | C] () -- C:\FL_LARSON.QBW.ND
    [2012/01/03 16:46:48 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/12/28 15:52:04 | 000,304,640 | ---- | C] () -- C:\Windows\System32\O2PSEPR.DLL
    [2011/12/28 15:52:04 | 000,095,232 | ---- | C] () -- C:\Windows\System32\OSMFC.DLL
    [2011/12/28 11:44:50 | 000,000,324 | ---- | C] () -- C:\Windows\CSAAPP.INI
    [2011/12/28 11:07:45 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
    [2011/12/28 09:31:38 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/12/15 13:43:53 | 000,030,895 | ---- | C] () -- C:\Windows\System32\drivers\Mixer.ini
    [2011/12/15 13:43:50 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2011/12/15 13:43:50 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011/12/15 13:43:49 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/12/15 12:08:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
    [2011/08/19 22:26:28 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
    [2011/08/19 22:26:28 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
    [2011/08/19 22:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\System32\Gsw32.exe.config
    [2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

    ========== LOP Check ==========

    [2012/08/18 11:07:06 | 000,000,000 | ---D | M] -- C:\Users\accountant\AppData\Roaming\AVG2012
    [2012/08/18 13:48:11 | 000,000,000 | ---D | M] -- C:\Users\accountant\AppData\Roaming\Bitdefender
    [2012/02/14 14:54:11 | 000,000,000 | ---D | M] -- C:\Users\accountant\AppData\Roaming\PDFlyer
    [2012/08/15 17:32:47 | 000,000,000 | ---D | M] -- C:\Users\accountant\AppData\Roaming\QuickScan
    [2012/08/18 11:07:08 | 000,000,000 | ---D | M] -- C:\Users\accountant\AppData\Roaming\TeamViewer
    [2009/07/14 00:53:46 | 000,002,886 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Is BitDefender your current AV program?

    I still need Extras.txt.
  16. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    Bitdefender is a trial. Willing to use anything. I ran OTL again and it only pops up one log file at the end. I checked for an extras one on the desktop (where I ran otl.exe from) and its not there. Any guess as to why?
  17. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    That's OK.

    Is BD working OK at this moment?

    OTL log is clean :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  18. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    Results of screen317's Security Check version 0.99.46
    Windows 7 Service Pack 1 x86 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 30
    Java 7 Update 6
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
    doing others now...
  19. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    Farbar Service Scanner Version: 06-08-2012
    Ran by accountant (administrator) on 18-08-2012 at 22:13:34
    Running from "C:\Users\accountant\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll
    [2010-11-20 17:29] - [2010-11-20 17:29] - 0132608 ____A (Microsoft Corporation) 2FE30D71919C51131405797620E0A714
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
  20. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    ESET found nothing. No log. Hmmmmmm. Event viewer shows that the windows defender service is shutting down. I just tried opening event viewer and MMC crashed. Ugh! I've also tried an in place upgrade to repair the windows installation and SFC. I am running out of ideas. You've all been so helpful! I just don't want to give in and reload the OS!
  21. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Uninstall Java(TM) 6 Update 30.

    Windows Defender is totally useless so I strongly suggest you keep it OFF.

    Is BitDefender working OK?
  22. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    Windows defender was on because I had removed bit defender temporarily. I reinstalled bitdefender and its still not working. The service randomly stops. I've never seen an infection like this.

    Attached Files:

  23. Broni

    Broni Malware Annihilator Posts: 46,373   +252

  24. mjamike

    mjamike Newcomer, in training Topic Starter Posts: 16

    Broni,
    First of all - thanks for everything. Now, I installed Avast and it worked normally. It scanned and found nothing to be concerned with. More importantly, its service never unexpectedly quit like MSE, Bit & Kaspersky. After running avast scan I uninstalled it and put Bitdefender back in and sure enough it kept quitting. At that point I threw in the towel and restored the factory image of the PC (dell optiplex 390 with windows 7 pro 32-bit). Once the restore completed I installed MSE and THE PROBLEM WAS STILL THERE! The service just quits. Have you ever seen anything like this? I actually formatted the OS partition before manually restoring the Dell factory WIM. My only plan now is to install a new drive and load it from scratch to see what happens.

    I'm beyond baffled.
  25. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    This is beyond the scope of this forum.

    In here we only deal with infected computers.
    Since you reinstalled Windows....


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.