Inactive Sirefef.R and Sirefef.AH infection

S

SNuIX89

Posts: 6   +0
MSE reports these infections but cannot clean them. The PC reboots every minute. I have the FRST and Search logs posted below.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 06-08-2012 22:09:57
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-24] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup [3387392 2007-11-26] (Leader Technologies)
HKLM\...\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [147456 2008-10-08] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [167936 2008-10-08] (CyberLink)
HKLM\...\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [417792 2008-11-28] (Acer Inc.)
HKLM\...\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [122368 2009-08-18] (Google Inc.)
HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [167936 2008-10-17] (Acer Corp.)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2008-06-30] ()
HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [817672 2008-06-16] (Dritek System Inc.)
HKLM\...\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" [672424 2009-08-31] ()
HKLM\...\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe" [107176 2008-06-13] (Lexmark International Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
HKLM\...\Run: [Belkin Storage Manager] "C:\Program Files\Belkin Storage Manager\StorageManager.exe" [858624 2009-02-03] (Belkin International, Inc.)
HKLM\...\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [295304 2012-07-05] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security))
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296096 2012-06-28] (RealNetworks, Inc.)
HKU\Andrea\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-08-17] (Google Inc.)
HKU\Andrea\...\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Andrea\...\Run: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe" [x]
HKU\Andrea\...\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun [1179648 2011-10-11] (W3i, LLC)
HKU\Boyce\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2009-08-17] (Google Inc.)
HKU\Boyce\...\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Boyce\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Boyce\...\Run: [Setpoint] C:\Users\Boyce\AppData\Roaming\Cryptedwithouticon.exe [x]
HKU\Boyce\...\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" [13003448 2012-08-06] (The Weather Channel)
HKLM\...\Winlogon: [Userinit] userinit.exe, [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Users\Boyce\Start Menu\Programs\Startup\Disney Vacation Connection.lnk
ShortcutTarget: Disney Vacation Connection.lnk -> C:\Program Files\Disney Vacation Connection\Disney Vacation Connection.exe (No File)
Startup: C:\Users\Boyce\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

================================ Services (Whitelisted) ==================

2 atashost; "C:\Windows\system32\atashost.exe" [20360 2010-01-20] (WebEx Communications, Inc.)
2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] ()
2 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [4752744 2010-01-27] (DisplayLink Corp.)
2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] ()
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 gupdate1ca4d8344bb7341; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-10-15] (Google Inc.)
2 hasplms; C:\Windows\system32\hasplms.exe -run [3750400 2009-12-16] (SafeNet Inc.)
2 lxdx_device; C:\Windows\system32\lxdxcoms.exe -service [594600 2008-02-27] ( )
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-19] (Microsoft Corporation)
4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-12-06] ()
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
4 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [43028328 2011-09-22] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-07-22] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
4 OpcEnum; C:\Windows\system32\opcenum.exe [139488 2009-02-04] (OPC Foundation)
2 RichVideo; "C:\Program Files\Cyberlink\Shared files\RichVideo.exe" [272024 2007-01-08] ()
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [370024 2011-09-22] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
2 aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [358400 2010-04-13] (SafeNet Inc.)
3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [21888 2010-01-27] (http://libusb-win32.sourceforge.net)
3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [165488 2010-01-27] (DisplayLink Corp.)
0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [13936 2010-01-27] (DisplayLink Corp.)
3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-04-01] (LeapFrog)
2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-31] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-24] (June Fabrics Technology Inc.)
3 PTAPCBUS; C:\Windows\System32\DRIVERS\PTAPCBUS.sys [84608 2011-06-23] (DEVGURU Co., LTD.)
3 PTAPCMDM; C:\Windows\System32\DRIVERS\PTAPCMDM.sys [168704 2011-06-23] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTAPCVSP; C:\Windows\System32\DRIVERS\PTAPCVSP.sys [168704 2011-06-23] (DEVGURU Co., LTD.(www.devguru.co.kr))
4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [155808 2008-12-25] (Realtek Semiconductor Corp.)
3 SMSIVZAM5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [32408 2009-05-25] (Smith Micro Inc.)
3 usbkey; C:\Windows\System32\DRIVERS\USBKey.sys [33852 2009-05-06] ()
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-13] (Microsoft Corporation)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [x]
4 MySql; C:\mysql\bin\mysqld-nt [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-06 22:09 - 2012-08-06 22:09 - 00000000 ____D C:\FRST
2012-08-06 13:53 - 2012-08-06 13:53 - 00000000 ____D C:\Program Files\ESET
2012-08-06 07:35 - 2012-08-06 06:12 - 00607260 ____R (Swearware) C:\Users\Boyce\Desktop\dds.com
2012-08-06 07:35 - 2011-07-16 18:21 - 00302592 ____A C:\Users\Boyce\Desktop\gmer.exe
2012-08-06 07:31 - 2012-08-06 07:31 - 00001270 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk
2012-07-31 04:18 - 2012-07-31 04:18 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Malwarebytes
2012-07-31 04:03 - 2012-07-31 15:44 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-29 05:13 - 2012-07-29 05:13 - 00000000 ____D C:\Users\Boyce\AppData\Local\{54DFEE3D-F430-4C8D-8D6A-ABC38EA0E626}
2012-07-29 05:13 - 2012-07-29 05:13 - 00000000 ____D C:\Users\Boyce\AppData\Local\{4F6D0E9A-23CA-41D7-8627-4E16BE48F020}
2012-07-28 10:27 - 2012-07-28 10:27 - 00000000 ____D C:\Users\Boyce\AppData\Local\{66D40EB2-6617-4EE4-B255-8FC26D0286CD}
2012-07-28 10:26 - 2012-07-28 10:27 - 00000000 ____D C:\Users\Boyce\AppData\Local\{1652FF50-4D57-4A50-8A29-2C886FCB9341}
2012-07-27 23:23 - 2012-07-27 23:23 - 00424448 ____A (Stardock Systems, Inc) C:\Users\Boyce\Application Data\wuisht.dll
2012-07-27 23:23 - 2012-07-27 23:23 - 00424448 ____A (Stardock Systems, Inc) C:\Users\Boyce\AppData\Roaming\wuisht.dll
2012-07-27 23:23 - 2012-07-27 23:23 - 00000000 ____D C:\Users\Boyce\AppData\Local\{1D16C45F-D885-11E1-8270-B8AC6F996F26}
2012-07-27 22:56 - 2012-07-27 22:56 - 00056832 ___AH (FRISK Software International) C:\Windows\System32\DFDWetup.dll
2012-07-27 22:03 - 2012-07-27 22:03 - 00000000 ____D C:\Users\Boyce\AppData\Local\{F1DE1626-8C49-467B-A427-2657E52C2148}
2012-07-27 22:03 - 2012-07-27 22:03 - 00000000 ____D C:\Users\Boyce\AppData\Local\{F005AEEF-5C7E-4D79-A277-472523D66DB2}
2012-07-22 20:04 - 2012-07-22 20:04 - 00000000 ____D C:\Users\Boyce\AppData\Local\{87415C22-87A5-4F84-9B03-99A4ACB430D8}
2012-07-22 20:03 - 2012-07-22 20:03 - 00000000 ____D C:\Users\Boyce\AppData\Local\{139C18D9-CF16-483F-8542-147AF4A1BF92}
2012-07-22 18:38 - 2012-07-22 18:38 - 00000000 ____D C:\Users\Boyce\AppData\Local\LogMeIn
2012-07-22 18:38 - 2012-07-22 18:38 - 00000000 ____D C:\Users\All Users\LogMeIn
2012-07-21 17:12 - 2012-07-21 17:12 - 00007609 ____A C:\Users\Boyce\AppData\Local\Resmon.ResmonCfg
2012-07-16 21:48 - 2012-07-16 21:48 - 00000000 ____D C:\Users\Boyce\AppData\Local\{D79A5797-F7FB-46ED-8C87-B6C183B913E6}
2012-07-16 21:48 - 2012-07-16 21:48 - 00000000 ____D C:\Users\Boyce\AppData\Local\{7D61F582-3AD4-4180-B69B-78B572BCEA2B}
2012-07-16 18:38 - 2012-07-16 20:21 - 00000000 ____D C:\Bin
2012-07-16 03:58 - 2012-07-30 14:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-13 17:09 - 2012-07-13 17:10 - 00749832 ____A C:\Users\Andrea\Downloads\The-Virgin-s-Daughters-In-the-Court-of-Elizabeth-I.azw
2012-07-12 20:03 - 2012-07-12 20:03 - 00000000 ____D C:\Users\Boyce\AppData\Local\{9D23C051-6455-4E1C-9AD8-0CAC171232EB}
2012-07-12 20:03 - 2012-07-12 20:03 - 00000000 ____D C:\Users\Boyce\AppData\Local\{4FCD3611-6904-41A0-88DF-BDE737D00E14}
2012-07-12 05:24 - 2012-07-12 05:24 - 00000000 ____D C:\Windows\0A94AE0C677C491D8A72A5AB2DAA68C1.TMP
2012-07-12 05:23 - 2012-07-12 05:23 - 00000000 ____D C:\Windows\60431C725C624BD0A248E839C2FC0950.TMP
2012-07-11 18:27 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 18:27 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 18:27 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 18:27 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 18:27 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 18:27 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 18:27 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 18:27 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 18:27 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 18:27 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 18:27 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 18:27 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 18:27 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 18:27 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 18:13 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 17:15 - 2012-07-11 17:16 - 00000000 ____D C:\Users\Boyce\AppData\Local\{825510F5-FA49-48B8-A406-B8B240E52EA9}
2012-07-11 17:15 - 2012-07-11 17:15 - 00000000 ____D C:\Users\Boyce\AppData\Local\{48A703D0-A2EE-4AF8-8014-0678DFA40EB1}
2012-07-11 02:23 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 02:23 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 02:23 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 02:23 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 02:23 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 02:23 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 02:23 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 02:23 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 02:23 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 02:23 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-09 15:56 - 2012-07-30 03:50 - 00030720 ____A C:\Users\Boyce\Documents\RosterMASL.xls
2012-07-08 12:49 - 2012-07-08 13:07 - 00000000 ____D C:\Windows\System32\Adobe

============ 3 Months Modified Files ========================

2012-08-06 18:04 - 2011-07-30 03:56 - 03721278 ____A C:\Windows\setupact.log
2012-08-06 13:50 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-06 13:46 - 2009-11-12 21:37 - 01568289 ____A C:\Windows\WindowsUpdate.log
2012-08-06 13:46 - 2009-10-15 02:47 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-06 08:09 - 2009-06-17 20:07 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2012-08-06 08:02 - 2009-10-15 02:47 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-06 07:31 - 2012-08-06 07:31 - 00001270 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk
2012-08-06 06:12 - 2012-08-06 07:35 - 00607260 ____R (Swearware) C:\Users\Boyce\Desktop\dds.com
2012-07-31 15:46 - 2009-07-13 20:34 - 00012288 _____ C:\Windows\System32\umstartup.etl
2012-07-31 15:44 - 2012-07-31 04:03 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-31 15:41 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-30 14:17 - 2009-11-12 20:59 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 14:17 - 2009-11-12 20:59 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 14:13 - 2012-07-16 03:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-30 03:50 - 2012-07-09 15:56 - 00030720 ____A C:\Users\Boyce\Documents\RosterMASL.xls
2012-07-28 04:26 - 2009-11-12 21:27 - 00760992 ____A C:\Windows\PFRO.log
2012-07-27 23:36 - 2012-02-05 15:15 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-27 23:23 - 2012-07-27 23:23 - 00424448 ____A (Stardock Systems, Inc) C:\Users\Boyce\Application Data\wuisht.dll
2012-07-27 23:23 - 2012-07-27 23:23 - 00424448 ____A (Stardock Systems, Inc) C:\Users\Boyce\AppData\Roaming\wuisht.dll
2012-07-27 22:56 - 2012-07-27 22:56 - 00056832 ___AH (FRISK Software International) C:\Windows\System32\DFDWetup.dll
2012-07-26 16:13 - 2012-04-04 17:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-26 16:13 - 2011-05-20 02:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-21 17:12 - 2012-07-21 17:12 - 00007609 ____A C:\Users\Boyce\AppData\Local\Resmon.ResmonCfg
2012-07-16 18:21 - 2009-07-13 20:53 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-13 17:15 - 2009-11-12 21:47 - 00945640 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-13 17:10 - 2012-07-13 17:09 - 00749832 ____A C:\Users\Andrea\Downloads\The-Virgin-s-Daughters-In-the-Court-of-Elizabeth-I.azw
2012-07-12 05:24 - 2009-01-20 22:44 - 00121120 ____A C:\Windows\DPINST.LOG
2012-07-12 03:42 - 2009-07-13 20:33 - 00420744 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 18:13 - 2009-12-09 16:01 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 18:12 - 2006-11-02 02:23 - 00000240 ____A C:\Windows\win.ini
2012-07-03 09:46 - 2012-02-05 15:14 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 09:05 - 2012-06-27 18:04 - 00015360 ___RA C:\Users\Boyce\Documents\9F1F5600
2012-06-30 04:08 - 2012-06-27 18:04 - 00015360 ___RA C:\Users\Boyce\Documents\roster.xls
2012-06-28 15:00 - 2011-11-28 15:27 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-06-28 14:59 - 2011-11-28 15:26 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-06-28 14:59 - 2011-11-28 15:26 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-06-28 14:59 - 2011-11-28 15:26 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-06-25 19:44 - 2012-06-25 19:44 - 00000094 ____A C:\Windows\family.ini
2012-06-25 18:25 - 2011-01-31 18:48 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-25 18:20 - 2012-06-25 18:19 - 10288512 ____A (Microsoft Corporation) C:\Users\Boyce\Downloads\mseinstall.exe
2012-06-22 11:47 - 2012-06-22 11:47 - 00005879 ____A C:\Users\Andrea\Downloads\Fall Registration Open- (1)
2012-06-22 11:47 - 2012-06-22 11:47 - 00005879 ____A C:\Users\Andrea\Downloads\Fall Registration Open-
2012-06-21 10:42 - 2012-06-21 10:42 - 00000196 ____A C:\cca.lic.sfold
2012-06-21 10:42 - 2012-06-21 10:42 - 00000196 ____A C:\cca.lic
2012-06-19 18:06 - 2012-06-19 18:04 - 83541290 ____A C:\Users\Boyce\Downloads\Punching Bag.zip
2012-06-17 18:36 - 2012-06-17 18:36 - 00000218 ____A C:\Users\Boyce\.recently-used.xbel
2012-06-13 12:57 - 2012-06-13 12:57 - 00001970 ____A C:\Users\Andrea\Desktop\Disney for Frame - Shortcut.lnk
2012-06-13 12:56 - 2012-06-13 12:56 - 00001259 ____A C:\Users\Andrea\Desktop\IMG_0177 - Shortcut.lnk
2012-06-11 18:40 - 2012-07-11 18:13 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 04:48 - 2012-06-09 05:06 - 00002831 ____A C:\msgbox.log
2012-06-09 02:32 - 2012-06-09 04:42 - 00008452 ____A C:\OldKPServReg5.log
2012-06-08 20:41 - 2012-07-11 02:23 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 14:26 - 2012-06-09 04:53 - 00000374 ____A C:\FATAL.LOG
2012-06-05 21:05 - 2012-07-11 02:23 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-11 02:23 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-11 02:23 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-21 02:54 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 02:54 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 02:54 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 02:53 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 02:53 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 02:54 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 02:53 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 02:53 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-21 02:53 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 18:27 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 18:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 18:27 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 18:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 18:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 18:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 18:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 18:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 18:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 18:27 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 18:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 18:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 18:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-11 02:23 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-11 02:23 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-11 02:23 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-11 02:23 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-11 02:23 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 08:25 - 2010-08-09 19:22 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-27 04:27 - 2012-05-27 04:27 - 00001053 ____A C:\Users\Public\Desktop\CardRecoveryPro.lnk
2012-05-27 03:57 - 2012-05-27 03:57 - 00001819 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-09 15:46 - 2012-05-09 15:46 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-09 15:46 - 2012-05-09 15:46 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe


ZeroAccess:
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\@
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\L
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\U
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\U\00000001.@
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\U\80000000.@
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\U\800000cb.@

ZeroAccess:
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3}
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\@
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\L
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 2814.36 MB
Available physical RAM: 2336.5 MB
Total Pagefile: 2812.64 MB
Available Pagefile: 2340.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:110.44 GB) (Free:16.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:106.9 GB) (Free:73.74 GB) NTFS
3 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.12 GB) NTFS
5 Drive g: (PENDRIVE) (Removable) (Total:1.92 GB) (Free:1.91 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1967 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 110 GB 12 GB
Partition 3 Primary 106 GB 122 GB
Partition 4 OEM 3628 MB 229 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 110 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 106 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 NTFS Partition 3628 MB Healthy Hidden

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1966 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G PENDRIVE FAT Removable 1966 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-28 03:26

======================= End Of Log ==========================
 
Farbar Recovery Scan Tool Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-07 07:49:43
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-31 15:41] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3}
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3}
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
No joy with that one.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-07 16:30:42 Run:2
Running from G:\

==============================================

Could not find C:\Windows\System32\services.exe.
Could not find C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe.

==== End of Fixlog ====
 
FRST Fixlist

Download the fixlist.txt and put it on your flashdrive to replace the current fixlist.txt.


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 

Attachments

  • fixlist.txt
    313 bytes · Views: 3
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-08 19:09:09 Run:3
Running from G:\
==============================================
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{29705fd8-db4a-7a33-8362-eac4941e9aa3} moved successfully.
C:\Users\Boyce\AppData\Local\{29705fd8-db4a-7a33-8362-eac4941e9aa3} moved successfully.
==== End of Fixlog ====
 
ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
ComboFix 12-08-08.03 - Boyce 08/09/2012 6:25.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2814.1255 [GMT -4:00]
Running from: c:\users\Boyce\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\programdata\SPLC102.tmp
c:\users\Boyce\AppData\Roaming\.#
c:\users\Boyce\g2mdlhlpx.exe
c:\windows\My.ini
c:\windows\security\Database\tmp.edb
c:\windows\system32\MSDCSC
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 10:50 . 2012-08-09 10:50--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
2012-08-09 10:50 . 2012-08-09 10:50--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-09 10:50 . 2012-08-09 10:50--------d-----w-c:\users\Classic .NET AppPool\AppData\Local\temp
2012-08-09 10:50 . 2012-08-09 10:50--------d-----w-c:\users\Andrea\AppData\Local\temp
2012-08-09 10:50 . 2012-08-09 10:50--------d-----w-c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-09 01:29 . 2012-08-09 01:2929904----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{136A6CFB-B708-425C-B27E-C2EC25BAB8EF}\MpKslae55a37f.sys
2012-08-09 00:47 . 2012-08-09 00:47--------d-----w-c:\program files\iPod
2012-08-08 23:16 . 2012-06-29 08:446891424----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{F41587BA-2837-4AA8-B245-B5B924F531D6}\mpengine.dll
2012-08-08 23:10 . 2012-08-08 23:1056200----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{136A6CFB-B708-425C-B27E-C2EC25BAB8EF}\offreg.dll
2012-08-07 20:26 . 2012-06-29 08:446891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{136A6CFB-B708-425C-B27E-C2EC25BAB8EF}\mpengine.dll
2012-08-07 06:09 . 2012-08-07 06:09--------d-----w-C:\FRST
2012-08-06 21:53 . 2012-08-06 21:53--------d-----w-c:\program files\ESET
2012-07-31 12:18 . 2012-07-31 12:18--------d-----w-c:\users\Andrea\AppData\Roaming\Malwarebytes
2012-07-31 12:03 . 2012-07-31 23:4440776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-28 07:23 . 2012-07-28 07:23--------d-----w-c:\users\Boyce\AppData\Local\{1D16C45F-D885-11E1-8270-B8AC6F996F26}
2012-07-28 05:09 . 2012-07-28 05:09--------d-----w-c:\users\Boyce\temp
2012-07-27 12:24 . 2012-06-29 08:446891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 02:38 . 2012-07-23 02:38--------d-----w-c:\users\Boyce\AppData\Local\LogMeIn
2012-07-23 02:38 . 2012-07-23 02:38--------d-----w-c:\programdata\LogMeIn
2012-07-17 02:38 . 2012-07-17 04:21--------d-----w-C:\Bin
2012-07-12 13:24 . 2012-07-12 13:24--------d-----w-c:\windows\0A94AE0C677C491D8A72A5AB2DAA68C1.TMP
2012-07-12 13:23 . 2012-07-12 13:23--------d-----w-c:\windows\60431C725C624BD0A248E839C2FC0950.TMP
2012-07-12 02:13 . 2012-06-12 02:402345984----a-w-c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 00:13 . 2012-04-05 01:16426184----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-08-09 00:13 . 2011-05-20 10:4570344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-02-05 23:1422344----a-w-c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 10:5445080----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 10:5453784----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 10:5335864----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 10:53577048----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 10:541933848----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 10:542422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 10:5388576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 10:53171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 10:5333792----a-w-c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-08-10 03:22237072------w-c:\windows\system32\MpSigStub.exe
2012-07-18 11:55 . 2012-02-11 12:53136672----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
2009-10-31 16:43 . 2009-10-31 16:43119808----a-w-c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{96b985b7-3cf9-456a-9db6-791710e60f5f}"= "c:\program files\MyPoints Toolbar 2.0\Helper.dll" [2010-05-03 242688]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2010-05-03 13:421529856----a-w-c:\program files\MyPoints Toolbar 2.0\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2010-05-03 1529856]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2010-05-03 1529856]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Boyce\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Boyce\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Boyce\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Boyce\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52121392----a-w-c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-18 68856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-08-06 13003448]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-09 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-09 167936]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-12 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-19 122368]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-01 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2009-08-31 672424]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2008-06-13 107176]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2009-02-03 858624]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-07-05 295304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-06-28 296096]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Boyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Disney Vacation Connection.lnk - c:\program files\Disney Vacation Connection\Disney Vacation Connection.exe [N/A]
Dropbox.lnk - c:\users\Boyce\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-1-30 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 gupdate1ca4d8344bb7341;Google Update Service (gupdate1ca4d8344bb7341);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 PTAPCBUS;Pantech Android USB Composite Device (PTAPC);c:\windows\system32\DRIVERS\PTAPCBUS.sys [x]
R3 PTAPCMDM;Pantech Android USB Modem Drivers (PTAPC);c:\windows\system32\DRIVERS\PTAPCMDM.sys [x]
R3 PTAPCVSP;Pantech Android USB Serial Port (PTAPC);c:\windows\system32\DRIVERS\PTAPCVSP.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S1 MpKslae55a37f;MpKslae55a37f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{136A6CFB-B708-425C-B27E-C2EC25BAB8EF}\MpKslae55a37f.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLAE55A37F
*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mferkdk
*Deregistered* - mfesmfk
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcsREG_MULTI_SZ w3svc was
apphostREG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:13]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 10:35]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 10:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Boyce\AppData\Roaming\Mozilla\Firefox\Profiles\uxl0h02x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=00207CDA65671690272B7A4FC25BA431&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-Setpoint - c:\users\Boyce\AppData\Roaming\Cryptedwithouticon.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} - c:\program files\Realtek\Audio\HDA\RtlUpd.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\MySql]
"ImagePath"="c:\mysql\bin\mysqld-nt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-09 06:59:02
ComboFix-quarantined-files.txt 2012-08-09 10:59
.
Pre-Run: 16,734,269,440 bytes free
Post-Run: 22,026,092,544 bytes free
.
- - End Of File - - BCC99AFB9B0CC0F58298198B8A1C656E
 
Scan for malware

bf_new.gif
Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle

Latest posts

Back