TechSpot

Sirefef.w/b/y removal

Solved
By Lyr21
Mar 14, 2013
  1. I've got a Windows 7 64-bit system that has been infected with these virus'. I've attempted to do virus removal (prior to finding this forum) and was unsuccessful. I've followed the preliminary instructions for viruses/spyware/malware post.

    1. done. uninstalled and reinstalled MS Security essentials, ran a quick scan. no troubles found.

    2. Malwarebytes log:

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.14.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Administrator :: SKELCE-L7 [administrator]

    Protection: Enabled

    3/14/2013 4:35:05 PM
    mbam-log-2013-03-14 (16-35-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 280082
    Time elapsed: 6 minute(s), 53 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    3. DSS.txt
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16446
    Run by Administrator at 16:42:34 on 2013-03-14
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2226 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Fingerprint Sensor\ATService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
    C:\Program Files\ShrewSoft\VPN Client\iked.exe
    C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\DRIVERS\o2flash.exe
    c:\Windows\SysWOW64\srvany.exe
    c:\Windows\sysWOW64\SDIOAssist.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: DisableCAD = dword:1
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} - hxxps://conference.lyrix.com/buddies/eDialCollabViewer.cab
    TCP: NameServer = 10.0.25.9 10.0.25.10
    TCP: Interfaces\{333C415A-D9CD-4CC1-930F-61EBC822D465} : DHCPNameServer = 10.0.25.9 10.0.25.10
    TCP: Interfaces\{9CE328ED-8EEF-41A7-9937-8723F37EF483} : DHCPNameServer = 10.0.25.9 10.0.25.10
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Authentication Packages = msv1_0 wvauth
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
    x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-10-20 22128]
    R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2010-9-2 21504]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-12 89600]
    R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2010-5-10 2683712]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
    R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]
    R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488]
    R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
    R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
    R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-14 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-14 682344]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
    R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2011-10-12 8192]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-12 2656280]
    R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
    R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2011-10-12 27760]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2011-10-12 616960]
    R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-10-12 349736]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-10-12 39464]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-10-12 172960]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-12 317440]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-14 24176]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-10-12 74984]
    R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2011-10-12 83560]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-10-12 158976]
    S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
    S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-10-12 72808]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2010-9-2 17408]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-03-14 20:27:3476232----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DDFF698D-FF8C-4A23-92E3-C95FE750BE95}\offreg.dll
    2013-03-14 20:18:51972264----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CC589DA-1DC2-4BD0-9CED-19F1C9717AF0}\gapaengine.dll
    2013-03-14 20:18:489162192----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DDFF698D-FF8C-4A23-92E3-C95FE750BE95}\mpengine.dll
    2013-03-14 20:12:54--------d-----w-C:\Program Files (x86)\Microsoft Security Client
    2013-03-14 20:12:50--------d-----w-C:\Program Files\Microsoft Security Client
    2013-03-14 20:01:40--------d-----w-C:\Windows\System32\appmgmt
    2013-03-14 19:24:17--------d-----w-C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2013-03-14 19:24:02--------d-----w-C:\ProgramData\Malwarebytes
    2013-03-14 19:24:0024176----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-03-14 19:24:00--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-14 19:23:46--------d-----w-C:\Users\Administrator\AppData\Local\Programs
    2013-03-14 18:45:3127256----a-w-C:\Windows\System32\drivers\FixZeroAccess.sys
    2013-03-14 18:27:20--------d-----w-C:\TDSSKiller_Quarantine
    2013-03-14 18:17:13--------d-----w-C:\6db4f6672811fe965da4e9c38ef5
    2013-03-14 18:09:16--------d-----w-C:\Users\Administrator\AppData\Local\Google
    2013-03-14 18:08:13--------d-----w-C:\Users\Administrator\AppData\Local\Broadcom
    2013-03-14 18:02:59328704----a-w-C:\Windows\System32\services.exe.558F246069ECD6FE
    2013-03-14 17:51:5150392----a-w-C:\Windows\System32\drivers\qiylpclo.sys
    2013-03-14 17:51:51328704----a-w-C:\Windows\System32\services.exe.C6D8E622821D75E6
    2013-03-14 17:49:20328704----a-w-C:\Windows\System32\services.exe.A1579CA9577EFA72
    2013-03-14 17:45:40328704----a-w-C:\Windows\System32\services.exe.C7B83C312CE2B608
    2013-03-14 17:41:16328704----a-w-C:\Windows\System32\services.exe.9609358E6A1092CD
    2013-03-14 17:35:53328704----a-w-C:\Windows\System32\services.exe.9CA94B43777B0A61
    2013-03-14 17:25:07328704----a-w-C:\Windows\System32\services.exe.B0624FF8A4BEE640
    2013-02-28 14:38:00--------d-----w-C:\ProgramData\Ask
    2013-02-28 14:37:40861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    .
    ==================== Find3M ====================
    .
    2013-03-14 18:05:24328704----a-w-C:\Windows\System32\services.exe
    2013-02-28 14:37:27782240----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-01-30 09:00:12273840------w-C:\Windows\System32\MpSigStub.exe
    2013-01-20 19:59:04230320----a-w-C:\Windows\System32\drivers\MpFilter.sys
    2013-01-20 19:59:04130008----a-w-C:\Windows\System32\drivers\NisDrvWFP.sys
    .
    ============= FINISH: 16:57:08.92 ===============
     
  2. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/20/2011 4:17:38 PM
    System Uptime: 3/14/2013 4:10:04 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 03PH4G
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 782/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 233.66 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Shrew Soft Virtual Adapter
    Device ID: ROOT\VNET\0000
    Manufacturer: Shrew Soft
    Name: Shrew Soft Virtual Adapter
    PNP Device ID: ROOT\VNET\0000
    Service: vnet
    .
    ==== System Restore Points ===================
    .
    RP94: 6/19/2012 8:38:03 AM - Windows Update
    RP95: 1/18/2013 10:54:20 AM - Scheduled Checkpoint
    RP96: 2/13/2013 4:21:57 PM - Scheduled Checkpoint
    RP97: 2/28/2013 9:36:37 AM - Removed Java(TM) 6 Update 29
    RP98: 2/28/2013 9:37:18 AM - Installed Java 7 Update 15
    RP99: 3/14/2013 4:00:17 PM - Removed Java(TM) 6 Update 27 (64-bit)
    RP100: 3/14/2013 4:02:48 PM - Removed Adobe Reader X (10.1.4).
    RP101: 3/14/2013 4:04:52 PM - Removed Java 7 Update 15
    RP102: 3/14/2013 4:18:21 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    64 Bit HP CIO Components Installer
    AccelerometerP11
    Actual Multiple Monitors 3.3
    AuthenTec Fingerprint Software
    Bing Bar
    BioAPI Framework
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Custom
    CyberLink PowerDVD 9.5
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Backup and Recovery Manager
    Dell Client System Update
    Dell Data Protection | Access
    Dell Data Protection | Access | Drivers
    Dell Data Protection | Access | Middleware
    Dell Edoc Viewer
    Dell System Manager
    Dell Touchpad
    Dell Webcam Central
    DellAccess
    Digital Line Detect
    DW WLAN Card Utility
    EMBASSY Security Center
    Gemalto
    Google Chrome
    Google Earth
    Google Update Helper
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Small Business 2007
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visio 2010 Service Pack 1 (SP1)
    Microsoft Visio Premium 2010
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Modem Diagnostic Tool
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Netwaiting
    Notepad++
    NTRU TCG Software Stack
    O2Micro Flash Memory Card Windows Driver
    O2Micro OZ776 SCR Driver
    OfficeSuite Softphone
    PC-CCID
    Preboot Manager
    Private Information Manager
    PuTTY version 0.61
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
    Shrew Soft VPN Client
    SPBA 5.9
    Trusted Drive Manager
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Upek Touchchip Fingerprint Reader
    Wave Infrastructure Installer
    Wave Support Software Installer
    WIDCOMM Bluetooth Software
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.01 (64-bit)
    WinSCP 4.3.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/14/2013 4:10:45 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    3/14/2013 4:10:44 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    3/14/2013 4:10:25 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain LYRIX due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    3/14/2013 3:19:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 3:16:37 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    3/14/2013 3:16:34 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    3/14/2013 3:16:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    3/14/2013 3:16:34 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    3/14/2013 3:15:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:54:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:54:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:53:38 PM, Error: Service Control Manager [7034] - The O2SDIOAssist service terminated unexpectedly. It has done this 1 time(s).
    3/14/2013 2:52:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:52:16 PM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
    3/14/2013 2:52:16 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    3/14/2013 2:52:16 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.0.8001.0 Engine Type: Network Inspection System User: skelce-l7\Administrator Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    3/14/2013 2:52:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: skelce-l7\Administrator Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
    3/14/2013 2:52:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: skelce-l7\Administrator Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
    3/14/2013 2:49:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:46:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:46:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:46:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:46:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:38:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:38:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:38:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:38:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:30:35 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/14/2013 2:30:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/14/2013 2:30:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/14/2013 2:30:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/14/2013 2:30:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/14/2013 2:30:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/14/2013 2:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/14/2013 2:30:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
    3/14/2013 2:30:17 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    3/14/2013 2:30:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:30:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:30:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:30:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vflt vwififlt Wanarpv6 WfpLwf
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/14/2013 2:29:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:29:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:29:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:20:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:19:02 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:620 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: skelce-l7\Administrator Process Name: C:\Windows\system32\services.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    3/14/2013 2:14:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:04:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:04:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:04:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:04:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 2:02:59 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:616 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    3/14/2013 2:02:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:02:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:02:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 2:02:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
     
  3. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    3/14/2013 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:51:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:49:20 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:648 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    3/14/2013 1:48:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:48:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:48:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:48:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:45:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:540 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
    3/14/2013 1:44:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:44:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:44:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:44:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:41:16 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:568 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
    3/14/2013 1:40:39 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    3/14/2013 1:40:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
    3/14/2013 1:40:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:40:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:40:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:40:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:39:03 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    3/14/2013 1:39:03 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    3/14/2013 1:39:03 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
    3/14/2013 1:39:03 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    3/14/2013 1:39:03 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
    3/14/2013 1:38:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:37:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:37:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:37:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:37:50 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    3/14/2013 1:37:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:35:53 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:568 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
    3/14/2013 1:34:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:34:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:34:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:34:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:30:48 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:608 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    3/14/2013 1:30:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:30:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:30:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:29:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:28:00 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:604 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    3/14/2013 1:27:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:27:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:27:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/14/2013 1:27:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:25:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:600 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    3/14/2013 1:23:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/14/2013 1:23:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    .
    ==== End Of File ===========================




    Note: I'm done for the day and will look at this tomorrow morning.
    Thanks.
     
  4. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  5. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Here is the first log file from RogueKiller:


    RogueKiller V8.5.3 [Mar 13 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Scan -- Date : 03/15/2013 09:26:12
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{43c45790-a302-66a2-21db-bedf28d52ae1}\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{43c45790-a302-66a2-21db-bedf28d52ae1}\L --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEKT-75PVMT0 +++++
    --- User ---
    [MBR] 34fe3d60538e0876a50085de178ae1ee
    [BSP] 4339813d9f975cd25b58ddd0f502f2f0 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12044 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24748032 | Size: 293160 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_03152013_02d0926.txt >>
    RKreport[1]_S_03152013_02d0926.txt


    Here is the second log file from Rogue Killer

    RogueKiller V8.5.3 [Mar 13 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Remove -- Date : 03/15/2013 09:28:48
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{43c45790-a302-66a2-21db-bedf28d52ae1}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{43c45790-a302-66a2-21db-bedf28d52ae1}\L --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEKT-75PVMT0 +++++
    --- User ---
    [MBR] 34fe3d60538e0876a50085de178ae1ee
    [BSP] 4339813d9f975cd25b58ddd0f502f2f0 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12044 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24748032 | Size: 293160 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_03152013_02d0928.txt >>
    RKreport[1]_S_03152013_02d0926.txt ; RKreport[2]_D_03152013_02d0928.txt


    Here is the first mbar-log-xxxxx.txt file

    Malwarebytes Anti-Rootkit BETA 1.01.0.1021
    www.malwarebytes.org

    Database version: v2013.03.15.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Administrator :: SKELCE-L7 [administrator]

    3/15/2013 10:09:40 AM
    mbar-log-2013-03-15 (10-09-40).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 29428
    Time elapsed: 36 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    c:\Users\skelce.LYRIX\Local Settings\Application Data\{43c45790-a302-66a2-21db-bedf28d52ae1}\U (Backdoor.0Access) -> Delete on reboot.
    c:\Users\skelce.LYRIX\Local Settings\Application Data\{43c45790-a302-66a2-21db-bedf28d52ae1}\L (Backdoor.0Access) -> Delete on reboot.

    Files Detected: 0
    (No malicious items detected)

    (end)

    Here is the second mbar-log-xxxx.txt file
    Malwarebytes Anti-Rootkit BETA 1.01.0.1021
    www.malwarebytes.org

    Database version: v2013.03.15.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Administrator :: SKELCE-L7 [administrator]

    3/15/2013 10:26:58 AM
    mbar-log-2013-03-15 (10-26-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 29402
    Time elapsed: 15 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Here is the system-log.txt
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1021

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.294000 GHz
    Memory total: 4186894336, free: 1997606912

    ------------ Kernel report ------------
    03/15/2013 09:32:43
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\stdcfltn.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\PBADRV.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\vfilter.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\bcmwl664.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\o2sdjw7x64.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\O2MDRw7x64.sys
    \SystemRoot\system32\DRIVERS\b57nd60a.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\Accelern.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\CtClsFlt.sys
    \SystemRoot\system32\DRIVERS\btwampfl.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\DRIVERS\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\btwavdt.sys
    \SystemRoot\system32\drivers\btwaudio.sys
    \SystemRoot\system32\DRIVERS\btwl2cap.sys
    \SystemRoot\system32\DRIVERS\btwrchid.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\drivers\BCM42RLY.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\Drivers\ATSwpWDF.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\difxapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imm32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\ole32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\wininet.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\user32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\sechost.dll
    \Windows\System32\psapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\lpk.dll
    \Windows\System32\nsi.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\devobj.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006314060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa800447e050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.03.15.05
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 3
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006314060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006314b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006314060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80061b1930, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
    DevicePointer: 0xfffffa800447e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00a76ce80, 0xfffffa8006314060, 0xfffffa80063f2790
    Lower DeviceData: 0xfffff8a00a8be880, 0xfffffa800447e050, 0xfffffa800653a310
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1A17B0CE

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920 Numsec = 24666112
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24748032 Numsec = 600391680

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Infected: c:\Users\skelce.LYRIX\Local Settings\Application Data\{43c45790-a302-66a2-21db-bedf28d52ae1}\U --> [Backdoor.0Access]
    Infected: c:\Users\skelce.LYRIX\Local Settings\Application Data\{43c45790-a302-66a2-21db-bedf28d52ae1}\L --> [Backdoor.0Access]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1021

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.294000 GHz
    Memory total: 4186894336, free: 1753407488

    ------------ Kernel report ------------
    03/15/2013 10:11:04
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\stdcfltn.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\PBADRV.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\vfilter.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\bcmwl664.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\o2sdjw7x64.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\O2MDRw7x64.sys
    \SystemRoot\system32\DRIVERS\b57nd60a.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\Accelern.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\CtClsFlt.sys
    \SystemRoot\system32\DRIVERS\btwampfl.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\DRIVERS\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\btwavdt.sys
    \SystemRoot\system32\drivers\btwaudio.sys
    \SystemRoot\system32\DRIVERS\btwl2cap.sys
    \SystemRoot\system32\DRIVERS\btwrchid.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\drivers\BCM42RLY.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\Drivers\ATSwpWDF.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\difxapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imm32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\ole32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\wininet.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\user32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\sechost.dll
    \Windows\System32\psapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\lpk.dll
    \Windows\System32\nsi.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\devobj.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006314060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa800447e050
    Lower Device Driver Name: \Driver\iaStor\
    Device already Exists: 0xfffffa800653a310
    Downloaded database version: v2013.03.15.06
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 3
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006314060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006314b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006314060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80061b1930, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
    DevicePointer: 0xfffffa800447e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00fdb6dc0, 0xfffffa8006314060, 0xfffffa80063f2790
    Lower DeviceData: 0xfffff8a002b18c00, 0xfffffa800447e050, 0xfffffa800653a310
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1A17B0CE

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920 Numsec = 24666112
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 24748032 Numsec = 600391680

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
  6. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Good :)

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  7. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Ran combofix and I ran into an issue when it rebooted the computer and I tried to login after the reboot. No matter what account I tried, I was always getting an error saying "the request is not supported"

    I then rebooted into safe mode and I was able to login with the administrator username/password (which is the user that I've been logged in as this entire time) and I was able to login and combofix finished running and created the logfile afterwards.

    Here is the logfile from combofix:

    ComboFix 13-03-17.01 - Administrator 03/18/2013 15:31:42.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2183 [GMT -4:00]
    Running from: c:\users\Administrator\Desktop\lyr-fix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\skelce.LYRIX\g2mdlhlpx.exe
    c:\windows\SysWow64\instsrv.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-18 19:38 . 2013-03-18 19:38--------d-----w-c:\users\tlesniak\AppData\Local\temp
    2013-03-18 19:19 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77C3C763-32EC-429C-A745-5659E13B1E6D}\mpengine.dll
    2013-03-18 14:41 . 2013-03-18 14:418294480----a-w-c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
    2013-03-15 13:44 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-03-15 13:44 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-03-15 13:33 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
    2013-03-15 13:33 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
    2013-03-15 13:33 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
    2013-03-15 13:33 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
    2013-03-14 20:32 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2013-03-14 20:32 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2013-03-14 20:32 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2013-03-14 20:32 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2013-03-14 20:32 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2013-03-14 20:32 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2013-03-14 20:32 . 2013-01-05 05:535553512----a-w-c:\windows\system32\ntoskrnl.exe
    2013-03-14 20:32 . 2013-01-05 05:003967848----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2013-03-14 20:32 . 2013-01-05 05:003913064----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2013-03-14 20:30 . 2012-11-01 05:432002432----a-w-c:\windows\system32\msxml6.dll
    2013-03-14 20:30 . 2012-11-01 05:431882624----a-w-c:\windows\system32\msxml3.dll
    2013-03-14 20:30 . 2012-11-01 04:471389568----a-w-c:\windows\SysWow64\msxml6.dll
    2013-03-14 20:30 . 2012-11-01 04:471236992----a-w-c:\windows\SysWow64\msxml3.dll
    2013-03-14 20:30 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll
    2013-03-14 20:30 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll
    2013-03-14 20:28 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2013-03-14 20:28 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    2013-03-14 20:28 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
    2013-03-14 20:28 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
    2013-03-14 20:28 . 2012-11-23 03:1368608----a-w-c:\windows\system32\taskhost.exe
    2013-03-14 20:28 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2013-03-14 20:28 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2013-03-14 20:28 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2013-03-14 20:28 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2013-03-14 20:18 . 2013-03-14 20:18972264------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC589DA-1DC2-4BD0-9CED-19F1C9717AF0}\gapaengine.dll
    2013-03-14 20:18 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-03-14 20:12 . 2013-03-14 20:12--------d-----w-c:\program files (x86)\Microsoft Security Client
    2013-03-14 20:12 . 2013-03-14 20:13--------d-----w-c:\program files\Microsoft Security Client
    2013-03-14 20:01 . 2013-03-14 20:01--------d-----w-c:\windows\system32\appmgmt
    2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\programdata\Malwarebytes
    2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-03-14 19:24 . 2012-12-14 20:4924176----a-w-c:\windows\system32\drivers\mbam.sys
    2013-03-14 18:45 . 2013-03-14 18:4527256----a-w-c:\windows\system32\drivers\FixZeroAccess.sys
    2013-03-14 18:27 . 2013-03-14 18:33--------d-----w-C:\TDSSKiller_Quarantine
    2013-03-14 18:17 . 2013-03-14 18:17--------d-----w-C:\6db4f6672811fe965da4e9c38ef5
    2013-03-14 18:02 . 2013-03-14 18:02328704----a-w-c:\windows\system32\services.exe.558F246069ECD6FE
    2013-03-14 17:51 . 2013-03-14 17:5150392----a-w-c:\windows\system32\drivers\qiylpclo.sys
    2013-03-14 17:51 . 2013-03-14 17:51328704----a-w-c:\windows\system32\services.exe.C6D8E622821D75E6
    2013-03-14 17:49 . 2013-03-14 17:49328704----a-w-c:\windows\system32\services.exe.A1579CA9577EFA72
    2013-03-14 17:45 . 2013-03-14 17:45328704----a-w-c:\windows\system32\services.exe.C7B83C312CE2B608
    2013-03-14 17:41 . 2013-03-14 17:41328704----a-w-c:\windows\system32\services.exe.9609358E6A1092CD
    2013-03-14 17:40 . 2013-03-18 19:20--------d-----w-c:\users\Administrator
    2013-03-14 17:35 . 2013-03-14 17:35328704----a-w-c:\windows\system32\services.exe.9CA94B43777B0A61
    2013-03-14 17:25 . 2013-03-14 17:25328704----a-w-c:\windows\system32\services.exe.B0624FF8A4BEE640
    2013-02-28 17:13 . 2013-02-28 17:13--------d-----w-c:\programdata\Creative
    2013-02-28 14:38 . 2013-02-28 14:38--------d-----w-c:\programdata\Ask
    2013-02-28 14:37 . 2013-02-28 14:37861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2013-02-28 14:17 . 2013-02-28 14:17--------d-----w-c:\programdata\McAfee
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-14 18:05 . 2009-07-13 23:19328704----a-w-c:\windows\system32\services.exe
    2013-03-04 18:53 . 2011-10-21 18:0872013344----a-w-c:\windows\system32\MRT.exe
    2013-02-28 14:37 . 2011-10-12 15:16782240----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-01-30 09:00 . 2010-11-21 03:27273840------w-c:\windows\system32\MpSigStub.exe
    2013-01-20 19:59 . 2013-01-20 19:59230320----a-w-c:\windows\system32\drivers\MpFilter.sys
    2013-01-20 19:59 . 2013-01-20 19:59130008----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    2013-01-04 04:43 . 2013-03-14 20:2944032----a-w-c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
    Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
    Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-10-12 50688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
    R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
    R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
    R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
    R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-05-16 616960]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-12 349736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-12 39464]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
    S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 27760]
    S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
    S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-14 18:271629648----a-w-c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
    .
    2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
    "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 10.0.25.9 10.0.25.10
    DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} - hxxps://conference.lyrix.com/buddies/eDialCollabViewer.cab
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6e,d9,
    96,b9,8c,eb,09,95,4e,cb,e8,4c,62,3e,21
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,22,
    8b,3d,1f,d0,00,93,c0,15,24,7e,43,26,d8
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e1,
    af,1e,5d,36,03,a7,2e,06,f3,08,c5,47,e1
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,21,dc,
    c9,75,aa,2f,0d,85,82,47,9c,27,73,86,51
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,17,
    e4,65,9f,41,04,a2,37,d2,a9,21,9d,10,1d
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,f8,
    a6,5a,91,bf,5b,a1,e1,44,e0,c1,41,f0,11
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:fb,dc,3b,5f,e5,23,ce,01
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-03-18 15:46:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-03-18 19:45
    .
    Pre-Run: 251,519,410,176 bytes free
    Post-Run: 251,337,719,808 bytes free
    .
    - - End Of File - - 57B1CE1907504827746A1E044CAB982F
     
  8. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\services.exe.B0624FF8A4BEE640
    c:\windows\system32\services.exe.9CA94B43777B0A61
    c:\windows\system32\services.exe.9609358E6A1092CD
    c:\windows\system32\services.exe.C7B83C312CE2B608
    c:\windows\system32\services.exe.A1579CA9577EFA72
    c:\windows\system32\services.exe.C6D8E622821D75E6
    c:\windows\system32\services.exe.558F246069ECD6FE
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  9. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    I did as you requested however nothing has happened. I drag the CFScript file onto combofix and I initially get the little combofix extraction box, but then that disappears and nothing happens. There is no combofix.txt log file (or I should say that the file hasn't changed since the previous run as the update timestamp is from an hour ago when I ran it) and if I try to reboot and login with the administrator account I still get the 'The request is not supported' error so I can only login under 'safe-mode'
     
  10. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Nevermind.. the autoscan box finally popped up after about 10-15 minutes of me dragging the file onto combofix
     
  11. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Ok. combofix ran. here is the logfile:

    ComboFix 13-03-17.01 - Administrator 03/18/2013 16:51:58.2.4 - x64 NETWORK
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2970 [GMT -4:00]
    Running from: c:\users\Administrator\Desktop\lyr-fix.exe
    Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\services.exe.558F246069ECD6FE"
    "c:\windows\system32\services.exe.9609358E6A1092CD"
    "c:\windows\system32\services.exe.9CA94B43777B0A61"
    "c:\windows\system32\services.exe.A1579CA9577EFA72"
    "c:\windows\system32\services.exe.B0624FF8A4BEE640"
    "c:\windows\system32\services.exe.C6D8E622821D75E6"
    "c:\windows\system32\services.exe.C7B83C312CE2B608"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\services.exe.558F246069ECD6FE
    c:\windows\system32\services.exe.9609358E6A1092CD
    c:\windows\system32\services.exe.9CA94B43777B0A61
    c:\windows\system32\services.exe.A1579CA9577EFA72
    c:\windows\system32\services.exe.B0624FF8A4BEE640
    c:\windows\system32\services.exe.C6D8E622821D75E6
    c:\windows\system32\services.exe.C7B83C312CE2B608
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-18 20:59 . 2013-03-18 20:59--------d-----w-c:\users\tlesniak\AppData\Local\temp
    2013-03-18 20:59 . 2013-03-18 20:59--------d-----w-c:\users\skelce\AppData\Local\temp
    2013-03-18 20:59 . 2013-03-18 20:59--------d-----w-c:\users\skelce.LYRIX\AppData\Local\temp
    2013-03-18 20:59 . 2013-03-18 20:59--------d-----w-c:\users\Default\AppData\Local\temp
    2013-03-18 19:19 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77C3C763-32EC-429C-A745-5659E13B1E6D}\mpengine.dll
    2013-03-18 14:41 . 2013-03-18 14:418294480----a-w-c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
    2013-03-15 13:44 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-03-15 13:44 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-03-15 13:33 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
    2013-03-15 13:33 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
    2013-03-15 13:33 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
    2013-03-15 13:33 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
    2013-03-14 20:32 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2013-03-14 20:32 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2013-03-14 20:32 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2013-03-14 20:32 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2013-03-14 20:32 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2013-03-14 20:32 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2013-03-14 20:32 . 2013-01-05 05:535553512----a-w-c:\windows\system32\ntoskrnl.exe
    2013-03-14 20:32 . 2013-01-05 05:003967848----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2013-03-14 20:32 . 2013-01-05 05:003913064----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2013-03-14 20:30 . 2012-11-01 05:432002432----a-w-c:\windows\system32\msxml6.dll
    2013-03-14 20:30 . 2012-11-01 05:431882624----a-w-c:\windows\system32\msxml3.dll
    2013-03-14 20:30 . 2012-11-01 04:471389568----a-w-c:\windows\SysWow64\msxml6.dll
    2013-03-14 20:30 . 2012-11-01 04:471236992----a-w-c:\windows\SysWow64\msxml3.dll
    2013-03-14 20:30 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll
    2013-03-14 20:30 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll
    2013-03-14 20:28 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2013-03-14 20:28 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    2013-03-14 20:28 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
    2013-03-14 20:28 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
    2013-03-14 20:28 . 2012-11-23 03:1368608----a-w-c:\windows\system32\taskhost.exe
    2013-03-14 20:28 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2013-03-14 20:28 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2013-03-14 20:28 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2013-03-14 20:28 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2013-03-14 20:18 . 2013-03-14 20:18972264------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC589DA-1DC2-4BD0-9CED-19F1C9717AF0}\gapaengine.dll
    2013-03-14 20:18 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-03-14 20:12 . 2013-03-14 20:12--------d-----w-c:\program files (x86)\Microsoft Security Client
    2013-03-14 20:12 . 2013-03-14 20:13--------d-----w-c:\program files\Microsoft Security Client
    2013-03-14 20:01 . 2013-03-14 20:01--------d-----w-c:\windows\system32\appmgmt
    2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\programdata\Malwarebytes
    2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-03-14 19:24 . 2012-12-14 20:4924176----a-w-c:\windows\system32\drivers\mbam.sys
    2013-03-14 18:45 . 2013-03-14 18:4527256----a-w-c:\windows\system32\drivers\FixZeroAccess.sys
    2013-03-14 18:27 . 2013-03-14 18:33--------d-----w-C:\TDSSKiller_Quarantine
    2013-03-14 18:17 . 2013-03-14 18:17--------d-----w-C:\6db4f6672811fe965da4e9c38ef5
    2013-03-14 17:51 . 2013-03-14 17:5150392----a-w-c:\windows\system32\drivers\qiylpclo.sys
    2013-03-14 17:40 . 2013-03-18 19:20--------d-----w-c:\users\Administrator
    2013-02-28 17:13 . 2013-02-28 17:13--------d-----w-c:\programdata\Creative
    2013-02-28 14:38 . 2013-02-28 14:38--------d-----w-c:\programdata\Ask
    2013-02-28 14:37 . 2013-02-28 14:37861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2013-02-28 14:17 . 2013-02-28 14:17--------d-----w-c:\programdata\McAfee
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-14 18:05 . 2009-07-13 23:19328704----a-w-c:\windows\system32\services.exe
    2013-03-04 18:53 . 2011-10-21 18:0872013344----a-w-c:\windows\system32\MRT.exe
    2013-02-28 14:37 . 2011-10-12 15:16782240----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-01-30 09:00 . 2010-11-21 03:27273840------w-c:\windows\system32\MpSigStub.exe
    2013-01-20 19:59 . 2013-01-20 19:59230320----a-w-c:\windows\system32\drivers\MpFilter.sys
    2013-01-20 19:59 . 2013-01-20 19:59130008----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    2013-01-04 04:43 . 2013-03-14 20:2944032----a-w-c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
    Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
    Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-10-12 50688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
    R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
    R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
    R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
    R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-05-16 616960]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-12 349736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-12 39464]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
    S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 27760]
    S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
    S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-14 18:271629648----a-w-c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
    .
    2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
    "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 10.0.25.9 10.0.25.10
    DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} - hxxps://conference.lyrix.com/buddies/eDialCollabViewer.cab
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6e,d9,
    96,b9,8c,eb,09,95,4e,cb,e8,4c,62,3e,21
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,22,
    8b,3d,1f,d0,00,93,c0,15,24,7e,43,26,d8
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e1,
    af,1e,5d,36,03,a7,2e,06,f3,08,c5,47,e1
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,21,dc,
    c9,75,aa,2f,0d,85,82,47,9c,27,73,86,51
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,17,
    e4,65,9f,41,04,a2,37,d2,a9,21,9d,10,1d
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,f8,
    a6,5a,91,bf,5b,a1,e1,44,e0,c1,41,f0,11
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:fb,dc,3b,5f,e5,23,ce,01
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-03-18 17:00:48
    ComboFix-quarantined-files.txt 2013-03-18 21:00
    ComboFix2.txt 2013-03-18 19:46
    .
    Pre-Run: 251,292,106,752 bytes free
    Post-Run: 250,970,275,840 bytes free
    .
    - - End Of File - - 96CE127BBCCFB9966655928966B430A3
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Looks good.

    How is computer doing?

    ==============================

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    I am unable to login via a regular boot. I always get the 'the request is not supported' error, so there is that issue. The only way that I can login is if I boot into safe mode.

    Not sure if I should continue with your latest steps (adwcleaner, jrt, otl) in safe mode or not.
     
  14. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    At what exact point of booting process are you getting that error and when did it happen for the first time?
     
  15. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    I get this error after I type in my username/password. This started during the first time that I ran combofix. combofix auto rebooted the system and when the system came back up I couldn't login. I had to boot into safe mode and enter my username/passwd (same one that I couldn't login with during a normal bootup) and then it logged in and completed running combofix. That produced the above combofix log that I posted
     
  16. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  17. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Here's the FRST.txt log file:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 6 days old)
    Ran by SYSTEM at 19-03-2013 10:03:17
    Running from F:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet002

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-04] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
    HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
    HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
    HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
    HKU\skelce.LYRIX\...\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [1675592 2011-08-05] (Actual Tools)
    HKU\tlesniak\...\Run: [OfficeSuite Softphone] "C:\Program Files (x86)\Broadview\officesuite.exe" [14979072 2011-04-11] ()
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.0.25.9 10.0.25.10
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell System Manager.lnk
    ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

    ==================== Services (Whitelisted) ===================

    2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [158720 2010-06-29] (Broadcom Corporation)
    2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-07] ()
    2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-07] ()
    2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-07] ()
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22056 2013-01-27] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
    2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
    2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
    2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)

    ==================== Drivers (Whitelisted) =====================

    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    3 catchme; \??\C:\lyr-fix\catchme.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
    2013-03-18 13:00 - 2013-03-18 13:00 - 00018630 ____A C:\ComboFix.txt
    2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
    2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
    2013-03-18 11:30 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-03-18 11:30 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-03-18 11:30 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2013-03-18 11:28 - 2013-03-18 11:44 - 00000000 ____D C:\Windows\erdnt
    2013-03-18 10:10 - 2013-03-18 13:00 - 00000000 ____D C:\Qoobox
    2013-03-15 05:33 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2013-03-15 05:33 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2013-03-15 05:33 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2013-03-15 05:33 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
    2013-03-15 05:28 - 2013-03-15 05:30 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
    2013-03-15 05:27 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-03-15 05:27 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-03-15 05:27 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-03-15 05:27 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-03-15 05:27 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-03-15 05:27 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-03-15 05:27 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-03-15 05:27 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-03-15 05:27 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-03-15 05:27 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-03-15 05:27 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-03-15 05:27 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-03-15 05:27 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-03-15 05:27 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-03-15 05:27 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-03-15 05:27 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-03-15 05:27 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-03-15 05:27 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-03-15 05:27 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-03-15 05:27 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-03-15 05:27 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-03-15 05:27 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-03-15 05:27 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-03-15 05:27 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-03-15 05:27 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-03-15 05:27 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-03-15 05:27 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-03-15 05:27 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-03-15 05:27 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-03-15 05:27 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-03-15 05:27 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-03-15 05:27 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
    2013-03-15 05:24 - 2013-03-15 05:28 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
    2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
    2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2013-03-14 13:02 - 2013-03-14 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
    2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
    2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
    2013-03-14 12:32 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-03-14 12:32 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-03-14 12:32 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-03-14 12:32 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-03-14 12:32 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-03-14 12:32 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-03-14 12:32 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-03-14 12:32 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-03-14 12:32 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-03-14 12:31 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-03-14 12:31 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-03-14 12:31 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-03-14 12:31 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-03-14 12:31 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-03-14 12:31 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-03-14 12:31 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-03-14 12:31 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2013-03-14 12:31 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2013-03-14 12:31 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2013-03-14 12:31 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-03-14 12:31 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-03-14 12:31 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2013-03-14 12:31 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2013-03-14 12:30 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-03-14 12:30 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-03-14 12:30 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-03-14 12:30 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2013-03-14 12:30 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2013-03-14 12:30 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2013-03-14 12:29 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-03-14 12:29 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-03-14 12:29 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-03-14 12:29 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-03-14 12:29 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-03-14 12:29 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-03-14 12:29 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-03-14 12:29 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-03-14 12:29 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-03-14 12:29 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-03-14 12:29 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2013-03-14 12:29 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2013-03-14 12:29 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2013-03-14 12:29 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-03-14 12:29 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2013-03-14 12:29 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2013-03-14 12:29 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2013-03-14 12:29 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2013-03-14 12:29 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-03-14 12:29 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-03-14 12:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-03-14 12:29 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-03-14 12:29 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2013-03-14 12:28 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
    2013-03-14 12:28 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2013-03-14 12:28 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2013-03-14 12:28 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2013-03-14 12:28 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2013-03-14 12:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2013-03-14 12:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2013-03-14 12:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2013-03-14 12:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2013-03-14 12:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2013-03-14 12:13 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2013-03-14 12:13 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2013-03-14 12:13 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2013-03-14 12:12 - 2013-03-14 12:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
    2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
    2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-14 11:24 - 2012-12-14 12:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-03-14 11:21 - 2013-03-14 11:22 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2013-03-14 10:27 - 2013-03-14 10:33 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
    2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
    2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
    2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
    2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
    2013-03-14 09:40 - 2013-03-18 11:20 - 00000000 ____D C:\users\Administrator
    2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2013-03-14 09:40 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
    2013-03-14 09:21 - 2013-03-14 09:22 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
    2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
    2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
    2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
    2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
    2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
    2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
    2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
    2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
    2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
    2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
    2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
    2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
    2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
    2013-02-28 06:38 - 2013-02-28 06:38 - 00000000 ____D C:\ProgramData\Ask
    2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
    2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
    2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
    2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
    2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
    2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
    2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

    ==================== One Month Modified Files and Folders =======

    2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
    2013-03-18 13:12 - 2011-10-12 07:07 - 02030933 ____A C:\Windows\WindowsUpdate.log
    2013-03-18 13:12 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-03-18 13:12 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-03-18 13:11 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-03-18 13:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-03-18 13:07 - 2009-07-13 20:51 - 00055603 ____A C:\Windows\setupact.log
    2013-03-18 13:04 - 2010-11-20 19:47 - 00029012 ____A C:\Windows\PFRO.log
    2013-03-18 13:00 - 2013-03-18 13:00 - 00018630 ____A C:\ComboFix.txt
    2013-03-18 13:00 - 2013-03-18 10:10 - 00000000 ____D C:\Qoobox
    2013-03-18 12:59 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
    2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
    2013-03-18 12:32 - 2011-10-20 12:46 - 00000224 ____A C:\Windows\System32\config\netlogon.ftl
    2013-03-18 11:44 - 2013-03-18 11:28 - 00000000 ____D C:\Windows\erdnt
    2013-03-18 11:39 - 2009-07-13 18:34 - 70516736 ____A C:\Windows\System32\config\SOFTWARE.bak
    2013-03-18 11:39 - 2009-07-13 18:34 - 20709376 ____A C:\Windows\System32\config\SYSTEM.bak
    2013-03-18 11:39 - 2009-07-13 18:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
    2013-03-18 11:39 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
    2013-03-18 11:39 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
    2013-03-18 11:38 - 2011-10-21 10:47 - 00000000 ____D C:\users\skelce.LYRIX
    2013-03-18 11:27 - 2011-10-21 05:47 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-03-18 11:20 - 2013-03-14 09:40 - 00000000 ____D C:\users\Administrator
    2013-03-18 11:20 - 2011-10-21 05:47 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-03-18 11:18 - 2011-10-21 05:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-03-18 11:18 - 2011-10-20 12:48 - 00000000 ____D C:\users\tlesniak
    2013-03-18 11:18 - 2011-10-20 12:17 - 00000000 ____D C:\users\skelce
    2013-03-18 11:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-03-18 06:27 - 2009-07-13 20:45 - 00412624 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-03-15 06:10 - 2012-01-11 09:25 - 00000000 __SHD C:\Users\skelce.LYRIX\AppData\Local\{43c45790-a302-66a2-21db-bedf28d52ae1}
    2013-03-15 06:09 - 2011-10-21 08:06 - 00000039 ____A C:\Windows\vbaddin.ini
    2013-03-15 06:09 - 2011-10-21 06:07 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-03-15 06:08 - 2011-02-10 06:33 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
    2013-03-15 05:30 - 2013-03-15 05:28 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
    2013-03-15 05:28 - 2013-03-15 05:24 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
    2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
    2013-03-15 05:24 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
    2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2013-03-14 13:09 - 2013-03-14 13:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
    2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
    2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
    2013-03-14 12:13 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-03-14 12:13 - 2011-10-21 05:31 - 00001945 ____A C:\Windows\epplauncher.mif
    2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-03-14 12:03 - 2011-10-21 05:39 - 00000000 ____D C:\ProgramData\Adobe
    2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
    2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
    2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-14 11:22 - 2013-03-14 11:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2013-03-14 10:33 - 2013-03-14 10:27 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-03-14 10:28 - 2012-07-18 09:59 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
    2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
    2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
    2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
    2013-03-14 10:05 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
    2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2013-03-14 09:22 - 2013-03-14 09:21 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
    2013-03-14 09:17 - 2011-10-21 11:14 - 00000000 ____D C:\Users\skelce.LYRIX\AppData\Roaming\Skinux
    2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
    2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
    2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
    2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
    2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
    2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
    2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
    2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
    2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
    2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
    2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
    2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
    2013-03-04 10:53 - 2011-10-21 10:08 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-02-28 09:45 - 2011-10-21 10:19 - 00000000 ____D C:\Users\tlesniak\AppData\Roaming\Skinux
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
    2013-02-28 09:11 - 2011-10-21 05:48 - 00002261 ____A C:\Users\tlesniak\Desktop\Google Chrome.lnk
    2013-02-28 09:11 - 2011-10-20 12:49 - 00108840 ____A C:\Users\tlesniak\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
    2013-02-28 08:49 - 2012-04-20 07:22 - 00012389 ____A C:\Users\skelce.LYRIX\Desktop\EE Stock Ownership Addresses.xlsx
    2013-02-28 06:38 - 2013-02-28 06:38 - 00000000 ____D C:\ProgramData\Ask
    2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-02-28 06:37 - 2011-10-12 07:16 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
    2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
    2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
    2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
    2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
    2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
    2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-01-18 07:54:32
    Restore point made on: 2013-02-13 13:22:03
    Restore point made on: 2013-02-28 06:36:48
    Restore point made on: 2013-02-28 06:37:22
    Restore point made on: 2013-03-14 12:00:32
    Restore point made on: 2013-03-14 12:02:54
    Restore point made on: 2013-03-14 12:04:58
    Restore point made on: 2013-03-14 12:18:28
    Restore point made on: 2013-03-15 05:22:18
    Restore point made on: 2013-03-18 06:36:34
    Restore point made on: 2013-03-18 10:04:27
    Restore point made on: 2013-03-18 11:13:04

    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 3992.93 MB
    Available physical RAM: 3351.01 MB
    Total Pagefile: 3991.13 MB
    Available Pagefile: 3340.89 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:286.29 GB) (Free:233.78 GB) NTFS
    3 Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (RECOVERY) (Fixed) (Total:11.76 GB) (Free:5.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 1920 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 1A17B0CE

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 11 GB 40 MB
    Partition 3 Primary 286 GB 11 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 11 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 286 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 00000001

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 1920 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    =========================================================
    ============================== MBR Partition Table ==================

    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: 1A17B0CE

    Partition 1:
    =========
    Hex: 00010100DEFE3F043F00000086390100
    Active: NO
    Type: DE
    Size: 39 MB

    Partition 2:
    =========
    Hex: 8019150507FEFFFF0040010000607801
    Active: YES
    Type: 07 (NTFS)
    Size: 12 GB

    Partition 3:
    =========
    Hex: 00FEFFFF07FEFFFF00A079010040C923
    Active: NO
    Type: 07 (NTFS)
    Size: 286 GB

    ==============================
    Partitions of Disk 1:
    ===============
    Disk ID: 6F20736B

    Partition 1:
    =========
    Hex: 6F74686572206D656469612EFF0D0A44
    Active: NO
    Type: 72
    Size: 544 GB

    Partition 2:
    =========
    Hex: 69736B206572726F72FF0D0A50726573
    Active: NO
    Type: 65
    Size: 923 GB

    Partition 3:
    =========
    Hex: 7320616E79206B657920746F20726573
    Active: NO
    Type: 79
    Size: 923 GB

    Partition 4:
    =========
    Hex: 746172740D0A00000000000000ACCBD8
    Active: NO
    Type: 0D
    Size: -336763289600 byte


    Last Boot: 2013-03-05 08:03

    ==================== End Of Log =============================
     
  18. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

  19. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    I can now boot normally and login!

    fixlog.txt
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
    Ran by SYSTEM at 2013-03-19 15:30:04 Run:1
    Running from F:\

    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
     
  20. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Excellent!
    Create new restore point and re-run Combofix one more time.
     
  21. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Done. Unfortunately I'm back to the same situation getting the "the request is not supported" when I do a normal boot and try to login. I get this error after entering the username/password. So I had to reboot into safe mode and login, then combo fix was able to finish running and generate the following log file:


    ComboFix 13-03-19.01 - Administrator 03/19/2013 16:10:28.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2510 [GMT -4:00]
    Running from: c:\users\Administrator.skelce-l7\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-19 20:16 . 2013-03-19 20:16--------d-----w-c:\users\tlesniak\AppData\Local\temp
    2013-03-19 20:16 . 2013-03-19 20:16--------d-----w-c:\users\skelce\AppData\Local\temp
    2013-03-18 19:19 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77C3C763-32EC-429C-A745-5659E13B1E6D}\mpengine.dll
    2013-03-18 14:41 . 2013-03-18 14:418294480----a-w-c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
    2013-03-15 13:44 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-03-15 13:44 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-03-15 13:33 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
    2013-03-15 13:33 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
    2013-03-15 13:33 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
    2013-03-15 13:33 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
    2013-03-14 20:32 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2013-03-14 20:32 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2013-03-14 20:32 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2013-03-14 20:32 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2013-03-14 20:32 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2013-03-14 20:32 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2013-03-14 20:32 . 2013-01-05 05:535553512----a-w-c:\windows\system32\ntoskrnl.exe
    2013-03-14 20:32 . 2013-01-05 05:003967848----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2013-03-14 20:32 . 2013-01-05 05:003913064----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2013-03-14 20:30 . 2012-11-01 05:432002432----a-w-c:\windows\system32\msxml6.dll
    2013-03-14 20:30 . 2012-11-01 05:431882624----a-w-c:\windows\system32\msxml3.dll
    2013-03-14 20:30 . 2012-11-01 04:471389568----a-w-c:\windows\SysWow64\msxml6.dll
    2013-03-14 20:30 . 2012-11-01 04:471236992----a-w-c:\windows\SysWow64\msxml3.dll
    2013-03-14 20:30 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll
    2013-03-14 20:30 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll
    2013-03-14 20:28 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2013-03-14 20:28 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    2013-03-14 20:28 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
    2013-03-14 20:28 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
    2013-03-14 20:28 . 2012-11-23 03:1368608----a-w-c:\windows\system32\taskhost.exe
    2013-03-14 20:28 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2013-03-14 20:28 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2013-03-14 20:28 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2013-03-14 20:28 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2013-03-14 20:18 . 2013-03-14 20:18972264------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC589DA-1DC2-4BD0-9CED-19F1C9717AF0}\gapaengine.dll
    2013-03-14 20:18 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-03-14 20:12 . 2013-03-14 20:12--------d-----w-c:\program files (x86)\Microsoft Security Client
    2013-03-14 20:12 . 2013-03-14 20:13--------d-----w-c:\program files\Microsoft Security Client
    2013-03-14 20:01 . 2013-03-14 20:01--------d-----w-c:\windows\system32\appmgmt
    2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\programdata\Malwarebytes
    2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-03-14 19:24 . 2012-12-14 20:4924176----a-w-c:\windows\system32\drivers\mbam.sys
    2013-03-14 18:45 . 2013-03-14 18:4527256----a-w-c:\windows\system32\drivers\FixZeroAccess.sys
    2013-03-14 18:27 . 2013-03-14 18:33--------d-----w-C:\TDSSKiller_Quarantine
    2013-03-14 18:17 . 2013-03-14 18:17--------d-----w-C:\6db4f6672811fe965da4e9c38ef5
    2013-03-14 17:51 . 2013-03-14 17:5150392----a-w-c:\windows\system32\drivers\qiylpclo.sys
    2013-03-14 17:40 . 2013-03-18 19:20--------d-----w-c:\users\Administrator
    2013-02-28 17:13 . 2013-02-28 17:13--------d-----w-c:\programdata\Creative
    2013-02-28 14:38 . 2013-02-28 14:38--------d-----w-c:\programdata\Ask
    2013-02-28 14:37 . 2013-02-28 14:37861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2013-02-28 14:17 . 2013-02-28 14:17--------d-----w-c:\programdata\McAfee
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-14 18:05 . 2009-07-13 23:19328704----a-w-c:\windows\system32\services.exe
    2013-03-04 18:53 . 2011-10-21 18:0872013344----a-w-c:\windows\system32\MRT.exe
    2013-02-28 14:37 . 2011-10-12 15:16782240----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-01-30 09:00 . 2010-11-21 03:27273840------w-c:\windows\system32\MpSigStub.exe
    2013-01-20 19:59 . 2013-01-20 19:59230320----a-w-c:\windows\system32\drivers\MpFilter.sys
    2013-01-20 19:59 . 2013-01-20 19:59130008----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    2013-01-04 04:43 . 2013-03-14 20:2944032----a-w-c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
    Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
    Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-10-12 50688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
    R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
    R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
    R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
    R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
    R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-05-16 616960]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
    R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-12 349736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-12 39464]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
    S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 27760]
    S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
    S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
    .
    2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
    "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 10.0.25.9 10.0.25.10
    DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} - hxxps://conference.lyrix.com/buddies/eDialCollabViewer.cab
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    SafeBoot-MsMpSvc
    HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
    Toolbar-Locked - (no file)
    AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
    AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_Plugin.exe
    AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-03-19 16:25:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-03-19 20:25
    ComboFix2.txt 2013-03-18 21:00
    ComboFix3.txt 2013-03-18 19:46
    .
    Pre-Run: 250,769,440,768 bytes free
    Post-Run: 250,329,329,664 bytes free
    .
    - - End Of File - - EC384447D40BE09EC40C840379A8B3AB
     
  22. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Give me fresh FRST log.
     
  23. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 6 days old)
    Ran by SYSTEM at 19-03-2013 16:33:36
    Running from F:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-04] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
    HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
    HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
    HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
    HKU\skelce.LYRIX\...\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [1675592 2011-08-05] (Actual Tools)
    HKU\tlesniak\...\Run: [OfficeSuite Softphone] "C:\Program Files (x86)\Broadview\officesuite.exe" [14979072 2011-04-11] ()
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.0.25.9 10.0.25.10
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell System Manager.lnk
    ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

    ==================== Services (Whitelisted) ===================

    2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [158720 2010-06-29] (Broadcom Corporation)
    2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-07] ()
    2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-07] ()
    2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-07] ()
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
    2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
    2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
    2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
    2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
    3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [x]
    2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [x]

    ==================== Drivers (Whitelisted) =====================

    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-03-19 15:30 - 2013-03-19 15:30 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2013-03-19 12:33 - 2013-03-19 12:33 - 00108840 ____A C:\Users\Administrator.skelce-l7\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\Documents\Bluetooth Exchange Folder
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Roaming\Creative
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Broadcom
    2013-03-19 12:32 - 2013-03-19 12:32 - 00000020 ___SH C:\Users\Administrator.skelce-l7\ntuser.ini
    2013-03-19 12:32 - 2013-03-19 12:32 - 00000000 ____D C:\users\Administrator.skelce-l7
    2013-03-19 12:32 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Microsoft Help
    2013-03-19 12:25 - 2013-03-19 12:25 - 00021054 ____A C:\ComboFix.txt
    2013-03-19 12:06 - 2013-03-19 12:07 - 05041561 ____R (Swearware) C:\Users\Administrator.skelce-l7\Desktop\ComboFix.exe
    2013-03-19 12:05 - 2013-03-19 12:05 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Google
    2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
    2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
    2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
    2013-03-18 11:30 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-03-18 11:30 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-03-18 11:30 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2013-03-18 11:28 - 2013-03-19 12:16 - 00000000 ____D C:\Windows\erdnt
    2013-03-18 10:10 - 2013-03-19 12:25 - 00000000 ____D C:\Qoobox
    2013-03-15 05:33 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2013-03-15 05:33 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2013-03-15 05:33 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2013-03-15 05:33 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
    2013-03-15 05:28 - 2013-03-15 05:30 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
    2013-03-15 05:27 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-03-15 05:27 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-03-15 05:27 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-03-15 05:27 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-03-15 05:27 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-03-15 05:27 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-03-15 05:27 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-03-15 05:27 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-03-15 05:27 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-03-15 05:27 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-03-15 05:27 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-03-15 05:27 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-03-15 05:27 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-03-15 05:27 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-03-15 05:27 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-03-15 05:27 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-03-15 05:27 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-03-15 05:27 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-03-15 05:27 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-03-15 05:27 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-03-15 05:27 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-03-15 05:27 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-03-15 05:27 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-03-15 05:27 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-03-15 05:27 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-03-15 05:27 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-03-15 05:27 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-03-15 05:27 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-03-15 05:27 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-03-15 05:27 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-03-15 05:27 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-03-15 05:27 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
    2013-03-15 05:24 - 2013-03-15 05:28 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
    2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
    2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2013-03-14 13:02 - 2013-03-14 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
    2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
    2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
    2013-03-14 12:32 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-03-14 12:32 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-03-14 12:32 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-03-14 12:32 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-03-14 12:32 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-03-14 12:32 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-03-14 12:32 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-03-14 12:32 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-03-14 12:32 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-03-14 12:31 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-03-14 12:31 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-03-14 12:31 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-03-14 12:31 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-03-14 12:31 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-03-14 12:31 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-03-14 12:31 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-03-14 12:31 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2013-03-14 12:31 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2013-03-14 12:31 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2013-03-14 12:31 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-03-14 12:31 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-03-14 12:31 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2013-03-14 12:31 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2013-03-14 12:30 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-03-14 12:30 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-03-14 12:30 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-03-14 12:30 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2013-03-14 12:30 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2013-03-14 12:30 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2013-03-14 12:29 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-03-14 12:29 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-03-14 12:29 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-03-14 12:29 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-03-14 12:29 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-03-14 12:29 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-03-14 12:29 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-03-14 12:29 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-03-14 12:29 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-03-14 12:29 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-03-14 12:29 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2013-03-14 12:29 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2013-03-14 12:29 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2013-03-14 12:29 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-03-14 12:29 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2013-03-14 12:29 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2013-03-14 12:29 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2013-03-14 12:29 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2013-03-14 12:29 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-03-14 12:29 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-03-14 12:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-03-14 12:29 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-03-14 12:29 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2013-03-14 12:28 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
    2013-03-14 12:28 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2013-03-14 12:28 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2013-03-14 12:28 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2013-03-14 12:28 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2013-03-14 12:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2013-03-14 12:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2013-03-14 12:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2013-03-14 12:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2013-03-14 12:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2013-03-14 12:13 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2013-03-14 12:13 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2013-03-14 12:13 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2013-03-14 12:12 - 2013-03-14 12:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
    2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
    2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-14 11:24 - 2012-12-14 12:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-03-14 11:21 - 2013-03-14 11:22 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2013-03-14 10:27 - 2013-03-14 10:33 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
    2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
    2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
    2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
    2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
    2013-03-14 09:40 - 2013-03-18 11:20 - 00000000 ____D C:\users\Administrator
    2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2013-03-14 09:40 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
    2013-03-14 09:21 - 2013-03-14 09:22 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
    2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
    2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
    2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
    2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
    2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
    2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
    2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
    2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
    2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
    2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
    2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
    2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
    2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
    2013-02-28 06:38 - 2013-02-28 06:38 - 00000000 ____D C:\ProgramData\Ask
    2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
    2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
    2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
    2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
    2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
    2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
    2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

    ==================== One Month Modified Files and Folders =======

    2013-03-19 15:30 - 2013-03-19 15:30 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2013-03-19 12:33 - 2013-03-19 12:33 - 00108840 ____A C:\Users\Administrator.skelce-l7\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\Documents\Bluetooth Exchange Folder
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Roaming\Creative
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Broadcom
    2013-03-19 12:32 - 2013-03-19 12:32 - 00000020 ___SH C:\Users\Administrator.skelce-l7\ntuser.ini
    2013-03-19 12:32 - 2013-03-19 12:32 - 00000000 ____D C:\users\Administrator.skelce-l7
    2013-03-19 12:25 - 2013-03-19 12:25 - 00021054 ____A C:\ComboFix.txt
    2013-03-19 12:25 - 2013-03-18 10:10 - 00000000 ____D C:\Qoobox
    2013-03-19 12:20 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2013-03-19 12:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-03-19 12:18 - 2009-07-13 20:51 - 00055827 ____A C:\Windows\setupact.log
    2013-03-19 12:17 - 2011-10-21 05:47 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-03-19 12:17 - 2010-11-20 19:47 - 00029564 ____A C:\Windows\PFRO.log
    2013-03-19 12:16 - 2013-03-18 11:28 - 00000000 ____D C:\Windows\erdnt
    2013-03-19 12:16 - 2009-07-13 18:34 - 68464640 ____A C:\Windows\System32\config\SOFTWARE.bak
    2013-03-19 12:16 - 2009-07-13 18:34 - 14417920 ____A C:\Windows\System32\config\SYSTEM.bak
    2013-03-19 12:16 - 2009-07-13 18:34 - 00335872 ____A C:\Windows\System32\config\DEFAULT.bak
    2013-03-19 12:16 - 2009-07-13 18:34 - 00061440 ____A C:\Windows\System32\config\SAM.bak
    2013-03-19 12:16 - 2009-07-13 18:34 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
    2013-03-19 12:10 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-03-19 12:10 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-03-19 12:07 - 2013-03-19 12:06 - 05041561 ____R (Swearware) C:\Users\Administrator.skelce-l7\Desktop\ComboFix.exe
    2013-03-19 12:05 - 2013-03-19 12:05 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Google
    2013-03-19 12:05 - 2009-07-13 21:13 - 00796280 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
    2013-03-18 13:12 - 2011-10-12 07:07 - 02030933 ____A C:\Windows\WindowsUpdate.log
    2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
    2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
    2013-03-18 12:32 - 2011-10-20 12:46 - 00000224 ____A C:\Windows\System32\config\netlogon.ftl
    2013-03-18 11:38 - 2011-10-21 10:47 - 00000000 ____D C:\users\skelce.LYRIX
    2013-03-18 11:27 - 2011-10-21 05:47 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-03-18 11:20 - 2013-03-14 09:40 - 00000000 ____D C:\users\Administrator
    2013-03-18 11:18 - 2011-10-21 05:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-03-18 11:18 - 2011-10-20 12:48 - 00000000 ____D C:\users\tlesniak
    2013-03-18 11:18 - 2011-10-20 12:17 - 00000000 ____D C:\users\skelce
    2013-03-18 11:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-03-18 06:27 - 2009-07-13 20:45 - 00412624 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-03-15 06:10 - 2012-01-11 09:25 - 00000000 __SHD C:\Users\skelce.LYRIX\AppData\Local\{43c45790-a302-66a2-21db-bedf28d52ae1}
    2013-03-15 06:09 - 2011-10-21 08:06 - 00000039 ____A C:\Windows\vbaddin.ini
    2013-03-15 06:09 - 2011-10-21 06:07 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-03-15 06:08 - 2011-02-10 06:33 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
    2013-03-15 05:30 - 2013-03-15 05:28 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
    2013-03-15 05:28 - 2013-03-15 05:24 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
    2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
    2013-03-15 05:24 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
    2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2013-03-14 13:09 - 2013-03-14 13:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
    2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
    2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
    2013-03-14 12:13 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-03-14 12:13 - 2011-10-21 05:31 - 00001945 ____A C:\Windows\epplauncher.mif
    2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-03-14 12:03 - 2011-10-21 05:39 - 00000000 ____D C:\ProgramData\Adobe
    2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
    2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
    2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-14 11:22 - 2013-03-14 11:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2013-03-14 10:33 - 2013-03-14 10:27 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-03-14 10:28 - 2012-07-18 09:59 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
    2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
    2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
    2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
    2013-03-14 10:05 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
    2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2013-03-14 09:22 - 2013-03-14 09:21 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
    2013-03-14 09:17 - 2011-10-21 11:14 - 00000000 ____D C:\Users\skelce.LYRIX\AppData\Roaming\Skinux
    2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
    2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
    2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
    2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
    2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
    2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
    2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
    2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
    2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
    2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
    2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
    2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
    2013-03-04 10:53 - 2011-10-21 10:08 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-02-28 09:45 - 2011-10-21 10:19 - 00000000 ____D C:\Users\tlesniak\AppData\Roaming\Skinux
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
    2013-02-28 09:11 - 2011-10-21 05:48 - 00002261 ____A C:\Users\tlesniak\Desktop\Google Chrome.lnk
    2013-02-28 09:11 - 2011-10-20 12:49 - 00108840 ____A C:\Users\tlesniak\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
    2013-02-28 08:49 - 2012-04-20 07:22 - 00012389 ____A C:\Users\skelce.LYRIX\Desktop\EE Stock Ownership Addresses.xlsx
    2013-02-28 06:38 - 2013-02-28 06:38 - 00000000 ____D C:\ProgramData\Ask
    2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-02-28 06:37 - 2011-10-12 07:16 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
    2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
    2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
    2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
    2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
    2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
    2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-01-18 07:54:32
    Restore point made on: 2013-02-13 13:22:03
    Restore point made on: 2013-02-28 06:36:48
    Restore point made on: 2013-02-28 06:37:22
    Restore point made on: 2013-03-14 12:00:32
    Restore point made on: 2013-03-14 12:02:54
    Restore point made on: 2013-03-14 12:04:58
    Restore point made on: 2013-03-14 12:18:28
    Restore point made on: 2013-03-15 05:22:18
    Restore point made on: 2013-03-18 06:36:34
    Restore point made on: 2013-03-18 10:04:27
    Restore point made on: 2013-03-18 11:13:04
    Restore point made on: 2013-03-19 12:04:03

    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 3992.93 MB
    Available physical RAM: 3351.72 MB
    Total Pagefile: 3991.13 MB
    Available Pagefile: 3338.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:286.29 GB) (Free:233.22 GB) NTFS
    3 Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (RECOVERY) (Fixed) (Total:11.76 GB) (Free:5.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 1920 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 1A17B0CE

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 11 GB 40 MB
    Partition 3 Primary 286 GB 11 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 11 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 286 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 00000001

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 1920 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    =========================================================
    ============================== MBR Partition Table ==================

    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: 1A17B0CE

    Partition 1:
    =========
    Hex: 00010100DEFE3F043F00000086390100
    Active: NO
    Type: DE
    Size: 39 MB

    Partition 2:
    =========
    Hex: 8019150507FEFFFF0040010000607801
    Active: YES
    Type: 07 (NTFS)
    Size: 12 GB

    Partition 3:
    =========
    Hex: 00FEFFFF07FEFFFF00A079010040C923
    Active: NO
    Type: 07 (NTFS)
    Size: 286 GB

    ==============================
    Partitions of Disk 1:
    ===============
    Disk ID: 6F20736B

    Partition 1:
    =========
    Hex: 6F74686572206D656469612EFF0D0A44
    Active: NO
    Type: 72
    Size: 544 GB

    Partition 2:
    =========
    Hex: 69736B206572726F72FF0D0A50726573
    Active: NO
    Type: 65
    Size: 923 GB

    Partition 3:
    =========
    Hex: 7320616E79206B657920746F20726573
    Active: NO
    Type: 79
    Size: 923 GB

    Partition 4:
    =========
    Hex: 746172740D0A00000000000000ACCBD8
    Active: NO
    Type: 0D
    Size: -336763289600 byte


    Last Boot: 2013-03-05 08:03

    ==================== End Of Log =============================
     
  24. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

  25. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    I am able to login when booting normally. Here is the fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
    Ran by SYSTEM at 2013-03-19 16:45:11 Run:2
    Running from F:\

    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.