Sirefef

Solved
By Michelle DM
Sep 12, 2012
Topic Status:
Not open for further replies.
  1. Hi -- I'm Michelle, and I have the dreaded Sirefef virus that is going around. Thanks to all of you who help us fix these problems. So much of my life is dependent on my computer, I really appreciate folks like you that are willing to help me. I have run Malwarebytes, GMER and DDS. The logs are posted. GMER didn't find anything. Please let me know what I else I need to do.

    I am having difficulty posting all the logs here. I'm going to split them up.

    Originally MSE was rebooting every minute. I performed a system restore so I could access my computer. I am currently unable to turn MSE back on. The only protection I'm currently using is spybot.


    Malwarebytes log


    Malwarebytes Anti-Malware (Trial) 1.65.0.1400

    www.malwarebytes.org



    Database version: v2012.09.12.05



    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Michelle :: MOHRKNOWLEDGE [administrator]



    Protection: Enabled



    9/12/2012 9:29:18 AM

    mbam-log-2012-09-12 (09-29-18).txt



    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 205021

    Time elapsed: 2 minute(s), 54 second(s)



    Memory Processes Detected: 0

    (No malicious items detected)



    Memory Modules Detected: 0

    (No malicious items detected)



    Registry Keys Detected: 0

    (No malicious items detected)



    Registry Values Detected: 0

    (No malicious items detected)



    Registry Data Items Detected: 0

    (No malicious items detected)



    Folders Detected: 0

    (No malicious items detected)



    Files Detected: 1

    C:\Windows\Installer\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.



    (end)
  2. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Michelle at 10:32:57 on 2012-09-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.3473 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Michelle\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Users\Michelle\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
    C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.thepioneerwoman.com/
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>??????††††??????=:????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Akamai NetSession Interface] "C:\Users\Michelle\AppData\Local\Akamai\netsession_win.exe"
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: C:\Users\Michelle\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    TCP: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
    TCP: Interfaces\{E74C614E-820D-41E0-8100-09B18428123B} : DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-9 1692480]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-5 136176]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-5 1153368]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257224]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-5 136176]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-12 16:29:47 -------- d-----w- C:\Users\Michelle\AppData\Local\Diagnostics
    2012-09-12 14:01:00 -------- d-----w- C:\Users\Michelle\AppData\Local\{5234769B-7027-41D3-B64A-F895E6FCACAD}
    2012-09-11 20:22:57 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Malwarebytes
    2012-09-11 20:22:54 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-11 20:22:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-11 20:22:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-11 20:09:18 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-11 20:09:06 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-11 17:56:01 -------- d-----w- C:\Users\Michelle\AppData\Local\{F5CD9970-7E2C-48BB-BD7C-1271ADD6C3D8}
    2012-09-11 05:55:36 -------- d-----w- C:\Users\Michelle\AppData\Local\{1DF1B03E-0845-4EA6-9D0A-AD9F28BFD83C}
    2012-09-11 05:35:33 -------- d-----w- C:\Users\Michelle\AppData\Local\{BAF82802-A643-4411-92E8-F487D3CB7CC2}
    2012-09-11 02:21:02 -------- d-----w- C:\Fingertapps
    2012-09-10 19:30:31 -------- d-----w- C:\Users\Michelle\AppData\Local\{06F3F3F4-3A6D-4E4A-B36B-568F05F547F6}
    2012-09-10 04:43:01 -------- d-----w- C:\Users\Michelle\AppData\Local\{EBB8BF88-1EAD-4AEF-B24E-BA361B58E0ED}
    2012-09-09 16:42:37 -------- d-----w- C:\Users\Michelle\AppData\Local\{EFC38CFD-369E-4670-852A-7F38C1E95CA6}
    2012-09-09 04:01:11 -------- d-----w- C:\Users\Michelle\AppData\Local\{3D71F696-4C88-4E0A-9D1F-FB319B3BC91C}
    2012-09-08 16:00:47 -------- d-----w- C:\Users\Michelle\AppData\Local\{8C553C67-79B8-4C76-9CCE-10DE143C82C4}
    2012-09-08 03:53:59 -------- d-----w- C:\Users\Michelle\AppData\Local\{BF174EB7-C6F6-43A7-9FBB-95787AA9F419}
    2012-09-07 15:13:59 -------- d-----w- C:\Users\Michelle\AppData\Local\{C80BF58B-06FD-4F8A-AEAA-67790ACF6E5E}
    2012-09-07 03:13:34 -------- d-----w- C:\Users\Michelle\AppData\Local\{69A3EDB3-2AC2-48F2-8FC9-740B987816AC}
    2012-09-06 15:13:10 -------- d-----w- C:\Users\Michelle\AppData\Local\{8BD0F93E-954B-46A2-AB08-FC2243EC3E19}
    2012-09-06 03:12:45 -------- d-----w- C:\Users\Michelle\AppData\Local\{0D8EB0AD-3A56-423D-941B-B9C2DFC4F5CD}
    2012-09-05 13:51:25 -------- d-----w- C:\Users\Michelle\AppData\Local\{FFB4A812-FDB0-4200-BE2C-3CAB14195041}
    2012-09-05 01:51:00 -------- d-----w- C:\Users\Michelle\AppData\Local\{228E079C-3E3D-4B6E-A043-837819E6133D}
    2012-09-04 13:50:35 -------- d-----w- C:\Users\Michelle\AppData\Local\{1B2927D4-ADF5-40BC-AF3B-9168F0EDF066}
    2012-09-03 17:06:50 -------- d-----w- C:\Users\Michelle\AppData\Local\{F093C4C0-D3F3-439A-838F-5E61C5D9ABC7}
    2012-09-03 04:51:08 -------- d-----w- C:\Users\Michelle\AppData\Local\{4B156874-B7A0-4454-B931-D52081FF68EC}
    2012-09-02 16:50:56 -------- d-----w- C:\Users\Michelle\AppData\Local\{30265460-8FBC-49C8-97CA-759F42870E6E}
    2012-09-01 17:53:00 -------- d-----w- C:\Users\Michelle\AppData\Local\{D789A390-DB01-41BC-B3D3-0D487816A11C}
    2012-09-01 05:52:36 -------- d-----w- C:\Users\Michelle\AppData\Local\{62A06FB4-4AB2-47DF-8AB8-E79FE71C09A6}
    2012-08-31 16:16:45 -------- d-----w- C:\Users\Michelle\AppData\Local\{88E4F2DC-4171-42AD-AC5A-763BDEE7A5F7}
    2012-08-31 04:16:21 -------- d-----w- C:\Users\Michelle\AppData\Local\{B4E072A8-2C40-4A97-8808-518E632B7487}
    2012-08-30 16:12:26 -------- d-----w- C:\Users\Michelle\AppData\Local\{EE747EF6-5B3D-4937-8176-9BA725D8E320}
    2012-08-30 04:02:22 -------- d-----w- C:\Users\Michelle\AppData\Local\{B3153357-B19E-45EF-B4BC-977828F554A2}
    2012-08-29 15:24:42 -------- d-----w- C:\Users\Michelle\AppData\Local\{41F3149A-CD4D-4D27-A586-01001EFB77EF}
    2012-08-29 03:24:18 -------- d-----w- C:\Users\Michelle\AppData\Local\{534B4FBB-F8E3-4B1E-8FFE-E8BFC5966F2C}
    2012-08-28 13:51:15 -------- d-----w- C:\Users\Michelle\AppData\Local\{09F18A36-A7F4-4C9B-A7B4-8DEE8705BCC9}
    2012-08-28 01:07:22 -------- d-----w- C:\Users\Michelle\AppData\Local\{F7B95F7F-1DFF-4D24-86CE-FCCA10D6FE04}
    2012-08-27 13:07:10 -------- d-----w- C:\Users\Michelle\AppData\Local\{D3520539-6E97-4336-9F95-4FE4A16B0262}
    2012-08-26 14:48:04 -------- d-----w- C:\Users\Michelle\AppData\Local\{9B1D7DB8-CD96-4F6B-9E34-805D8E81D96D}
    2012-08-25 16:59:09 -------- d-----w- C:\Users\Michelle\AppData\Local\{4AE8FC28-5575-4099-A846-3B14FF2498FA}
    2012-08-25 04:49:01 -------- d-----w- C:\Users\Michelle\AppData\Local\{9DCFC2C6-99F7-4E71-ADD0-A27F45301A06}
    2012-08-24 16:12:05 -------- d-----w- C:\Users\Michelle\AppData\Local\{A566BA30-3C3C-4B96-84A6-7F38AE321D41}
    2012-08-24 04:11:41 -------- d-----w- C:\Users\Michelle\AppData\Local\{DC82ED4E-208D-46AF-9453-51AF697073C2}
    2012-08-23 16:03:17 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
    2012-08-23 15:08:51 -------- d-----w- C:\Users\Michelle\AppData\Local\{7764D668-AF94-4559-9CE3-6B7F973CE5CF}
    2012-08-23 03:08:26 -------- d-----w- C:\Users\Michelle\AppData\Local\{CAD485D9-A7EA-4D80-9494-3E2AC6B370C2}
    2012-08-22 15:08:02 -------- d-----w- C:\Users\Michelle\AppData\Local\{83E5BBB4-1B7C-48D5-8961-9559008DF1E0}
    2012-08-22 03:07:37 -------- d-----w- C:\Users\Michelle\AppData\Local\{90458190-21BE-442E-B690-0DF914A8E993}
    2012-08-21 14:53:38 -------- d-----w- C:\Users\Michelle\AppData\Local\{38BC38ED-DDD2-4C6C-BA29-673C879FFE95}
    2012-08-21 02:53:13 -------- d-----w- C:\Users\Michelle\AppData\Local\{F9BBEC10-41C4-42C4-8919-77861AA17C4C}
    2012-08-20 13:59:21 -------- d-----w- C:\Users\Michelle\AppData\Local\{F9C91502-64D7-4C9F-808C-75294562DA88}
    2012-08-19 19:13:07 -------- d-----w- C:\Users\Michelle\AppData\Local\{46652F52-E69F-401B-958B-3DFF31D6134A}
    2012-08-18 23:36:51 -------- d-----w- C:\Users\Michelle\AppData\Local\{DB0C43B9-D7EE-494F-8D1A-55EAE6251497}
    2012-08-18 05:39:07 -------- d-----w- C:\Users\Michelle\AppData\Local\{B00FBE42-75B7-4D2B-8C13-E7E03C0DE0AE}
    2012-08-17 16:26:24 -------- d-----w- C:\Users\Michelle\AppData\Local\{5A80C4FF-1BBC-4773-A4D4-0AA2DC7EBE1F}
    2012-08-17 16:26:11 -------- d-----w- C:\Users\Michelle\AppData\Local\{7D011289-7C62-4CCD-A65B-B18D4964F0A6}
    2012-08-17 02:30:19 -------- d-----w- C:\Users\Michelle\AppData\Local\{F067B32E-ED24-4F0C-AEC2-FB55FF8A4EF1}
    2012-08-17 02:30:07 -------- d-----w- C:\Users\Michelle\AppData\Local\{2A2F7C82-04B6-4FFA-93FC-A25E3A3F79F5}
    2012-08-16 14:00:29 -------- d-----w- C:\Users\Michelle\AppData\Local\{DE327CF7-736B-44E1-9327-4F358938957A}
    2012-08-16 14:00:18 -------- d-----w- C:\Users\Michelle\AppData\Local\{2B19C6E4-3588-438A-B6EE-9F0803698D1B}
    2012-08-16 01:59:52 -------- d-----w- C:\Users\Michelle\AppData\Local\{BB622F12-51AB-4B25-A21D-1300E9D1513B}
    2012-08-16 01:59:41 -------- d-----w- C:\Users\Michelle\AppData\Local\{723B5100-0931-44ED-AFE8-7535F7E66108}
    2012-08-15 13:59:11 -------- d-----w- C:\Users\Michelle\AppData\Local\{6A9DF41D-7CA1-4D2C-BBB4-7296B81003B5}
    2012-08-15 13:59:00 -------- d-----w- C:\Users\Michelle\AppData\Local\{A8C24B01-D076-4EFF-85DD-35484B5DC82C}
    2012-08-14 23:32:42 -------- d-----w- C:\Users\Michelle\AppData\Local\{EE185CE7-0449-464F-868F-C0CBF4FEB04D}
    2012-08-14 23:32:30 -------- d-----w- C:\Users\Michelle\AppData\Local\{494F4CC5-1426-4956-BBE2-F26FA6B324EC}
    2012-08-14 03:18:12 -------- d-----w- C:\Users\Michelle\AppData\Local\{C8724806-B692-4773-8F3E-E1669714BD69}
    2012-08-14 03:18:00 -------- d-----w- C:\Users\Michelle\AppData\Local\{3C47157F-55E4-45BB-8625-6DECAE072898}
    2012-08-13 22:37:47 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    .
    ==================== Find3M ====================
    .
    2012-08-14 02:10:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-14 02:10:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 10:33:51.22 ===============
  3. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/15/2011 10:34:30 AM
    System Uptime: 9/12/2012 7:53:25 AM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 04GJJT
    Processor: AMD Athlon(tm) II X4 645 Processor | CPU 1 | 3100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 917 GiB total, 848.06 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP157: 8/13/2012 9:00:35 AM - Windows Update
    RP158: 8/20/2012 7:50:04 PM - Scheduled Checkpoint
    RP159: 8/28/2012 11:29:55 AM - Scheduled Checkpoint
    RP160: 9/5/2012 7:52:28 AM - Scheduled Checkpoint
    RP161: 9/11/2012 2:01:44 PM - Removed Java(TM) 6 Update 31
    RP162: 9/11/2012 2:03:43 PM - Removed Java(TM) 6 Update 24 (64-bit)
    RP163: 9/11/2012 2:04:30 PM - Removed Java(TM) 6 Update 22
    RP164: 9/11/2012 2:08:48 PM - Installed Java 7 Update 7
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.3) MUI
    Akamai NetSession Interface
    Amazon MP3 Downloader 1.0.15
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    Artweaver 1.0
    ATI Catalyst Control Center
    Bing Bar
    Bing Rewards Client Installer
    Blio
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Consumer In-Home Service Agreement
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Digital Delivery
    Dell Getting Started Guide
    Dell Marketplace Webslice IE8
    Dell MusicStage
    Dell PhotoStage
    Dell Stage
    Dell VideoStage
    DirectX 9 Runtime
    eBay
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    High-Definition Video Playback
    Internet Explorer
    Java 7 Update 7
    Java Auto Updater
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.0.1400
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    OpenOffice.org 3.3
    Photo Expressions
    PhotoShowExpress
    PlayReady PC Runtime x86
    PrintMaster 2012 Platinum
    Quicken 2011
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Serif CraftArtist Professional
    Sheet Music Plus Digital Print
    Skins
    Skype Toolbars
    Skype™ 4.2
    Sonic CinePlayer Decoder Pack
    Spybot - Search & Destroy
    SyncUP
    TrustedID
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Detect
    Zinio Reader 4
    .
  4. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    ==== Event Viewer Messages From Past Week ========
    .
    9/12/2012 7:56:31 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
    9/12/2012 7:53:42 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    9/12/2012 7:53:42 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    9/12/2012 7:53:42 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    9/12/2012 7:53:41 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    9/12/2012 10:29:50 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    9/12/2012 10:29:50 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    9/11/2012 11:55:42 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    9/11/2012 11:55:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/11/2012 11:55:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/11/2012 11:55:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/11/2012 11:55:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/11/2012 11:55:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/11/2012 11:55:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/11/2012 11:55:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/11/2012 11:55:28 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    9/10/2012 9:49:58 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:556 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:47:12 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:556 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:44:43 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:556 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:43:55 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:588 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:42:15 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:556 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:41:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
    9/10/2012 9:41:34 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    9/10/2012 9:41:34 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/10/2012 9:39:45 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:552 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:39:38 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:560 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
  5. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    9/10/2012 9:36:38 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:33:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.873.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/10/2012 9:33:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.873.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/10/2012 9:33:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.873.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/10/2012 9:33:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.873.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/10/2012 9:33:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.873.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/10/2012 9:32:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/10/2012 9:31:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/10/2012 9:23:38 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:556 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:21:17 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:21:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/10/2012 9:21:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/10/2012 9:18:57 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:596 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:13:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:588 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 9:09:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:600 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 8:52:09 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:600 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 8:49:58 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:604 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 8:22:10 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 8:20:02 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:544 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 8:18:05 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:592 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 8:14:25 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/10/2012 8:14:25 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/10/2012 8:14:25 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/10/2012 8:14:25 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
    9/10/2012 8:14:25 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
    9/10/2012 8:14:25 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
    9/10/2012 8:14:25 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    9/10/2012 8:14:25 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
    9/10/2012 7:45:47 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:596 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 7:45:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/10/2012 7:38:26 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:428 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/10/2012 2:42:10 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:600 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 2:39:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 2:37:16 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 2:34:59 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:544 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 2:34:49 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x800706ba'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    9/10/2012 2:33:09 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80080005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    9/10/2012 2:32:44 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 2:30:20 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:428 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/10/2012 2:28:01 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 2:27:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    9/10/2012 2:25:25 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 2:06:21 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 2:03:46 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:552 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 2:01:22 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:428 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/10/2012 2:00:46 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    9/10/2012 11:45:28 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:552 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 11:35:22 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:552 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 11:32:25 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:592 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 10:11:33 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 10:11:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x800706ba'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    9/10/2012 1:58:43 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:588 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 1:58:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    9/10/2012 1:54:21 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:464 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/10/2012 1:51:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:432 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/10/2012 1:39:37 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:544 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 1:32:43 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:548 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/10/2012 1:32:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007051b'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    9/10/2012 1:30:26 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:588 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.873.0, AS: 1.135.873.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    .
    ==== End Of File ===========================
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  7. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    Thanks so much for your quick response. I have not asked for help at another forum and I will not!
    FRST log
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2012
    Ran by SYSTEM at 12-09-2012 12:12:15
    Running from I:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8321568 2009-11-09] (Realtek Semiconductor)
    HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-14] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
    HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [75064 2011-07-07] ()
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKU\Michelle\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-05] (Google Inc.)
    HKU\Michelle\...\Run: [Akamai NetSession Interface] "C:\Users\Michelle\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)
    HKU\Michelle\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1089608 2012-09-07] (Malwarebytes Corporation)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 69.145.248.4 69.146.17.2 69.144.49.29
    Startup: C:\Users\Michelle\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    ==================== Services ====================
    2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [148360 2011-03-24] (Dell Products, LP.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    ==================== Drivers =================================
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
    3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
    ==================== NetSvcs (Whitelisted) =================

    ==================== One Month Created Files and Folders ======================
    2012-09-12 11:55 - 2012-09-12 12:04 - 00000000 ____D C:\FRST
    2012-09-12 11:32 - 2012-09-12 11:32 - 00607260 ____R (Swearware) C:\Users\Michelle\Downloads\dds.scr
    2012-09-12 10:44 - 2012-09-12 10:44 - 00294216 ____A C:\Users\Michelle\Downloads\gmer.zip
    2012-09-12 09:01 - 2012-09-12 09:01 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{5234769B-7027-41D3-B64A-F895E6FCACAD}
    2012-09-12 09:01 - 2012-09-12 09:01 - 00000000 ____D C:\Users\Michelle\Local Settings\{5234769B-7027-41D3-B64A-F895E6FCACAD}
    2012-09-12 09:01 - 2012-09-12 09:01 - 00000000 ____D C:\Users\Michelle\AppData\Local\{5234769B-7027-41D3-B64A-F895E6FCACAD}
    2012-09-11 15:22 - 2012-09-11 15:22 - 00000000 ____D C:\Users\Michelle\Application Data\Malwarebytes
    2012-09-11 15:22 - 2012-09-11 15:22 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes
    2012-09-11 15:22 - 2012-09-11 15:22 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-11 15:22 - 2012-09-11 15:22 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-09-11 15:22 - 2012-09-11 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-11 15:22 - 2012-09-07 18:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-11 15:09 - 2012-09-11 15:09 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-09-11 15:09 - 2012-09-11 15:09 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-09-11 15:09 - 2012-09-11 15:09 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-11 15:09 - 2012-09-11 15:09 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-11 15:09 - 2012-09-11 15:09 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-11 12:56 - 2012-09-11 12:56 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{F5CD9970-7E2C-48BB-BD7C-1271ADD6C3D8}
    2012-09-11 12:56 - 2012-09-11 12:56 - 00000000 ____D C:\Users\Michelle\Local Settings\{F5CD9970-7E2C-48BB-BD7C-1271ADD6C3D8}
    2012-09-11 12:56 - 2012-09-11 12:56 - 00000000 ____D C:\Users\Michelle\AppData\Local\{F5CD9970-7E2C-48BB-BD7C-1271ADD6C3D8}
    2012-09-11 00:55 - 2012-09-11 00:55 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{1DF1B03E-0845-4EA6-9D0A-AD9F28BFD83C}
    2012-09-11 00:55 - 2012-09-11 00:55 - 00000000 ____D C:\Users\Michelle\Local Settings\{1DF1B03E-0845-4EA6-9D0A-AD9F28BFD83C}
    2012-09-11 00:55 - 2012-09-11 00:55 - 00000000 ____D C:\Users\Michelle\AppData\Local\{1DF1B03E-0845-4EA6-9D0A-AD9F28BFD83C}
    2012-09-11 00:35 - 2012-09-11 00:35 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{BAF82802-A643-4411-92E8-F487D3CB7CC2}
    2012-09-11 00:35 - 2012-09-11 00:35 - 00000000 ____D C:\Users\Michelle\Local Settings\{BAF82802-A643-4411-92E8-F487D3CB7CC2}
    2012-09-11 00:35 - 2012-09-11 00:35 - 00000000 ____D C:\Users\Michelle\AppData\Local\{BAF82802-A643-4411-92E8-F487D3CB7CC2}
    2012-09-10 14:30 - 2012-09-10 14:30 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{06F3F3F4-3A6D-4E4A-B36B-568F05F547F6}
    2012-09-10 14:30 - 2012-09-10 14:30 - 00000000 ____D C:\Users\Michelle\Local Settings\{06F3F3F4-3A6D-4E4A-B36B-568F05F547F6}
    2012-09-10 14:30 - 2012-09-10 14:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\{06F3F3F4-3A6D-4E4A-B36B-568F05F547F6}
    2012-09-09 23:43 - 2012-09-09 23:43 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{EBB8BF88-1EAD-4AEF-B24E-BA361B58E0ED}
    2012-09-09 23:43 - 2012-09-09 23:43 - 00000000 ____D C:\Users\Michelle\Local Settings\{EBB8BF88-1EAD-4AEF-B24E-BA361B58E0ED}
    2012-09-09 23:43 - 2012-09-09 23:43 - 00000000 ____D C:\Users\Michelle\AppData\Local\{EBB8BF88-1EAD-4AEF-B24E-BA361B58E0ED}
    2012-09-09 11:42 - 2012-09-09 11:42 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{EFC38CFD-369E-4670-852A-7F38C1E95CA6}
    2012-09-09 11:42 - 2012-09-09 11:42 - 00000000 ____D C:\Users\Michelle\Local Settings\{EFC38CFD-369E-4670-852A-7F38C1E95CA6}
    2012-09-09 11:42 - 2012-09-09 11:42 - 00000000 ____D C:\Users\Michelle\AppData\Local\{EFC38CFD-369E-4670-852A-7F38C1E95CA6}
    2012-09-08 23:01 - 2012-09-08 23:01 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{3D71F696-4C88-4E0A-9D1F-FB319B3BC91C}
    2012-09-08 23:01 - 2012-09-08 23:01 - 00000000 ____D C:\Users\Michelle\Local Settings\{3D71F696-4C88-4E0A-9D1F-FB319B3BC91C}
    2012-09-08 23:01 - 2012-09-08 23:01 - 00000000 ____D C:\Users\Michelle\AppData\Local\{3D71F696-4C88-4E0A-9D1F-FB319B3BC91C}
    2012-09-08 11:00 - 2012-09-08 11:00 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{8C553C67-79B8-4C76-9CCE-10DE143C82C4}
    2012-09-08 11:00 - 2012-09-08 11:00 - 00000000 ____D C:\Users\Michelle\Local Settings\{8C553C67-79B8-4C76-9CCE-10DE143C82C4}
    2012-09-08 11:00 - 2012-09-08 11:00 - 00000000 ____D C:\Users\Michelle\AppData\Local\{8C553C67-79B8-4C76-9CCE-10DE143C82C4}
    2012-09-07 22:53 - 2012-09-07 22:54 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{BF174EB7-C6F6-43A7-9FBB-95787AA9F419}
    2012-09-07 22:53 - 2012-09-07 22:54 - 00000000 ____D C:\Users\Michelle\Local Settings\{BF174EB7-C6F6-43A7-9FBB-95787AA9F419}
    2012-09-07 22:53 - 2012-09-07 22:54 - 00000000 ____D C:\Users\Michelle\AppData\Local\{BF174EB7-C6F6-43A7-9FBB-95787AA9F419}
    2012-09-07 10:13 - 2012-09-07 10:14 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{C80BF58B-06FD-4F8A-AEAA-67790ACF6E5E}
    2012-09-07 10:13 - 2012-09-07 10:14 - 00000000 ____D C:\Users\Michelle\Local Settings\{C80BF58B-06FD-4F8A-AEAA-67790ACF6E5E}
    2012-09-07 10:13 - 2012-09-07 10:14 - 00000000 ____D C:\Users\Michelle\AppData\Local\{C80BF58B-06FD-4F8A-AEAA-67790ACF6E5E}
    2012-09-06 22:13 - 2012-09-06 22:13 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{69A3EDB3-2AC2-48F2-8FC9-740B987816AC}
    2012-09-06 22:13 - 2012-09-06 22:13 - 00000000 ____D C:\Users\Michelle\Local Settings\{69A3EDB3-2AC2-48F2-8FC9-740B987816AC}
    2012-09-06 22:13 - 2012-09-06 22:13 - 00000000 ____D C:\Users\Michelle\AppData\Local\{69A3EDB3-2AC2-48F2-8FC9-740B987816AC}
    2012-09-06 10:13 - 2012-09-06 10:13 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{8BD0F93E-954B-46A2-AB08-FC2243EC3E19}
    2012-09-06 10:13 - 2012-09-06 10:13 - 00000000 ____D C:\Users\Michelle\Local Settings\{8BD0F93E-954B-46A2-AB08-FC2243EC3E19}
    2012-09-06 10:13 - 2012-09-06 10:13 - 00000000 ____D C:\Users\Michelle\AppData\Local\{8BD0F93E-954B-46A2-AB08-FC2243EC3E19}
    2012-09-05 22:12 - 2012-09-05 22:12 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{0D8EB0AD-3A56-423D-941B-B9C2DFC4F5CD}
    2012-09-05 22:12 - 2012-09-05 22:12 - 00000000 ____D C:\Users\Michelle\Local Settings\{0D8EB0AD-3A56-423D-941B-B9C2DFC4F5CD}
    2012-09-05 22:12 - 2012-09-05 22:12 - 00000000 ____D C:\Users\Michelle\AppData\Local\{0D8EB0AD-3A56-423D-941B-B9C2DFC4F5CD}
    2012-09-05 08:51 - 2012-09-05 08:51 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{FFB4A812-FDB0-4200-BE2C-3CAB14195041}
    2012-09-05 08:51 - 2012-09-05 08:51 - 00000000 ____D C:\Users\Michelle\Local Settings\{FFB4A812-FDB0-4200-BE2C-3CAB14195041}
    2012-09-05 08:51 - 2012-09-05 08:51 - 00000000 ____D C:\Users\Michelle\AppData\Local\{FFB4A812-FDB0-4200-BE2C-3CAB14195041}
    2012-09-04 20:51 - 2012-09-04 20:51 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{228E079C-3E3D-4B6E-A043-837819E6133D}
    2012-09-04 20:51 - 2012-09-04 20:51 - 00000000 ____D C:\Users\Michelle\Local Settings\{228E079C-3E3D-4B6E-A043-837819E6133D}
    2012-09-04 20:51 - 2012-09-04 20:51 - 00000000 ____D C:\Users\Michelle\AppData\Local\{228E079C-3E3D-4B6E-A043-837819E6133D}
    2012-09-04 08:50 - 2012-09-04 08:50 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{1B2927D4-ADF5-40BC-AF3B-9168F0EDF066}
    2012-09-04 08:50 - 2012-09-04 08:50 - 00000000 ____D C:\Users\Michelle\Local Settings\{1B2927D4-ADF5-40BC-AF3B-9168F0EDF066}
    2012-09-04 08:50 - 2012-09-04 08:50 - 00000000 ____D C:\Users\Michelle\AppData\Local\{1B2927D4-ADF5-40BC-AF3B-9168F0EDF066}
    2012-09-03 12:06 - 2012-09-03 12:07 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{F093C4C0-D3F3-439A-838F-5E61C5D9ABC7}
    2012-09-03 12:06 - 2012-09-03 12:07 - 00000000 ____D C:\Users\Michelle\Local Settings\{F093C4C0-D3F3-439A-838F-5E61C5D9ABC7}
    2012-09-03 12:06 - 2012-09-03 12:07 - 00000000 ____D C:\Users\Michelle\AppData\Local\{F093C4C0-D3F3-439A-838F-5E61C5D9ABC7}
    2012-09-02 23:51 - 2012-09-02 23:51 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{4B156874-B7A0-4454-B931-D52081FF68EC}
    2012-09-02 23:51 - 2012-09-02 23:51 - 00000000 ____D C:\Users\Michelle\Local Settings\{4B156874-B7A0-4454-B931-D52081FF68EC}
    2012-09-02 23:51 - 2012-09-02 23:51 - 00000000 ____D C:\Users\Michelle\AppData\Local\{4B156874-B7A0-4454-B931-D52081FF68EC}
    2012-09-02 11:50 - 2012-09-02 11:51 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{30265460-8FBC-49C8-97CA-759F42870E6E}
    2012-09-02 11:50 - 2012-09-02 11:51 - 00000000 ____D C:\Users\Michelle\Local Settings\{30265460-8FBC-49C8-97CA-759F42870E6E}
    2012-09-02 11:50 - 2012-09-02 11:51 - 00000000 ____D C:\Users\Michelle\AppData\Local\{30265460-8FBC-49C8-97CA-759F42870E6E}
    2012-09-01 12:53 - 2012-09-01 12:53 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{D789A390-DB01-41BC-B3D3-0D487816A11C}
    2012-09-01 12:53 - 2012-09-01 12:53 - 00000000 ____D C:\Users\Michelle\Local Settings\{D789A390-DB01-41BC-B3D3-0D487816A11C}
    2012-09-01 12:53 - 2012-09-01 12:53 - 00000000 ____D C:\Users\Michelle\AppData\Local\{D789A390-DB01-41BC-B3D3-0D487816A11C}
    2012-09-01 00:52 - 2012-09-01 00:52 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{62A06FB4-4AB2-47DF-8AB8-E79FE71C09A6}
    2012-09-01 00:52 - 2012-09-01 00:52 - 00000000 ____D C:\Users\Michelle\Local Settings\{62A06FB4-4AB2-47DF-8AB8-E79FE71C09A6}
    2012-09-01 00:52 - 2012-09-01 00:52 - 00000000 ____D C:\Users\Michelle\AppData\Local\{62A06FB4-4AB2-47DF-8AB8-E79FE71C09A6}
    2012-08-31 11:16 - 2012-08-31 11:16 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{88E4F2DC-4171-42AD-AC5A-763BDEE7A5F7}
    2012-08-31 11:16 - 2012-08-31 11:16 - 00000000 ____D C:\Users\Michelle\Local Settings\{88E4F2DC-4171-42AD-AC5A-763BDEE7A5F7}
    2012-08-31 11:16 - 2012-08-31 11:16 - 00000000 ____D C:\Users\Michelle\AppData\Local\{88E4F2DC-4171-42AD-AC5A-763BDEE7A5F7}
    2012-08-30 23:16 - 2012-08-30 23:16 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{B4E072A8-2C40-4A97-8808-518E632B7487}
    2012-08-30 23:16 - 2012-08-30 23:16 - 00000000 ____D C:\Users\Michelle\Local Settings\{B4E072A8-2C40-4A97-8808-518E632B7487}
    2012-08-30 23:16 - 2012-08-30 23:16 - 00000000 ____D C:\Users\Michelle\AppData\Local\{B4E072A8-2C40-4A97-8808-518E632B7487}
    2012-08-30 11:12 - 2012-08-30 11:12 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{EE747EF6-5B3D-4937-8176-9BA725D8E320}
    2012-08-30 11:12 - 2012-08-30 11:12 - 00000000 ____D C:\Users\Michelle\Local Settings\{EE747EF6-5B3D-4937-8176-9BA725D8E320}
    2012-08-30 11:12 - 2012-08-30 11:12 - 00000000 ____D C:\Users\Michelle\AppData\Local\{EE747EF6-5B3D-4937-8176-9BA725D8E320}
    2012-08-29 23:02 - 2012-08-29 23:02 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{B3153357-B19E-45EF-B4BC-977828F554A2}
    2012-08-29 23:02 - 2012-08-29 23:02 - 00000000 ____D C:\Users\Michelle\Local Settings\{B3153357-B19E-45EF-B4BC-977828F554A2}
    2012-08-29 23:02 - 2012-08-29 23:02 - 00000000 ____D C:\Users\Michelle\AppData\Local\{B3153357-B19E-45EF-B4BC-977828F554A2}
    2012-08-29 10:24 - 2012-08-29 10:24 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{41F3149A-CD4D-4D27-A586-01001EFB77EF}
    2012-08-29 10:24 - 2012-08-29 10:24 - 00000000 ____D C:\Users\Michelle\Local Settings\{41F3149A-CD4D-4D27-A586-01001EFB77EF}
    2012-08-29 10:24 - 2012-08-29 10:24 - 00000000 ____D C:\Users\Michelle\AppData\Local\{41F3149A-CD4D-4D27-A586-01001EFB77EF}
    2012-08-28 22:24 - 2012-08-28 22:24 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{534B4FBB-F8E3-4B1E-8FFE-E8BFC5966F2C}
    2012-08-28 22:24 - 2012-08-28 22:24 - 00000000 ____D C:\Users\Michelle\Local Settings\{534B4FBB-F8E3-4B1E-8FFE-E8BFC5966F2C}
    2012-08-28 22:24 - 2012-08-28 22:24 - 00000000 ____D C:\Users\Michelle\AppData\Local\{534B4FBB-F8E3-4B1E-8FFE-E8BFC5966F2C}
    2012-08-28 08:51 - 2012-08-28 08:51 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{09F18A36-A7F4-4C9B-A7B4-8DEE8705BCC9}
    2012-08-28 08:51 - 2012-08-28 08:51 - 00000000 ____D C:\Users\Michelle\Local Settings\{09F18A36-A7F4-4C9B-A7B4-8DEE8705BCC9}
    2012-08-28 08:51 - 2012-08-28 08:51 - 00000000 ____D C:\Users\Michelle\AppData\Local\{09F18A36-A7F4-4C9B-A7B4-8DEE8705BCC9}
    2012-08-27 20:07 - 2012-08-27 20:07 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{F7B95F7F-1DFF-4D24-86CE-FCCA10D6FE04}
    2012-08-27 20:07 - 2012-08-27 20:07 - 00000000 ____D C:\Users\Michelle\Local Settings\{F7B95F7F-1DFF-4D24-86CE-FCCA10D6FE04}
    2012-08-27 20:07 - 2012-08-27 20:07 - 00000000 ____D C:\Users\Michelle\AppData\Local\{F7B95F7F-1DFF-4D24-86CE-FCCA10D6FE04}
    2012-08-27 08:07 - 2012-08-27 08:07 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{D3520539-6E97-4336-9F95-4FE4A16B0262}
    2012-08-27 08:07 - 2012-08-27 08:07 - 00000000 ____D C:\Users\Michelle\Local Settings\{D3520539-6E97-4336-9F95-4FE4A16B0262}
    2012-08-27 08:07 - 2012-08-27 08:07 - 00000000 ____D C:\Users\Michelle\AppData\Local\{D3520539-6E97-4336-9F95-4FE4A16B0262}
    2012-08-26 09:48 - 2012-08-26 09:48 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{9B1D7DB8-CD96-4F6B-9E34-805D8E81D96D}
    2012-08-26 09:48 - 2012-08-26 09:48 - 00000000 ____D C:\Users\Michelle\Local Settings\{9B1D7DB8-CD96-4F6B-9E34-805D8E81D96D}
    2012-08-26 09:48 - 2012-08-26 09:48 - 00000000 ____D C:\Users\Michelle\AppData\Local\{9B1D7DB8-CD96-4F6B-9E34-805D8E81D96D}
    2012-08-25 17:35 - 2012-08-25 17:35 - 00335258 ____A C:\Users\Michelle\My Documents\Mohr.homeschool.xps
    2012-08-25 17:35 - 2012-08-25 17:35 - 00335258 ____A C:\Users\Michelle\Documents\Mohr.homeschool.xps
    2012-08-25 11:59 - 2012-08-25 11:59 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{4AE8FC28-5575-4099-A846-3B14FF2498FA}
    2012-08-25 11:59 - 2012-08-25 11:59 - 00000000 ____D C:\Users\Michelle\Local Settings\{4AE8FC28-5575-4099-A846-3B14FF2498FA}
    2012-08-25 11:59 - 2012-08-25 11:59 - 00000000 ____D C:\Users\Michelle\AppData\Local\{4AE8FC28-5575-4099-A846-3B14FF2498FA}
    2012-08-24 23:49 - 2012-08-24 23:49 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{9DCFC2C6-99F7-4E71-ADD0-A27F45301A06}
    2012-08-24 23:49 - 2012-08-24 23:49 - 00000000 ____D C:\Users\Michelle\Local Settings\{9DCFC2C6-99F7-4E71-ADD0-A27F45301A06}
    2012-08-24 23:49 - 2012-08-24 23:49 - 00000000 ____D C:\Users\Michelle\AppData\Local\{9DCFC2C6-99F7-4E71-ADD0-A27F45301A06}
    2012-08-24 11:12 - 2012-08-24 11:12 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{A566BA30-3C3C-4B96-84A6-7F38AE321D41}
    2012-08-24 11:12 - 2012-08-24 11:12 - 00000000 ____D C:\Users\Michelle\Local Settings\{A566BA30-3C3C-4B96-84A6-7F38AE321D41}
    2012-08-24 11:12 - 2012-08-24 11:12 - 00000000 ____D C:\Users\Michelle\AppData\Local\{A566BA30-3C3C-4B96-84A6-7F38AE321D41}
    2012-08-23 23:11 - 2012-08-23 23:11 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{DC82ED4E-208D-46AF-9453-51AF697073C2}
    2012-08-23 23:11 - 2012-08-23 23:11 - 00000000 ____D C:\Users\Michelle\Local Settings\{DC82ED4E-208D-46AF-9453-51AF697073C2}
    2012-08-23 23:11 - 2012-08-23 23:11 - 00000000 ____D C:\Users\Michelle\AppData\Local\{DC82ED4E-208D-46AF-9453-51AF697073C2}
    2012-08-23 10:08 - 2012-08-23 10:09 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{7764D668-AF94-4559-9CE3-6B7F973CE5CF}
    2012-08-23 10:08 - 2012-08-23 10:09 - 00000000 ____D C:\Users\Michelle\Local Settings\{7764D668-AF94-4559-9CE3-6B7F973CE5CF}
    2012-08-23 10:08 - 2012-08-23 10:09 - 00000000 ____D C:\Users\Michelle\AppData\Local\{7764D668-AF94-4559-9CE3-6B7F973CE5CF}
    2012-08-22 22:08 - 2012-08-22 22:08 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{CAD485D9-A7EA-4D80-9494-3E2AC6B370C2}
    2012-08-22 22:08 - 2012-08-22 22:08 - 00000000 ____D C:\Users\Michelle\Local Settings\{CAD485D9-A7EA-4D80-9494-3E2AC6B370C2}
    2012-08-22 22:08 - 2012-08-22 22:08 - 00000000 ____D C:\Users\Michelle\AppData\Local\{CAD485D9-A7EA-4D80-9494-3E2AC6B370C2}
    2012-08-22 10:08 - 2012-08-22 10:08 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{83E5BBB4-1B7C-48D5-8961-9559008DF1E0}
    2012-08-22 10:08 - 2012-08-22 10:08 - 00000000 ____D C:\Users\Michelle\Local Settings\{83E5BBB4-1B7C-48D5-8961-9559008DF1E0}
    2012-08-22 10:08 - 2012-08-22 10:08 - 00000000 ____D C:\Users\Michelle\AppData\Local\{83E5BBB4-1B7C-48D5-8961-9559008DF1E0}
    2012-08-21 22:07 - 2012-08-21 22:07 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{90458190-21BE-442E-B690-0DF914A8E993}
    2012-08-21 22:07 - 2012-08-21 22:07 - 00000000 ____D C:\Users\Michelle\Local Settings\{90458190-21BE-442E-B690-0DF914A8E993}
    2012-08-21 22:07 - 2012-08-21 22:07 - 00000000 ____D C:\Users\Michelle\AppData\Local\{90458190-21BE-442E-B690-0DF914A8E993}
    2012-08-21 09:53 - 2012-08-21 09:53 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{38BC38ED-DDD2-4C6C-BA29-673C879FFE95}
    2012-08-21 09:53 - 2012-08-21 09:53 - 00000000 ____D C:\Users\Michelle\Local Settings\{38BC38ED-DDD2-4C6C-BA29-673C879FFE95}
    2012-08-21 09:53 - 2012-08-21 09:53 - 00000000 ____D C:\Users\Michelle\AppData\Local\{38BC38ED-DDD2-4C6C-BA29-673C879FFE95}
    2012-08-20 21:53 - 2012-08-20 21:53 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{F9BBEC10-41C4-42C4-8919-77861AA17C4C}
    2012-08-20 21:53 - 2012-08-20 21:53 - 00000000 ____D C:\Users\Michelle\Local Settings\{F9BBEC10-41C4-42C4-8919-77861AA17C4C}
    2012-08-20 21:53 - 2012-08-20 21:53 - 00000000 ____D C:\Users\Michelle\AppData\Local\{F9BBEC10-41C4-42C4-8919-77861AA17C4C}
    2012-08-20 08:59 - 2012-08-20 08:59 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{F9C91502-64D7-4C9F-808C-75294562DA88}
    2012-08-20 08:59 - 2012-08-20 08:59 - 00000000 ____D C:\Users\Michelle\Local Settings\{F9C91502-64D7-4C9F-808C-75294562DA88}
    2012-08-20 08:59 - 2012-08-20 08:59 - 00000000 ____D C:\Users\Michelle\AppData\Local\{F9C91502-64D7-4C9F-808C-75294562DA88}
    2012-08-19 14:13 - 2012-08-19 14:13 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{46652F52-E69F-401B-958B-3DFF31D6134A}
    2012-08-19 14:13 - 2012-08-19 14:13 - 00000000 ____D C:\Users\Michelle\Local Settings\{46652F52-E69F-401B-958B-3DFF31D6134A}
    2012-08-19 14:13 - 2012-08-19 14:13 - 00000000 ____D C:\Users\Michelle\AppData\Local\{46652F52-E69F-401B-958B-3DFF31D6134A}
    2012-08-18 18:36 - 2012-08-18 18:37 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{DB0C43B9-D7EE-494F-8D1A-55EAE6251497}
    2012-08-18 18:36 - 2012-08-18 18:37 - 00000000 ____D C:\Users\Michelle\Local Settings\{DB0C43B9-D7EE-494F-8D1A-55EAE6251497}
    2012-08-18 18:36 - 2012-08-18 18:37 - 00000000 ____D C:\Users\Michelle\AppData\Local\{DB0C43B9-D7EE-494F-8D1A-55EAE6251497}
    2012-08-18 00:39 - 2012-08-18 00:39 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{B00FBE42-75B7-4D2B-8C13-E7E03C0DE0AE}
    2012-08-18 00:39 - 2012-08-18 00:39 - 00000000 ____D C:\Users\Michelle\Local Settings\{B00FBE42-75B7-4D2B-8C13-E7E03C0DE0AE}
    2012-08-18 00:39 - 2012-08-18 00:39 - 00000000 ____D C:\Users\Michelle\AppData\Local\{B00FBE42-75B7-4D2B-8C13-E7E03C0DE0AE}
    2012-08-17 11:26 - 2012-08-17 11:26 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{7D011289-7C62-4CCD-A65B-B18D4964F0A6}
    2012-08-17 11:26 - 2012-08-17 11:26 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{5A80C4FF-1BBC-4773-A4D4-0AA2DC7EBE1F}
    2012-08-17 11:26 - 2012-08-17 11:26 - 00000000 ____D C:\Users\Michelle\Local Settings\{7D011289-7C62-4CCD-A65B-B18D4964F0A6}
    2012-08-17 11:26 - 2012-08-17 11:26 - 00000000 ____D C:\Users\Michelle\Local Settings\{5A80C4FF-1BBC-4773-A4D4-0AA2DC7EBE1F}
    2012-08-17 11:26 - 2012-08-17 11:26 - 00000000 ____D C:\Users\Michelle\AppData\Local\{7D011289-7C62-4CCD-A65B-B18D4964F0A6}
    2012-08-17 11:26 - 2012-08-17 11:26 - 00000000 ____D C:\Users\Michelle\AppData\Local\{5A80C4FF-1BBC-4773-A4D4-0AA2DC7EBE1F}
    2012-08-16 21:30 - 2012-08-16 21:30 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{F067B32E-ED24-4F0C-AEC2-FB55FF8A4EF1}
    2012-08-16 21:30 - 2012-08-16 21:30 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{2A2F7C82-04B6-4FFA-93FC-A25E3A3F79F5}
    2012-08-16 21:30 - 2012-08-16 21:30 - 00000000 ____D C:\Users\Michelle\Local Settings\{F067B32E-ED24-4F0C-AEC2-FB55FF8A4EF1}
    2012-08-16 21:30 - 2012-08-16 21:30 - 00000000 ____D C:\Users\Michelle\Local Settings\{2A2F7C82-04B6-4FFA-93FC-A25E3A3F79F5}
    2012-08-16 21:30 - 2012-08-16 21:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\{F067B32E-ED24-4F0C-AEC2-FB55FF8A4EF1}
    2012-08-16 21:30 - 2012-08-16 21:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\{2A2F7C82-04B6-4FFA-93FC-A25E3A3F79F5}
    2012-08-16 09:00 - 2012-08-16 09:00 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{DE327CF7-736B-44E1-9327-4F358938957A}
    2012-08-16 09:00 - 2012-08-16 09:00 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{2B19C6E4-3588-438A-B6EE-9F0803698D1B}
    2012-08-16 09:00 - 2012-08-16 09:00 - 00000000 ____D C:\Users\Michelle\Local Settings\{DE327CF7-736B-44E1-9327-4F358938957A}
    2012-08-16 09:00 - 2012-08-16 09:00 - 00000000 ____D C:\Users\Michelle\Local Settings\{2B19C6E4-3588-438A-B6EE-9F0803698D1B}
    2012-08-16 09:00 - 2012-08-16 09:00 - 00000000 ____D C:\Users\Michelle\AppData\Local\{DE327CF7-736B-44E1-9327-4F358938957A}
    2012-08-16 09:00 - 2012-08-16 09:00 - 00000000 ____D C:\Users\Michelle\AppData\Local\{2B19C6E4-3588-438A-B6EE-9F0803698D1B}
    2012-08-15 20:59 - 2012-08-15 21:00 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{BB622F12-51AB-4B25-A21D-1300E9D1513B}
    2012-08-15 20:59 - 2012-08-15 21:00 - 00000000 ____D C:\Users\Michelle\Local Settings\{BB622F12-51AB-4B25-A21D-1300E9D1513B}
    2012-08-15 20:59 - 2012-08-15 21:00 - 00000000 ____D C:\Users\Michelle\AppData\Local\{BB622F12-51AB-4B25-A21D-1300E9D1513B}
    2012-08-15 20:59 - 2012-08-15 20:59 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{723B5100-0931-44ED-AFE8-7535F7E66108}
    2012-08-15 20:59 - 2012-08-15 20:59 - 00000000 ____D C:\Users\Michelle\Local Settings\{723B5100-0931-44ED-AFE8-7535F7E66108}
    2012-08-15 20:59 - 2012-08-15 20:59 - 00000000 ____D C:\Users\Michelle\AppData\Local\{723B5100-0931-44ED-AFE8-7535F7E66108}
    2012-08-15 08:59 - 2012-08-15 08:59 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{A8C24B01-D076-4EFF-85DD-35484B5DC82C}
    2012-08-15 08:59 - 2012-08-15 08:59 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{6A9DF41D-7CA1-4D2C-BBB4-7296B81003B5}
    2012-08-15 08:59 - 2012-08-15 08:59 - 00000000 ____D C:\Users\Michelle\Local Settings\{A8C24B01-D076-4EFF-85DD-35484B5DC82C}
    2012-08-15 08:59 - 2012-08-15 08:59 - 00000000 ____D C:\Users\Michelle\Local Settings\{6A9DF41D-7CA1-4D2C-BBB4-7296B81003B5}
    2012-08-15 08:59 - 2012-08-15 08:59 - 00000000 ____D C:\Users\Michelle\AppData\Local\{A8C24B01-D076-4EFF-85DD-35484B5DC82C}
    2012-08-15 08:59 - 2012-08-15 08:59 - 00000000 ____D C:\Users\Michelle\AppData\Local\{6A9DF41D-7CA1-4D2C-BBB4-7296B81003B5}
    2012-08-14 18:32 - 2012-08-14 18:32 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{EE185CE7-0449-464F-868F-C0CBF4FEB04D}
    2012-08-14 18:32 - 2012-08-14 18:32 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{494F4CC5-1426-4956-BBE2-F26FA6B324EC}
    2012-08-14 18:32 - 2012-08-14 18:32 - 00000000 ____D C:\Users\Michelle\Local Settings\{EE185CE7-0449-464F-868F-C0CBF4FEB04D}
    2012-08-14 18:32 - 2012-08-14 18:32 - 00000000 ____D C:\Users\Michelle\Local Settings\{494F4CC5-1426-4956-BBE2-F26FA6B324EC}
    2012-08-14 18:32 - 2012-08-14 18:32 - 00000000 ____D C:\Users\Michelle\AppData\Local\{EE185CE7-0449-464F-868F-C0CBF4FEB04D}
    2012-08-14 18:32 - 2012-08-14 18:32 - 00000000 ____D C:\Users\Michelle\AppData\Local\{494F4CC5-1426-4956-BBE2-F26FA6B324EC}
    2012-08-13 22:18 - 2012-08-13 22:18 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{C8724806-B692-4773-8F3E-E1669714BD69}
    2012-08-13 22:18 - 2012-08-13 22:18 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{3C47157F-55E4-45BB-8625-6DECAE072898}
    2012-08-13 22:18 - 2012-08-13 22:18 - 00000000 ____D C:\Users\Michelle\Local Settings\{C8724806-B692-4773-8F3E-E1669714BD69}
    2012-08-13 22:18 - 2012-08-13 22:18 - 00000000 ____D C:\Users\Michelle\Local Settings\{3C47157F-55E4-45BB-8625-6DECAE072898}
    2012-08-13 22:18 - 2012-08-13 22:18 - 00000000 ____D C:\Users\Michelle\AppData\Local\{C8724806-B692-4773-8F3E-E1669714BD69}
    2012-08-13 22:18 - 2012-08-13 22:18 - 00000000 ____D C:\Users\Michelle\AppData\Local\{3C47157F-55E4-45BB-8625-6DECAE072898}
    2012-08-13 21:10 - 2012-09-12 12:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-13 17:37 - 2012-08-13 17:37 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-13 09:52 - 2012-08-13 09:52 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{EF383934-43A2-4B0B-BC20-A84642C9B420}
    2012-08-13 09:52 - 2012-08-13 09:52 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\{6CB6FA5D-322A-48AD-AEDF-04115FA9E0F5}
    2012-08-13 09:52 - 2012-08-13 09:52 - 00000000 ____D C:\Users\Michelle\Local Settings\{EF383934-43A2-4B0B-BC20-A84642C9B420}
    2012-08-13 09:52 - 2012-08-13 09:52 - 00000000 ____D C:\Users\Michelle\Local Settings\{6CB6FA5D-322A-48AD-AEDF-04115FA9E0F5}
    2012-08-13 09:52 - 2012-08-13 09:52 - 00000000 ____D C:\Users\Michelle\AppData\Local\{EF383934-43A2-4B0B-BC20-A84642C9B420}
    2012-08-13 09:52 - 2012-08-13 09:52 - 00000000 ____D C:\Users\Michelle\AppData\Local\{6CB6FA5D-322A-48AD-AEDF-04115FA9E0F5}
    ==================== 3 Months Modified Files ================================
    2012-09-12 12:42 - 2009-07-14 00:13 - 00783482 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-12 12:41 - 2009-07-13 23:51 - 00071995 ____A C:\Windows\setupact.log
    2012-09-12 12:19 - 2012-08-13 21:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-12 12:08 - 2012-01-05 02:43 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-12 11:32 - 2012-09-12 11:32 - 00607260 ____R (Swearware) C:\Users\Michelle\Downloads\dds.scr
    2012-09-12 11:12 - 2011-08-09 12:30 - 01494380 ____A C:\Windows\WindowsUpdate.log
    2012-09-12 11:08 - 2012-01-05 02:43 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-12 10:44 - 2012-09-12 10:44 - 00294216 ____A C:\Users\Michelle\Downloads\gmer.zip
    2012-09-12 09:01 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-12 09:01 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-12 08:53 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-11 21:36 - 2010-11-20 22:47 - 00026446 ____A C:\Windows\PFRO.log
    2012-09-11 16:08 - 2012-02-06 22:13 - 00002342 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-09-11 16:08 - 2012-02-06 22:13 - 00002342 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
    2012-09-11 15:09 - 2012-09-11 15:09 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-09-11 15:09 - 2012-09-11 15:09 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-09-11 15:09 - 2012-09-11 15:09 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-11 15:09 - 2012-09-11 15:09 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-11 15:09 - 2012-09-11 15:09 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-09 00:09 - 2011-10-20 09:53 - 00030121 ____A C:\Users\Michelle\My Documents\Michelle Daily Health.odt
    2012-09-09 00:09 - 2011-10-20 09:53 - 00030121 ____A C:\Users\Michelle\Documents\Michelle Daily Health.odt
    2012-09-07 18:04 - 2012-09-11 15:22 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-25 17:35 - 2012-08-25 17:35 - 00335258 ____A C:\Users\Michelle\My Documents\Mohr.homeschool.xps
    2012-08-25 17:35 - 2012-08-25 17:35 - 00335258 ____A C:\Users\Michelle\Documents\Mohr.homeschool.xps
    2012-08-23 08:28 - 2011-12-08 22:40 - 00097792 __ASH C:\Users\Michelle\My Documents\Thumbs.db
    2012-08-23 08:28 - 2011-12-08 22:40 - 00097792 __ASH C:\Users\Michelle\Documents\Thumbs.db
    2012-08-13 21:10 - 2012-04-06 08:34 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-13 21:10 - 2011-08-09 12:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-09 09:19 - 2009-07-14 00:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-28 11:17 - 2012-07-28 11:17 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-07-28 11:17 - 2012-07-28 11:17 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
    2012-07-15 00:35 - 2012-07-15 00:35 - 00013335 ____A C:\Users\Michelle\My Documents\Love Myself.odt
    2012-07-15 00:35 - 2012-07-15 00:35 - 00013335 ____A C:\Users\Michelle\Documents\Love Myself.odt
    2012-07-12 08:14 - 2009-07-13 23:45 - 00563168 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-12 01:19 - 2011-08-22 08:34 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-05 13:15 - 2012-07-05 13:15 - 00031123 ____A C:\Users\Public\Documents\health antifungal herbs.odt
    2012-07-05 13:15 - 2012-07-05 13:15 - 00031123 ____A C:\Users\All Users\Documents\health antifungal herbs.odt
    2012-07-05 13:15 - 2012-07-05 13:15 - 00023809 ____A C:\Users\Public\Documents\health inflammation liver.odt
    2012-07-05 13:15 - 2012-07-05 13:15 - 00023809 ____A C:\Users\All Users\Documents\health inflammation liver.odt
    2012-07-02 23:20 - 2012-07-02 23:20 - 00021381 ____A C:\Users\Public\Documents\kilts - picture.odt
    2012-07-02 23:20 - 2012-07-02 23:20 - 00021381 ____A C:\Users\All Users\Documents\kilts - picture.odt
    2012-07-01 11:28 - 2012-07-01 11:25 - 02434560 ____A C:\Users\Public\Documents\Publication 3 Hope Herald-July.pub
    2012-07-01 11:28 - 2012-07-01 11:25 - 02434560 ____A C:\Users\All Users\Documents\Publication 3 Hope Herald-July.pub
    2012-06-18 01:01 - 2012-06-17 23:48 - 00021488 ____A C:\Users\Public\Documents\CD Recording.odt
    2012-06-18 01:01 - 2012-06-17 23:48 - 00021488 ____A C:\Users\All Users\Documents\CD Recording.odt
    ZeroAccess:
    C:\Windows\Installer\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}
    C:\Windows\Installer\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\@
    C:\Windows\Installer\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\L
    C:\Windows\Installer\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\U
    C:\Windows\Installer\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\U\00000001.@
    C:\Windows\Installer\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\U\80000000.@
    C:\Windows\Installer\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\U\800000cb.@
    ZeroAccess:
    C:\Users\Michelle\AppData\Local\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}
    C:\Users\Michelle\AppData\Local\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\@
    C:\Users\Michelle\AppData\Local\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\L
    C:\Users\Michelle\AppData\Local\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\U
    C:\Users\Michelle\AppData\Local\{bbec5a00-7e2f-61d3-e0bf-59e5593db369}\U\00000001.@
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-13 10:00:45
    Restore point made on: 2012-08-20 20:50:14
    Restore point made on: 2012-08-28 12:30:04
    Restore point made on: 2012-09-05 08:52:36
    Restore point made on: 2012-09-11 15:01:51
    Restore point made on: 2012-09-11 15:03:48
    Restore point made on: 2012-09-11 15:04:35
    Restore point made on: 2012-09-11 15:08:52
    ==================== Memory info ===========================
    Percentage of memory in use: 14%
    Total physical RAM: 5886.98 MB
    Available physical RAM: 5023.88 MB
    Total Pagefile: 5885.18 MB
    Available Pagefile: 5152.21 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions ============================
    1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:847.98 GB) NTFS
    2 Drive d: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:5.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    7 Drive I: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 123 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 916 GB 14 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 FAT Partition 39 MB Healthy Hidden
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D RECOVERY NTFS Partition 14 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 916 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 123 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 I FAT Removable 123 MB Healthy
    ==================================================================================
    Last Boot: 2012-09-06 08:47
    ==================== End Of Log =============================
  8. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    Farbar Recovery Scan Tool (x64) Version: 12-09-2012
    Ran by SYSTEM at 2012-09-12 12:06:30
    Running from I:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    ====== End Of Search ======
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good job!

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  10. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    Thanks!! My computer booted normally. The last couple days Malwarebytes has been showing a quaranteen message on boot up- it didn't do that this time.

    fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2012
    Ran by SYSTEM at 2012-09-13 08:06:45 Run:1
    Running from I:\
    ==============================================
    C:\Windows\Installer\{bbec5a00-7e2f-61d3-e0bf-59e5593db369} moved successfully.
    C:\Users\Michelle\AppData\Local\{bbec5a00-7e2f-61d3-e0bf-59e5593db369} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  11. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    Is my computer clean? Is it safe to fix MSE?
    Thanks!!
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Probably not as clean as you would like it to be. Most of the time, there is still some determinable malware.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  13. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    Thanks for the Combo-fix, everything appeared to run smoothly. I did have to reboot my computer because of the 'illegal operation' message and when the computer rebooted my windows firewall was blocking Akamai NetSession. Is NetSession a good thing?

    Anyway - here's my combo fix log report. Please let me know what to do next.


    ComboFix 12-09-14.03 - Michelle 09/14/2012 11:50:12.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4179 [GMT -6:00]
    Running from: c:\users\Michelle\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\0d03215e-4c16-4ea7-b7d7-805a2556effc.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\c882e61c-ecc2-4db0-9a28-7cbe8bd4876b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-14 18:14 . 2012-09-14 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-12 16:55 . 2012-09-12 17:04 -------- d-----w- C:\FRST
    2012-09-12 16:29 . 2012-09-14 17:34 -------- d-----w- c:\users\Michelle\AppData\Local\Diagnostics
    2012-09-11 20:22 . 2012-09-11 20:22 -------- d-----w- c:\users\Michelle\AppData\Roaming\Malwarebytes
    2012-09-11 20:22 . 2012-09-11 20:22 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-11 20:22 . 2012-09-11 20:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-11 20:22 . 2012-09-07 23:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-11 20:09 . 2012-09-11 20:09 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-11 20:09 . 2012-09-11 20:09 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-11 20:09 . 2012-09-11 20:09 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-11 02:21 . 2012-09-11 02:21 -------- d-----w- C:\Fingertapps
    2012-08-23 16:03 . 2012-08-23 16:03 -------- d-----w- c:\programdata\PC-Doctor for Windows
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-14 02:10 . 2012-04-06 13:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-14 02:10 . 2011-08-09 17:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 06:19 . 2011-08-22 13:34 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-29 10:04 . 2012-08-13 15:01 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E92C62A-F55B-4862-9910-F94FD0FA0FC0}\mpengine.dll
    2012-06-29 10:04 . 2012-08-12 14:35 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-05 39408]
    "Akamai NetSession Interface"="c:\users\Michelle\AppData\Local\Akamai\netsession_win.exe" [2012-08-11 4440896]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-05 136176]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 257224]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-05 136176]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-16 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-07-22 690472]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 02:10]
    .
    2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-05 07:43]
    .
    2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-05 07:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.thepioneerwoman.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>??????††††??????=:????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
    TCP: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-MsMpSvc
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
    57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:e1,58,98,09,15,91,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-14 12:23:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-14 18:23
    .
    Pre-Run: 911,335,194,624 bytes free
    Post-Run: 911,068,930,048 bytes free
    .
    - - End Of File - - 91CE43823DBEF06DBF1075925BDF7912
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It is safe. Looks like there might be some adware though...

    AdwCleaner Scan
    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  15. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    Wonderful!!! Thanks so much!! You can't imagine how much I appreciate your help.
    I'll go ahead and load MSE.

    Anything else? Should I delete all the software you had me download?

    Here's the log you requested.


    # AdwCleaner v2.001 - Logfile created 09/15/2012 at 14:45:28
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Michelle - MOHRKNOWLEDGE
    # Boot Mode : Normal
    # Running from : C:\Users\Michelle\Downloads\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [684 octets] - [15/09/2012 14:45:28]
    ########## EOF - C:\AdwCleaner[R1].txt - [743 octets] ##########
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! Your logs appear to be clean. If there are no more issues, then we shall finish up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  17. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    Thanks for all the help. The disk clean up went well.
    I'm heading out of town and will finish the rest when I get back at the end of the week.
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Very well. See you then.

    Marked as inactive.
  19. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    DragonMaster Jay -- Thanks for all your help.

    I finished cleaning the process. My SecurityCheck notepad document is posted below. What's next.

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java 7 Update 7
    Adobe Reader X 10.1.3 Adobe Reader out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's cool.

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Any other questions before I mark this topic solved?
  21. Michelle DM

    Michelle DM Newcomer, in training Topic Starter Posts: 31

    Done!! Thanks again for all the help.
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome, and thanks for the contribution. Always appreciated. Have a good one!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.