Inactive [A] Win64/Sirefef.Y issue.....

Status
Not open for further replies.
C

cmwensell

Posts: 9   +0
I am trying to clean this virus from my laptop but I am needing some assistance in getting a fixlist.txt that I can run on Farbar.

frst.txt
Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by Michele at 14-07-2012 13:46:55
Running from F:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

============ One Month Created Files and Folders ==============
2012-07-14 13:46 - 2012-07-14 13:46 - 00000000 ____D C:\FRST
2012-07-14 11:31 - 2012-07-14 11:31 - 00003416 ____N C:\bootsqm.dat
2012-07-14 11:30 - 2012-07-14 11:30 - 00000000 __SHD C:\found.000
2012-07-13 09:50 - 2012-07-13 09:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61C71132CD9D040D
2012-07-13 09:35 - 2012-07-13 09:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C19059AF27730AC8
2012-07-13 09:31 - 2012-07-13 09:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D3440776D72ECB5
2012-07-13 09:28 - 2012-07-13 09:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9A282AB65C2C02C
2012-07-13 09:23 - 2012-07-13 09:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CBE32345F421889
2012-07-13 09:19 - 2012-07-13 09:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B12FAF4B706317DB
2012-07-13 09:16 - 2012-07-13 09:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F272255738D5DF7
2012-07-13 09:13 - 2012-07-13 09:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4C8BBBA8428029F
2012-07-13 09:10 - 2012-07-13 09:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BC3D6FA7FAB62AF7
2012-07-13 09:07 - 2012-07-13 09:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E70B5A4069803A5
2012-07-13 09:04 - 2012-07-13 09:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7197B8409AC9D2BC
2012-07-13 09:01 - 2012-07-13 09:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC667CCD6A1E776D
2012-07-13 08:58 - 2012-07-13 08:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78F08B6192608756
2012-07-13 08:55 - 2012-07-13 08:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F12979FFE3AB947C
2012-07-13 08:51 - 2012-07-13 08:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C223D635B6743B6
2012-07-13 08:48 - 2012-07-13 08:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2A92DC29A0E9421
2012-07-13 08:45 - 2012-07-13 08:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EB4F6B2F3CC9E39
2012-07-13 08:42 - 2012-07-13 08:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5C975685C3338D77
2012-07-13 08:38 - 2012-07-13 08:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDA0F9F51325B9C8
2012-07-13 08:33 - 2012-07-13 08:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1FC6F8F53C0C5366
2012-07-13 08:29 - 2012-07-13 08:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA13565E813A8405
2012-07-13 08:26 - 2012-07-13 08:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63460CDCB06FDD10
2012-07-12 23:18 - 2012-07-12 23:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.959EFCE6CB361FDA
2012-07-12 23:14 - 2012-07-12 23:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9F81661DDCEEB69
2012-07-12 23:07 - 2012-07-12 23:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-12 23:07 - 2012-07-12 23:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-12 23:04 - 2012-07-12 23:04 - 12621696 ____A (Microsoft Corporation) C:\Users\Michele\Downloads\mseinstall.exe
2012-07-11 19:36 - 2012-07-11 19:36 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-11 15:09 - 2012-07-11 20:23 - 00000000 ____D C:\Users\Michele\Desktop\2011 photobook
2012-07-11 08:24 - 2012-06-11 23:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 08:20 - 2012-06-02 08:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 08:20 - 2012-06-02 08:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 08:20 - 2012-06-02 08:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 08:20 - 2012-06-02 08:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 08:20 - 2012-06-02 08:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 08:20 - 2012-06-02 08:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 08:20 - 2012-06-02 08:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 08:20 - 2012-06-02 08:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 08:20 - 2012-06-02 08:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 08:20 - 2012-06-02 08:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 08:20 - 2012-06-02 07:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 08:20 - 2012-06-02 07:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 08:20 - 2012-06-02 07:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 08:20 - 2012-06-02 07:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 08:20 - 2012-06-02 05:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 08:20 - 2012-06-02 04:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 08:20 - 2012-06-02 04:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 08:20 - 2012-06-02 04:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 08:20 - 2012-06-02 04:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 08:20 - 2012-06-02 04:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 08:20 - 2012-06-02 04:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 08:20 - 2012-06-02 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 08:20 - 2012-06-02 04:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 08:20 - 2012-06-02 04:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 08:20 - 2012-06-02 04:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 08:20 - 2012-06-02 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 08:20 - 2012-06-02 04:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 08:20 - 2012-06-02 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 18:37 - 2012-06-09 01:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 18:37 - 2012-06-09 00:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 18:37 - 2012-06-06 02:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 18:37 - 2012-06-06 02:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 18:37 - 2012-06-06 02:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 18:37 - 2012-06-06 01:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 18:37 - 2012-06-06 01:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 18:37 - 2012-06-06 01:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 18:37 - 2012-06-02 01:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 18:37 - 2012-06-02 01:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 18:37 - 2012-06-02 01:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 18:37 - 2012-06-02 01:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 18:37 - 2012-06-02 01:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 18:37 - 2012-06-02 00:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 18:37 - 2012-06-02 00:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 18:37 - 2012-06-02 00:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 18:37 - 2012-06-02 00:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 18:37 - 2010-06-25 23:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 18:37 - 2010-06-25 23:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-08 19:25 - 2012-07-08 19:25 - 00000000 ____D C:\Users\Michele\AppData\Local\{F24143AC-E2F7-4DCC-B4AE-64C5F0632893}
2012-07-08 19:25 - 2012-07-08 19:25 - 00000000 ____D C:\Users\Michele\AppData\Local\{B9BF7CDF-44CC-4FD5-A7B5-64FDAC1E92A4}
2012-07-02 10:09 - 2012-07-02 10:13 - 00000000 ____D C:\Users\Michele\Desktop\tattoo ideas
2012-06-27 13:13 - 2012-07-14 12:46 - 00000000 ____D C:\Users\Michele\AppData\Roaming\Spotify
2012-06-27 13:13 - 2012-07-14 11:33 - 00000000 ____D C:\Users\Michele\AppData\Local\Spotify
2012-06-27 13:13 - 2012-06-27 13:13 - 00085784 ____A (Spotify Ltd) C:\Users\Michele\Downloads\spotify.exe
2012-06-27 13:13 - 2012-06-27 13:13 - 00001779 ____A C:\Users\Michele\Desktop\Spotify.lnk
2012-06-23 10:03 - 2012-06-23 10:03 - 00076017 ____A C:\Users\Michele\Documents\Drew Flyer.odt
2012-06-21 07:58 - 2012-06-02 18:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 07:58 - 2012-06-02 18:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 07:58 - 2012-06-02 18:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 07:58 - 2012-06-02 18:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 07:58 - 2012-06-02 18:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 07:58 - 2012-06-02 18:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 07:58 - 2012-06-02 18:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 07:58 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 07:58 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================
2012-07-14 13:44 - 2009-07-14 01:13 - 00798570 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-14 12:44 - 2012-05-14 09:26 - 00045056 ____A C:\Windows\SysWOW64\acovcnt.exe
2012-07-14 12:44 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-14 12:44 - 2009-07-14 00:51 - 00053287 ____A C:\Windows\setupact.log
2012-07-14 11:31 - 2012-07-14 11:31 - 00003416 ____N C:\bootsqm.dat
2012-07-13 09:50 - 2012-07-13 09:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61C71132CD9D040D
2012-07-13 09:44 - 2012-02-27 21:15 - 01086725 ____A C:\Windows\WindowsUpdate.log
2012-07-13 09:35 - 2012-07-13 09:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C19059AF27730AC8
2012-07-13 09:31 - 2012-07-13 09:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D3440776D72ECB5
2012-07-13 09:28 - 2012-07-13 09:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9A282AB65C2C02C
2012-07-13 09:23 - 2012-07-13 09:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CBE32345F421889
2012-07-13 09:19 - 2012-07-13 09:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B12FAF4B706317DB
2012-07-13 09:16 - 2012-07-13 09:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F272255738D5DF7
2012-07-13 09:13 - 2012-07-13 09:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4C8BBBA8428029F
2012-07-13 09:10 - 2012-07-13 09:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BC3D6FA7FAB62AF7
2012-07-13 09:07 - 2012-07-13 09:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E70B5A4069803A5
2012-07-13 09:04 - 2012-07-13 09:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7197B8409AC9D2BC
2012-07-13 09:01 - 2012-07-13 09:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC667CCD6A1E776D
2012-07-13 08:58 - 2012-07-13 08:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78F08B6192608756
2012-07-13 08:55 - 2012-07-13 08:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F12979FFE3AB947C
2012-07-13 08:51 - 2012-07-13 08:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C223D635B6743B6
2012-07-13 08:51 - 2012-05-16 07:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-13 08:48 - 2012-07-13 08:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2A92DC29A0E9421
2012-07-13 08:45 - 2012-07-13 08:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EB4F6B2F3CC9E39
2012-07-13 08:42 - 2012-07-13 08:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5C975685C3338D77
2012-07-13 08:38 - 2012-07-13 08:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDA0F9F51325B9C8
2012-07-13 08:33 - 2012-07-13 08:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1FC6F8F53C0C5366
2012-07-13 08:29 - 2012-07-13 08:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA13565E813A8405
2012-07-13 08:26 - 2012-07-13 08:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63460CDCB06FDD10
2012-07-13 07:46 - 2009-07-13 19:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-12 23:18 - 2012-07-12 23:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.959EFCE6CB361FDA
2012-07-12 23:14 - 2012-07-12 23:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9F81661DDCEEB69
2012-07-12 23:08 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-12 23:08 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-12 23:07 - 2012-05-14 09:47 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-12 23:07 - 2011-11-03 06:19 - 00812720 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-12 23:04 - 2012-07-12 23:04 - 12621696 ____A (Microsoft Corporation) C:\Users\Michele\Downloads\mseinstall.exe
2012-07-12 09:51 - 2012-05-16 07:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 09:51 - 2012-05-16 07:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 08:11 - 2012-02-27 21:24 - 00002106 ____A C:\Windows\System32\AutoRunFilter.ini
2012-07-11 08:41 - 2009-07-14 00:45 - 00293304 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 08:21 - 2012-05-14 23:32 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-27 13:13 - 2012-06-27 13:13 - 00085784 ____A (Spotify Ltd) C:\Users\Michele\Downloads\spotify.exe
2012-06-27 13:13 - 2012-06-27 13:13 - 00001779 ____A C:\Users\Michele\Desktop\Spotify.lnk
2012-06-23 10:03 - 2012-06-23 10:03 - 00076017 ____A C:\Users\Michele\Documents\Drew Flyer.odt
2012-06-11 23:08 - 2012-07-11 08:24 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 01:43 - 2012-07-10 18:37 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 00:41 - 2012-07-10 18:37 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 16:24 - 2012-05-14 09:25 - 00063568 ____A C:\Users\Michele\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-06 17:36 - 2012-06-06 17:36 - 00485576 ____A (Catalina Marketing Corp. ) C:\Users\Michele\Downloads\CouponActivator.exe
2012-06-06 02:06 - 2012-07-10 18:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 02:06 - 2012-07-10 18:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 02:02 - 2012-07-10 18:37 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 01:05 - 2012-07-10 18:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 01:05 - 2012-07-10 18:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 01:03 - 2012-07-10 18:37 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 18:19 - 2012-06-21 07:58 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 18:19 - 2012-06-21 07:58 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 18:19 - 2012-06-21 07:58 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 18:19 - 2012-06-21 07:58 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 18:19 - 2012-06-21 07:58 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 18:15 - 2012-06-21 07:58 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 18:15 - 2012-06-21 07:58 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-21 07:58 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-21 07:58 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 08:49 - 2012-07-11 08:20 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 08:17 - 2012-07-11 08:20 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 08:12 - 2012-07-11 08:20 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 08:05 - 2012-07-11 08:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 08:05 - 2012-07-11 08:20 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 08:04 - 2012-07-11 08:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 08:04 - 2012-07-11 08:20 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 08:03 - 2012-07-11 08:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 08:01 - 2012-07-11 08:20 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 08:00 - 2012-07-11 08:20 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 07:59 - 2012-07-11 08:20 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 07:57 - 2012-07-11 08:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 07:57 - 2012-07-11 08:20 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 07:54 - 2012-07-11 08:20 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 05:07 - 2012-07-11 08:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 04:43 - 2012-07-11 08:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 04:33 - 2012-07-11 08:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 04:26 - 2012-07-11 08:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 04:25 - 2012-07-11 08:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 04:25 - 2012-07-11 08:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 04:23 - 2012-07-11 08:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 04:21 - 2012-07-11 08:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 04:20 - 2012-07-11 08:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 04:19 - 2012-07-11 08:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 04:19 - 2012-07-11 08:20 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 04:17 - 2012-07-11 08:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 04:16 - 2012-07-11 08:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 04:14 - 2012-07-11 08:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 01:50 - 2012-07-10 18:37 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 01:48 - 2012-07-10 18:37 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 01:48 - 2012-07-10 18:37 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 01:45 - 2012-07-10 18:37 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 01:44 - 2012-07-10 18:37 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 00:40 - 2012-07-10 18:37 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 00:40 - 2012-07-10 18:37 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 00:39 - 2012-07-10 18:37 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 00:34 - 2012-07-10 18:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-29 12:59 - 2012-05-29 12:56 - 00012521 ____A C:\Users\Michele\Documents\Sarah Lesson Plan.odt
2012-05-29 12:55 - 2012-05-29 12:55 - 00012513 ____A C:\Users\Michele\Documents\Abbey Lesson Plan.odt
2012-05-25 07:49 - 2012-02-27 21:24 - 00001170 ____A C:\Windows\System32\ServiceFilter.ini
2012-05-24 19:54 - 2012-05-24 19:45 - 29548215 ____A C:\Users\Michele\Documents\Photos of house, rooms, and cars.odt
2012-05-24 18:25 - 2012-05-24 18:25 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-24 16:18 - 2012-05-24 16:18 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-24 16:18 - 2012-05-24 16:18 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-24 16:18 - 2012-05-24 16:18 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-24 16:18 - 2012-05-24 16:18 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-24 16:17 - 2012-05-24 16:17 - 00910112 ____A (Sun Microsystems, Inc.) C:\Users\Michele\Downloads\jxpiinstall.exe
2012-05-17 16:05 - 2012-05-17 16:05 - 24770069 ____A C:\Users\Michele\Downloads\Update_kindle_3.3_B006.bin
2012-05-16 10:13 - 2012-05-16 07:59 - 00002096 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-05-15 13:28 - 2009-07-14 01:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf
2012-05-15 13:28 - 2009-07-14 01:01 - 00108227 ____A C:\Windows\System32\license.rtf
2012-05-15 09:54 - 2012-05-15 09:54 - 01296320 ____A (Coupons.com Incorporated) C:\Users\Michele\Downloads\CouponPrinter.exe
2012-05-15 08:52 - 2012-05-15 08:52 - 00001164 ____A C:\Users\Public\Desktop\NX510 Series Info Center.lnk
2012-05-15 08:52 - 2012-05-15 08:08 - 00000079 ____A C:\Windows\EPNX510.ini
2012-05-15 08:46 - 2012-05-15 08:46 - 04729984 ____A C:\Users\Michele\Downloads\ENPrint250e.exe
2012-05-15 08:31 - 2012-05-15 08:10 - 00000932 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-05-14 23:51 - 2012-02-27 21:24 - 00000080 ____A C:\Windows\System32\Defrag.ini
2012-05-14 22:45 - 2012-05-14 22:45 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
2012-05-14 22:40 - 2012-05-14 22:39 - 151801119 ____A C:\Users\Michele\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
2012-05-14 10:36 - 2012-05-14 10:36 - 00002088 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-05-14 10:36 - 2012-05-14 10:35 - 17596136 ____A (Mozilla) C:\Users\Michele\Downloads\Thunderbird Setup 12.0.1.exe
2012-05-14 10:35 - 2012-05-14 10:35 - 00001132 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-14 09:26 - 2011-11-03 06:19 - 02454060 ____A C:\Windows\AsDebug.log
2012-05-14 09:26 - 2011-11-03 06:10 - 00002988 ____A C:\Windows\PQArecord.log
2012-05-14 09:26 - 2011-02-18 16:12 - 00277978 ____A C:\Windows\AsCDProc.log
2012-05-14 09:25 - 2012-05-14 09:25 - 00000192 ____A C:\Windows\FixPatch.log
2012-05-14 09:25 - 2012-05-14 09:25 - 00000020 ___SH C:\Users\Michele\ntuser.ini
2012-05-04 07:06 - 2012-06-13 08:24 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 06:03 - 2012-06-13 08:24 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 06:03 - 2012-06-13 08:24 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 01:40 - 2012-06-13 08:24 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 23:55 - 2012-06-13 08:24 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 01:41 - 2012-06-13 08:25 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 01:41 - 2012-06-13 08:25 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 01:34 - 2012-06-13 08:25 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 01:37 - 2012-06-13 08:24 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 01:37 - 2012-06-13 08:24 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 01:37 - 2012-06-13 08:24 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 00:36 - 2012-06-13 08:24 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 00:36 - 2012-06-13 08:24 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 00:36 - 2012-06-13 08:24 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

ZeroAccess:
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\@
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\00000001.@
ZeroAccess:
C:\Users\Michele\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}
C:\Users\Michele\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\@
C:\Users\Michele\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L
C:\Users\Michele\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe FCB084FA3DCB7449F3BAA13312A215B4 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 28%
Total physical RAM: 4000.13 MB
Available physical RAM: 2879.83 MB
Total Pagefile: 7998.44 MB
Available Pagefile: 6881.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:78.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:152.63 GB) NTFS
4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.81 GB) FAT
DiskPart has encountered an error: The RPC server is unavailable.
See the System Event Log for more information.

==========================================================
Last Boot: 2012-06-30 09:18
======================= End Of Log ==========================

Services.exe Search

Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-14 17:22:20
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-14 14:11] - 0328704 ____A (Microsoft Corporation) FCB084FA3DCB7449F3BAA13312A215B4
====== End Of Search ======

Any assistance would be appreciated....

Thanks
Chris
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
Click to expand...
You ran the tool incorrectly.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 14-07-2012 21:03:14
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-11-03] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-11-03] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-11-03] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2277480 2011-08-15] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [3331312 2011-11-03] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKU\Michele\...\Run: [Spotify] "C:\Users\Michele\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7609560 2012-07-08] (Spotify Ltd)
HKU\Michele\...\Run: [Spotify Web Helper] "C:\Users\Michele\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-08] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
==================== Services (Whitelisted) ======
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [92800 2011-11-30] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
========================== Drivers (Whitelisted) =============
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-14 10:42 - 2012-07-14 13:52 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-07-14 09:46 - 2012-07-14 09:46 - 00000000 ____D C:\FRST
2012-07-14 07:31 - 2012-07-14 07:31 - 00003416 ____N C:\bootsqm.dat
2012-07-14 07:30 - 2012-07-14 07:30 - 00000000 __SHD C:\found.000
2012-07-13 05:50 - 2012-07-13 05:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61C71132CD9D040D
2012-07-13 05:35 - 2012-07-13 05:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C19059AF27730AC8
2012-07-13 05:31 - 2012-07-13 05:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D3440776D72ECB5
2012-07-13 05:28 - 2012-07-13 05:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9A282AB65C2C02C
2012-07-13 05:23 - 2012-07-13 05:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CBE32345F421889
2012-07-13 05:19 - 2012-07-13 05:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B12FAF4B706317DB
2012-07-13 05:16 - 2012-07-13 05:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F272255738D5DF7
2012-07-13 05:13 - 2012-07-13 05:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4C8BBBA8428029F
2012-07-13 05:10 - 2012-07-13 05:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BC3D6FA7FAB62AF7
2012-07-13 05:07 - 2012-07-13 05:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E70B5A4069803A5
2012-07-13 05:04 - 2012-07-13 05:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7197B8409AC9D2BC
2012-07-13 05:01 - 2012-07-13 05:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC667CCD6A1E776D
2012-07-13 04:58 - 2012-07-13 04:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78F08B6192608756
2012-07-13 04:55 - 2012-07-13 04:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F12979FFE3AB947C
2012-07-13 04:51 - 2012-07-13 04:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C223D635B6743B6
2012-07-13 04:48 - 2012-07-13 04:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2A92DC29A0E9421
2012-07-13 04:45 - 2012-07-13 04:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EB4F6B2F3CC9E39
2012-07-13 04:42 - 2012-07-13 04:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5C975685C3338D77
2012-07-13 04:38 - 2012-07-13 04:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDA0F9F51325B9C8
2012-07-13 04:33 - 2012-07-13 04:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1FC6F8F53C0C5366
2012-07-13 04:29 - 2012-07-13 04:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA13565E813A8405
2012-07-13 04:26 - 2012-07-13 04:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63460CDCB06FDD10
2012-07-12 19:18 - 2012-07-12 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.959EFCE6CB361FDA
2012-07-12 19:14 - 2012-07-12 19:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9F81661DDCEEB69
2012-07-12 19:07 - 2012-07-12 19:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-12 19:07 - 2012-07-12 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-12 19:04 - 2012-07-12 19:04 - 12621696 ____A (Microsoft Corporation) C:\Users\Michele\Downloads\mseinstall.exe
2012-07-11 15:36 - 2012-07-11 15:36 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-11 11:09 - 2012-07-11 16:23 - 00000000 ____D C:\Users\Michele\Desktop\2011 photobook
2012-07-11 04:24 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 04:20 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 04:20 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 04:20 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 04:20 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 04:20 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 04:20 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 04:20 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 04:20 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 04:20 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 04:20 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 04:20 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 04:20 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 04:20 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 04:20 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 04:20 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 04:20 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 04:20 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 04:20 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 04:20 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 04:20 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 04:20 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 04:20 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 04:20 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 04:20 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 04:20 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 04:20 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 04:20 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 04:20 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 14:37 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 14:37 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 14:37 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 14:37 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 14:37 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 14:37 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 14:37 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 14:37 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 14:37 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 14:37 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 14:37 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 14:37 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 14:37 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 14:37 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 14:37 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 14:37 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 14:37 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 14:37 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 14:37 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-08 15:25 - 2012-07-08 15:25 - 00000000 ____D C:\Users\Michele\AppData\Local\{F24143AC-E2F7-4DCC-B4AE-64C5F0632893}
2012-07-08 15:25 - 2012-07-08 15:25 - 00000000 ____D C:\Users\Michele\AppData\Local\{B9BF7CDF-44CC-4FD5-A7B5-64FDAC1E92A4}
2012-07-02 06:09 - 2012-07-02 06:13 - 00000000 ____D C:\Users\Michele\Desktop\tattoo ideas
2012-06-27 09:13 - 2012-07-14 16:57 - 00000000 ____D C:\Users\Michele\AppData\Roaming\Spotify
2012-06-27 09:13 - 2012-07-14 16:57 - 00000000 ____D C:\Users\Michele\AppData\Local\Spotify
2012-06-27 09:13 - 2012-06-27 09:13 - 00085784 ____A (Spotify Ltd) C:\Users\Michele\Downloads\spotify.exe
2012-06-27 09:13 - 2012-06-27 09:13 - 00001779 ____A C:\Users\Michele\Desktop\Spotify.lnk
2012-06-23 06:03 - 2012-06-23 06:03 - 00076017 ____A C:\Users\Michele\Documents\Drew Flyer.odt
2012-06-21 03:58 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 03:58 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 03:58 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 03:58 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 03:58 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 03:58 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 03:58 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 03:58 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 03:58 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================
2012-07-14 16:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-14 16:58 - 2009-07-13 20:51 - 00055257 ____A C:\Windows\setupact.log
2012-07-14 16:57 - 2012-07-14 16:57 - 00000253 ____A C:\rkill.log
2012-07-14 16:56 - 2012-05-14 05:26 - 00045056 ____A C:\Windows\SysWOW64\acovcnt.exe
2012-07-14 14:11 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-14 09:44 - 2009-07-13 21:13 - 00798570 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-14 07:31 - 2012-07-14 07:31 - 00003416 ____N C:\bootsqm.dat
2012-07-13 05:50 - 2012-07-13 05:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61C71132CD9D040D
2012-07-13 05:44 - 2012-02-27 17:15 - 01086725 ____A C:\Windows\WindowsUpdate.log
2012-07-13 05:35 - 2012-07-13 05:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C19059AF27730AC8
2012-07-13 05:31 - 2012-07-13 05:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D3440776D72ECB5
2012-07-13 05:28 - 2012-07-13 05:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9A282AB65C2C02C
2012-07-13 05:23 - 2012-07-13 05:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CBE32345F421889
2012-07-13 05:19 - 2012-07-13 05:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B12FAF4B706317DB
2012-07-13 05:16 - 2012-07-13 05:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F272255738D5DF7
2012-07-13 05:13 - 2012-07-13 05:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4C8BBBA8428029F
2012-07-13 05:10 - 2012-07-13 05:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BC3D6FA7FAB62AF7
2012-07-13 05:07 - 2012-07-13 05:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E70B5A4069803A5
2012-07-13 05:04 - 2012-07-13 05:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7197B8409AC9D2BC
2012-07-13 05:01 - 2012-07-13 05:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC667CCD6A1E776D
2012-07-13 04:58 - 2012-07-13 04:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78F08B6192608756
2012-07-13 04:55 - 2012-07-13 04:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F12979FFE3AB947C
2012-07-13 04:51 - 2012-07-13 04:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C223D635B6743B6
2012-07-13 04:51 - 2012-05-16 03:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-13 04:48 - 2012-07-13 04:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2A92DC29A0E9421
2012-07-13 04:45 - 2012-07-13 04:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EB4F6B2F3CC9E39
2012-07-13 04:42 - 2012-07-13 04:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5C975685C3338D77
2012-07-13 04:38 - 2012-07-13 04:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EDA0F9F51325B9C8
2012-07-13 04:33 - 2012-07-13 04:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1FC6F8F53C0C5366
2012-07-13 04:29 - 2012-07-13 04:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA13565E813A8405
2012-07-13 04:26 - 2012-07-13 04:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63460CDCB06FDD10
2012-07-12 19:18 - 2012-07-12 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.959EFCE6CB361FDA
2012-07-12 19:14 - 2012-07-12 19:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9F81661DDCEEB69
2012-07-12 19:08 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-12 19:08 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-12 19:07 - 2012-05-14 05:47 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-12 19:07 - 2011-11-03 02:19 - 00812720 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-12 19:04 - 2012-07-12 19:04 - 12621696 ____A (Microsoft Corporation) C:\Users\Michele\Downloads\mseinstall.exe
2012-07-12 05:51 - 2012-05-16 03:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 05:51 - 2012-05-16 03:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 04:11 - 2012-02-27 17:24 - 00002106 ____A C:\Windows\System32\AutoRunFilter.ini
2012-07-11 04:41 - 2009-07-13 20:45 - 00293304 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 04:21 - 2012-05-14 19:32 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-27 09:13 - 2012-06-27 09:13 - 00085784 ____A (Spotify Ltd) C:\Users\Michele\Downloads\spotify.exe
2012-06-27 09:13 - 2012-06-27 09:13 - 00001779 ____A C:\Users\Michele\Desktop\Spotify.lnk
2012-06-23 06:03 - 2012-06-23 06:03 - 00076017 ____A C:\Users\Michele\Documents\Drew Flyer.odt
2012-06-11 19:08 - 2012-07-11 04:24 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 14:37 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 14:37 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 12:24 - 2012-05-14 05:25 - 00063568 ____A C:\Users\Michele\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-06 13:36 - 2012-06-06 13:36 - 00485576 ____A (Catalina Marketing Corp. ) C:\Users\Michele\Downloads\CouponActivator.exe
2012-06-05 22:06 - 2012-07-10 14:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 14:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 14:37 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 14:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 14:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 14:37 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 03:58 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 03:58 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 03:58 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 03:58 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 03:58 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 03:58 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 03:58 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 03:58 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 03:58 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 04:20 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 04:20 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 04:20 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 04:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 04:20 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 04:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 04:20 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 04:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 04:20 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 04:20 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 04:20 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 04:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 04:20 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 04:20 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 04:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 04:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 04:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 04:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 04:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 04:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 04:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 04:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 04:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 04:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 04:20 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 04:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 04:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 04:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 14:37 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 14:37 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 14:37 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 14:37 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 14:37 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 14:37 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 14:37 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 14:37 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 14:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-29 08:59 - 2012-05-29 08:56 - 00012521 ____A C:\Users\Michele\Documents\Sarah Lesson Plan.odt
2012-05-29 08:55 - 2012-05-29 08:55 - 00012513 ____A C:\Users\Michele\Documents\Abbey Lesson Plan.odt
2012-05-25 03:49 - 2012-02-27 17:24 - 00001170 ____A C:\Windows\System32\ServiceFilter.ini
2012-05-24 15:54 - 2012-05-24 15:45 - 29548215 ____A C:\Users\Michele\Documents\Photos of house, rooms, and cars.odt
2012-05-24 14:25 - 2012-05-24 14:25 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-24 12:18 - 2012-05-24 12:18 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-24 12:18 - 2012-05-24 12:18 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-24 12:18 - 2012-05-24 12:18 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-24 12:18 - 2012-05-24 12:18 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-24 12:17 - 2012-05-24 12:17 - 00910112 ____A (Sun Microsystems, Inc.) C:\Users\Michele\Downloads\jxpiinstall.exe
2012-05-17 12:05 - 2012-05-17 12:05 - 24770069 ____A C:\Users\Michele\Downloads\Update_kindle_3.3_B006.bin
2012-05-16 06:13 - 2012-05-16 03:59 - 00002096 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-05-15 09:28 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf
2012-05-15 09:28 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\System32\license.rtf
2012-05-15 05:54 - 2012-05-15 05:54 - 01296320 ____A (Coupons.com Incorporated) C:\Users\Michele\Downloads\CouponPrinter.exe
2012-05-15 04:52 - 2012-05-15 04:52 - 00001164 ____A C:\Users\Public\Desktop\NX510 Series Info Center.lnk
2012-05-15 04:52 - 2012-05-15 04:08 - 00000079 ____A C:\Windows\EPNX510.ini
2012-05-15 04:46 - 2012-05-15 04:46 - 04729984 ____A C:\Users\Michele\Downloads\ENPrint250e.exe
2012-05-15 04:31 - 2012-05-15 04:10 - 00000932 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-05-14 19:51 - 2012-02-27 17:24 - 00000080 ____A C:\Windows\System32\Defrag.ini
2012-05-14 18:45 - 2012-05-14 18:45 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
2012-05-14 18:40 - 2012-05-14 18:39 - 151801119 ____A C:\Users\Michele\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
2012-05-14 06:36 - 2012-05-14 06:36 - 00002088 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-05-14 06:36 - 2012-05-14 06:35 - 17596136 ____A (Mozilla) C:\Users\Michele\Downloads\Thunderbird Setup 12.0.1.exe
2012-05-14 06:35 - 2012-05-14 06:35 - 00001132 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-14 05:26 - 2011-11-03 02:19 - 02454060 ____A C:\Windows\AsDebug.log
2012-05-14 05:26 - 2011-11-03 02:10 - 00002988 ____A C:\Windows\PQArecord.log
2012-05-14 05:26 - 2011-02-18 12:12 - 00277978 ____A C:\Windows\AsCDProc.log
2012-05-14 05:25 - 2012-05-14 05:25 - 00000192 ____A C:\Windows\FixPatch.log
2012-05-14 05:25 - 2012-05-14 05:25 - 00000020 ___SH C:\Users\Michele\ntuser.ini
2012-05-04 03:06 - 2012-06-13 04:24 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 04:24 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 04:24 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 04:24 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 04:24 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 04:25 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 04:25 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 04:25 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 04:24 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 04:24 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 04:24 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 04:24 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 04:24 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 04:24 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
ZeroAccess:
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\@
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\00000001.@
ZeroAccess:
C:\Users\Michele\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}
C:\Users\Michele\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\@
C:\Users\Michele\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L
C:\Users\Michele\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe FCB084FA3DCB7449F3BAA13312A215B4 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 13%
Total physical RAM: 4000.13 MB
Available physical RAM: 3441.6 MB
Total Pagefile: 3998.27 MB
Available Pagefile: 3431.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:77.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:152.63 GB) NTFS
4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.81 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 960 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 119 GB 25 GB
Partition 3 Primary 153 GB 144 GB
==================================================================================
Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 119 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 153 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 959 MB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 959 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-30 05:18
======================= End Of Log ==========================
 
Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-14 21:06:37
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-14 14:11] - 0328704 ____A (Microsoft Corporation) FCB084FA3DCB7449F3BAA13312A215B4
====== End Of Search ======
 
In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    3.4 KB · Views: 2
Here is the fix log. Performing the rest of the functions in your last message now.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-14 21:26:40 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\System32\services.exe.61C71132CD9D040D moved successfully.
C:\Windows\System32\services.exe.C19059AF27730AC8 moved successfully.
C:\Windows\System32\services.exe.2D3440776D72ECB5 moved successfully.
C:\Windows\System32\services.exe.A9A282AB65C2C02C moved successfully.
C:\Windows\System32\services.exe.0CBE32345F421889 moved successfully.
C:\Windows\System32\services.exe.B12FAF4B706317DB moved successfully.
C:\Windows\System32\services.exe.0F272255738D5DF7 moved successfully.
C:\Windows\System32\services.exe.E4C8BBBA8428029F moved successfully.
C:\Windows\System32\services.exe.BC3D6FA7FAB62AF7 moved successfully.
C:\Windows\System32\services.exe.7E70B5A4069803A5 moved successfully.
C:\Windows\System32\services.exe.7197B8409AC9D2BC moved successfully.
C:\Windows\System32\services.exe.EC667CCD6A1E776D moved successfully.
C:\Windows\System32\services.exe.78F08B6192608756 moved successfully.
C:\Windows\System32\services.exe.F12979FFE3AB947C moved successfully.
C:\Windows\System32\services.exe.8C223D635B6743B6 moved successfully.
C:\Windows\System32\services.exe.A2A92DC29A0E9421 moved successfully.
C:\Windows\System32\services.exe.9EB4F6B2F3CC9E39 moved successfully.
C:\Windows\System32\services.exe.5C975685C3338D77 moved successfully.
C:\Windows\System32\services.exe.EDA0F9F51325B9C8 moved successfully.
C:\Windows\System32\services.exe.1FC6F8F53C0C5366 moved successfully.
C:\Windows\System32\services.exe.AA13565E813A8405 moved successfully.
C:\Windows\System32\services.exe.63460CDCB06FDD10 moved successfully.
C:\Windows\System32\services.exe.959EFCE6CB361FDA moved successfully.
C:\Windows\System32\services.exe.B9F81661DDCEEB69 moved successfully.
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822} moved successfully.
C:\Users\Michele\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
 
After running combofix I no longer have access to IE or Firefox.

ComboFix 12-07-14.01 - Michele 07/14/2012 22:03:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2541 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-14 18:42 . 2012-07-14 21:52 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-14 17:46 . 2012-07-14 17:46 -------- d-----w- C:\FRST
2012-07-14 15:30 . 2012-07-14 15:30 -------- d-----w- C:\found.000
2012-07-13 03:08 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C07D3B7-C6E1-4239-A9ED-5934EC27E27B}\gapaengine.dll
2012-07-13 03:07 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD160816-7F3B-4D35-AA15-8F48865DC04D}\mpengine.dll
2012-07-13 03:07 . 2012-07-13 03:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-13 03:07 . 2012-07-13 03:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-13 01:19 . 2012-07-13 01:19 -------- d-----w- c:\users\Michele\AppData\Local\Diagnostics
2012-07-11 23:36 . 2012-07-11 23:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-11 12:24 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 22:37 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-27 17:13 . 2012-07-15 00:57 -------- d-----w- c:\users\Michele\AppData\Local\Spotify
2012-06-27 17:13 . 2012-07-15 01:32 -------- d-----w- c:\users\Michele\AppData\Roaming\Spotify
2012-06-22 01:11 . 2012-06-22 01:11 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-22 01:11 . 2012-06-22 01:11 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 11:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 11:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 11:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 11:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 11:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 11:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 11:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 11:58 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 11:58 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 02:15 . 2012-05-14 13:26 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-07-12 13:51 . 2012-05-16 11:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 13:51 . 2012-05-16 11:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 21:36 . 2012-06-06 21:36 485576 ----a-w- c:\users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-05-24 20:18 . 2012-05-24 20:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-24 02:33 . 2012-05-24 02:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-24 02:33 . 2012-05-24 02:33 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-24 02:32 . 2012-05-24 02:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-24 02:32 . 2012-05-24 02:32 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-16 14:52 . 2012-05-16 14:52 58648 ----a-r- c:\users\Michele\AppData\Roaming\Microsoft\Installer\{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}\ARPPRODUCTICON.exe
2012-05-14 13:39 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-04 11:06 . 2012-06-13 12:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 12:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 12:24 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 12:24 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 12:24 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 12:25 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 12:25 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 12:25 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 12:24 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 12:24 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 12:24 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 12:24 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 12:24 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 12:24 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Michele\AppData\Roaming\Spotify\Spotify.exe" [2012-07-08 7609560]
"Spotify Web Helper"="c:\users\Michele\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-08 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-11-03 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-11-3 549040]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-2-27 12862]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-15 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2011-12-01 92800]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-10-04 129512]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-10-04 394728]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 13:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\dso6xg2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-14 22:21:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 02:21
.
Pre-Run: 83,731,521,536 bytes free
Post-Run: 83,378,028,544 bytes free
.
- - End Of File - - 194FFA69ECA8BD659032F2F17370B434
 
Check that...I can still access programs just not from my normal user account....if I right click and Run as Admin I can still launch stuff....should now try to launch the Combofix.exe again as Admin
 
I can still access programs just not from my normal user account....if I right click and Run as Admin I can still launch stuff
Click to expand...
What exactly happens when you try to start program normally?
Is this a problem with Firefox and IE only?

You're running two AV programs, TrendMicro and MSE.
You must uninstall one of them.
 
I am good now.....thanks for your help.......after running the Combofix I was unable to open any app. I just ran the sfc /scannow and that repaired the apps and directories......also, if I launched everything as Administrator everything worked.....after sfc /scannow ran I rebooted and then everything worked normally. Trend MIcro has never actually been installed on the computer, it cam with a trial that was never activated. I have uninstalled MSE as it sucks.......Currently have AVG 2012 installed and it ran a subsequent scan and found one more instance of a virus but it was not win64/sirefef.y. The only bad out of this is that the Wireless NIC was having issues, but I just unsintalled it and reinatlled teh drivers from scratch and I am getting a Windows Update error but I can fix that. Also as proctection we changed all online passwords, everything.
 
Was this your issue?
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Click to expand...

...and keep in mind one of the rules I posted at the very beginning:
Please refrain from running tools or applying updates other than those I suggest.
Click to expand...

======================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

====================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back