Solved Help with Sirefef please!!

Status
Not open for further replies.
K

Kevin Wynne

Posts: 8   +0
Running Windows 7 Home Premium 64-bit...

I've read through the forums and have already run the Farbar Recovery Scan Tool. Here's the log file...

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 10-08-2012 04:23:01
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2278504 2011-10-13] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [3331312 2011-10-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [623880 2008-11-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2012-05-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-03-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [PelAstro] C:\ProgramData\HP Wi-Fi Mobile Mouse Config\PelAstro.exe [65536 2011-01-14] (Primax Electronics Ltd.)
HKLM-x32\...\Run: [HPMonitor] C:\Program Files (x86)\Hewlett-Packard\HP Wi-Fi Mobile Mouse\hpMonitor23.exe [99328 2011-04-27] (Hewlett-Packard)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe" [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-22] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Kev laptop\...\Run: [Google Update] "C:\Users\Kev laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-17] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\EFI ES-1000.lnk
ShortcutTarget: EFI ES-1000.lnk -> C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Notifier.exe (Electronics for Imaging, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Fiery Command WorkStation 5.lnk
ShortcutTarget: Fiery Command WorkStation 5.lnk -> C:\Program Files (x86)\Fiery\Applications3\Command WorkStation 5\Contents\WinOS\cws.exe (Electronics for Imaging, Inc)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)

==================== Services (Whitelisted) ======

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 AstroS; C:\ProgramData\HP Wi-Fi Mobile Mouse Config\AstroS.exe [172032 2010-12-01] ()
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 EFI ES1000; C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [11776 2009-10-19] (Electronics for Imaging, Inc.)
3 hasplms; C:\Windows\system32\hasplms.exe -run [4180576 2010-09-27] (SafeNet Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 ozwpansvc; C:\Program Files\Ozmo Devices\ozwpansvc.exe [77080 2011-04-29] (Ozmo Inc)

========================== Drivers (Whitelisted) =============

3 AiCharger; C:\Windows\System32\Drivers\AiCharger.sys [17152 2011-10-14] (ASUSTek Computer Inc.)
3 AiCharger; C:\Windows\SysWow64\Drivers\AiCharger.sys [17152 2011-10-14] (ASUSTek Computer Inc.)
2 aksdf; C:\Windows\System32\Drivers\aksdf.sys [75648 2010-07-27] (SafeNet Inc.)
2 aksfridge; C:\Windows\System32\Drivers\aksfridge.sys [131072 2010-09-27] (SafeNet Inc.)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
3 HPMoA907; C:\Windows\System32\Drivers\HPMoA907.sys [25088 2011-01-14] (TPMX Electronics Ltd.)
3 HPubA907; C:\Windows\System32\Drivers\HPubA907.sys [19456 2011-01-27] (TPMX Electronics Ltd.)
3 hswpan; C:\Windows\System32\Drivers\hswpan.sys [106880 2011-04-29] (Ozmo Inc)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-09 05:54 - 2012-08-09 05:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CA5021C8A8CE5A6
2012-08-09 05:48 - 2012-08-09 05:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBD69DCCCC9A7A2C
2012-08-09 05:44 - 2012-08-09 05:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-09 05:44 - 2012-08-09 05:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-09 05:42 - 2012-08-09 05:42 - 12621696 ____A (Microsoft Corporation) C:\Users\Kev laptop\Downloads\mseinstall.exe
2012-08-08 09:33 - 2012-08-08 09:33 - 00000000 ____D C:\Users\Kev laptop\AppData\Roaming\Enki Games
2012-08-07 16:12 - 2012-08-07 16:12 - 00000000 ____D C:\Users\Kev laptop\AppData\Roaming\DominiGames
2012-08-02 06:29 - 2012-08-02 06:29 - 00000000 ____D C:\Windows\Redemption Cemetery 3- Grave Testimony CE
2012-07-31 11:45 - 2012-07-31 11:00 - 11820204 ____A C:\Users\Kev laptop\Desktop\Thunder.wav
2012-07-31 10:31 - 2012-07-31 10:31 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2012-07-28 06:14 - 2012-07-28 06:14 - 00000000 ____D C:\Users\Kev laptop\AppData\Roaming\TikisLab
2012-07-25 07:41 - 2012-07-25 07:43 - 00000000 ____D C:\Users\Kev laptop\AppData\Roaming\Sonic
2012-07-23 17:03 - 2012-07-23 17:03 - 00000028 ____A C:\Users\Kev laptop\Desktop\$ owed.txt
2012-07-21 17:07 - 2012-07-21 17:07 - 00000000 ____D C:\Users\Kev laptop\AppData\Roaming\AlawarEntertainment
2012-07-20 08:11 - 2012-07-24 01:59 - 00000000 ____D C:\Users\Kev laptop\AppData\Local\Windows Live
2012-07-20 08:11 - 2012-07-20 08:11 - 00000000 ____D C:\Users\Kev laptop\AppData\Local\{DF025549-4D6E-4A23-BB41-3BE3DD0CFA73}
2012-07-20 08:11 - 2012-07-20 08:11 - 00000000 ____D C:\Users\Kev laptop\AppData\Local\{44848A0B-E434-45D0-AFE0-B97CC28FCECD}
2012-07-19 11:40 - 2012-07-19 11:40 - 00000000 ____D C:\Users\Kev laptop\AppData\Roaming\Orneon
2012-07-17 13:52 - 2012-07-17 13:52 - 00000000 ____D C:\Users\Kev laptop\AppData\Roaming\Artogon
2012-07-14 19:40 - 2012-07-14 19:40 - 00000000 ____D C:\Users\Kev laptop\AppData\Local\Daedalic Entertainment
2012-07-14 19:37 - 2012-07-22 12:51 - 00000000 ____D C:\Program Files (x86)\Lace Mamba Global Ltd
2012-07-14 19:16 - 2012-07-14 19:16 - 00000000 ____D C:\Users\Kev laptop\AppData\Roaming\DAVA
2012-07-14 19:13 - 2012-07-14 19:13 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-07-14 19:13 - 2012-07-14 19:13 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-07-14 19:13 - 2012-07-14 19:13 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-07-14 19:13 - 2012-07-14 19:13 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-14 19:13 - 2012-07-14 19:13 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-07-14 19:05 - 2012-07-14 19:05 - 00000000 ____D C:\Users\Kev laptop\AppData\Roaming\SpeedyPC Software
2012-07-14 19:05 - 2012-07-14 19:05 - 00000000 ____D C:\Users\Kev laptop\AppData\Roaming\DriverCure
2012-07-14 19:04 - 2012-07-14 19:10 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-13 19:03 - 2012-07-13 19:04 - 01434551 ____A (Farbar) C:\Users\Kev laptop\Downloads\FRST64.exe
2012-07-13 12:12 - 2012-07-13 12:12 - 00000000 ____D C:\Windows\System32\MpEngineStore
2012-07-13 10:13 - 2012-07-13 10:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56DBC9E4D6E6459C
2012-07-13 09:41 - 2012-07-13 10:10 - 00000000 ____D C:\sh4ldr
2012-07-13 09:41 - 2012-07-13 09:41 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-07-13 09:40 - 2012-07-13 10:09 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-13 08:18 - 2012-07-13 08:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.15F8F8FD5421836A
2012-07-13 08:15 - 2012-07-13 08:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82FDE9765F3970EF
2012-07-13 08:12 - 2012-07-13 08:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48BB8C9BAE64471C
2012-07-13 07:29 - 2012-07-13 07:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.465517795C13C4D3
2012-07-13 07:25 - 2012-07-13 07:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BC8E4713E37C6DA5
2012-07-13 07:22 - 2012-07-13 07:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.682091D64104891E
2012-07-13 07:18 - 2012-07-13 07:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.01896B6780916145
2012-07-13 07:14 - 2012-07-13 07:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.517708032818F452
2012-07-13 07:08 - 2012-07-13 07:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16C41E14DFFA663C
2012-07-13 07:02 - 2012-07-13 07:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.86C6ED9507E8338D
2012-07-12 10:30 - 2012-07-12 10:30 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-11 07:43 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 07:38 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 07:38 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 07:38 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 07:38 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 07:38 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 07:38 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 07:38 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 07:38 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 07:38 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 07:38 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 07:38 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 07:38 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 07:38 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 07:38 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 07:38 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 07:38 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 07:38 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 07:38 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 07:38 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 07:38 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 07:38 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 07:38 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 07:38 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 07:38 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 07:38 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 07:38 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 07:38 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 07:38 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 06:08 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 06:08 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 06:08 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 06:08 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 06:08 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 06:08 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 06:08 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 06:08 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 06:08 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 06:08 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 06:08 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 06:08 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 06:08 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 06:08 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 06:08 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 06:08 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 06:08 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 06:08 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 06:08 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll


============ 3 Months Modified Files ========================

2012-08-10 00:15 - 2009-07-13 21:13 - 00801564 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-10 00:10 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-10 00:10 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-10 00:02 - 2012-01-26 12:58 - 00045056 ____A C:\Windows\SysWOW64\acovcnt.exe
2012-08-10 00:02 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-10 00:02 - 2009-07-13 20:51 - 00068612 ____A C:\Windows\setupact.log
2012-08-09 05:58 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-09 05:54 - 2012-08-09 05:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CA5021C8A8CE5A6
2012-08-09 05:48 - 2012-08-09 05:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBD69DCCCC9A7A2C
2012-08-09 05:45 - 2012-01-26 12:42 - 01444814 ____A C:\Windows\WindowsUpdate.log
2012-08-09 05:44 - 2012-05-17 19:20 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2649880500-3787995184-3447727740-1001UA.job
2012-08-09 05:44 - 2012-05-17 15:37 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-09 05:44 - 2011-10-17 20:17 - 00807410 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-09 05:42 - 2012-08-09 05:42 - 12621696 ____A (Microsoft Corporation) C:\Users\Kev laptop\Downloads\mseinstall.exe
2012-08-09 05:31 - 2012-05-17 15:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-08 20:44 - 2012-05-17 19:20 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2649880500-3787995184-3447727740-1001Core.job
2012-08-08 11:45 - 2012-05-19 18:27 - 00001232 ____A C:\Users\Kev laptop\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-08-08 11:45 - 2012-05-19 18:27 - 00001232 ____A C:\Users\Kev laptop\AppData\Roaming\Rim.Desktop.Exception.log
2012-08-03 07:31 - 2012-05-17 15:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 07:31 - 2012-05-17 15:33 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-31 11:00 - 2012-07-31 11:45 - 11820204 ____A C:\Users\Kev laptop\Desktop\Thunder.wav
2012-07-31 10:36 - 2012-05-18 01:07 - 00153256 ____A C:\Users\Kev laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-31 10:36 - 2009-07-13 20:45 - 03784384 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-31 10:35 - 2011-10-17 19:58 - 00341372 ____A C:\Windows\PFRO.log
2012-07-31 10:26 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-23 18:42 - 2012-05-19 18:29 - 00005120 ____A C:\Users\Kev laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-23 17:03 - 2012-07-23 17:03 - 00000028 ____A C:\Users\Kev laptop\Desktop\$ owed.txt
2012-07-14 19:13 - 2012-07-14 19:13 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-07-14 19:13 - 2012-07-14 19:13 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-07-14 19:13 - 2012-07-14 19:13 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-07-14 19:13 - 2012-07-14 19:13 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-13 19:04 - 2012-07-13 19:03 - 01434551 ____A (Farbar) C:\Users\Kev laptop\Downloads\FRST64.exe
2012-07-13 10:13 - 2012-07-13 10:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56DBC9E4D6E6459C
2012-07-13 08:18 - 2012-07-13 08:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.15F8F8FD5421836A
2012-07-13 08:15 - 2012-07-13 08:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82FDE9765F3970EF
2012-07-13 08:12 - 2012-07-13 08:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48BB8C9BAE64471C
2012-07-13 07:29 - 2012-07-13 07:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.465517795C13C4D3
2012-07-13 07:25 - 2012-07-13 07:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BC8E4713E37C6DA5
2012-07-13 07:22 - 2012-07-13 07:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.682091D64104891E
2012-07-13 07:18 - 2012-07-13 07:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.01896B6780916145
2012-07-13 07:14 - 2012-07-13 07:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.517708032818F452
2012-07-13 07:08 - 2012-07-13 07:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16C41E14DFFA663C
2012-07-13 07:02 - 2012-07-13 07:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.86C6ED9507E8338D
2012-07-11 07:39 - 2012-05-18 08:11 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-07 16:08 - 2012-07-07 16:08 - 00004096 ____A C:\Windows\d3dx.dat
2012-07-07 06:54 - 2012-06-17 15:33 - 00001189 ____A C:\Users\Kev laptop\AppData\Roaming\vso_ts_preview.xml
2012-06-29 10:02 - 2012-01-26 12:56 - 00002396 ____A C:\Windows\System32\AutoRunFilter.ini
2012-06-29 10:02 - 2012-01-26 12:56 - 00001389 ____A C:\Windows\System32\ServiceFilter.ini
2012-06-28 14:25 - 2012-06-28 14:25 - 00000648 ____A C:\Users\Kev laptop\AppData\Local\rx_image32.Cache
2012-06-28 14:25 - 2012-06-28 14:24 - 00018972 ____A C:\Users\Kev laptop\AppData\Local\rx_audio.Cache
2012-06-28 14:15 - 2012-06-28 14:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-27 16:50 - 2012-06-27 16:50 - 00000380 ____A C:\Windows\xpsp1hfm.log
2012-06-27 16:43 - 2011-10-17 20:19 - 00196320 ____A C:\Windows\DirectX.log
2012-06-20 19:02 - 2012-06-20 19:02 - 00004357 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-06-11 19:08 - 2012-07-11 07:43 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 06:08 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 06:08 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-11 06:08 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 06:08 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 06:08 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 06:08 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 06:08 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 06:08 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-26 01:04 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-26 01:04 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-26 01:04 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-26 01:04 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-26 01:04 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-26 01:04 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-26 01:04 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-26 01:04 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-26 01:04 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 07:38 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 07:38 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 07:38 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 07:38 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 07:38 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 07:38 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 07:38 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 07:38 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 07:38 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 07:38 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 07:38 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 07:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 07:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 07:38 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 07:38 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 07:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 07:38 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 07:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 07:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 07:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 07:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 07:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 07:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 07:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 07:38 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 07:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 07:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 07:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 06:08 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 06:08 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 06:08 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 06:08 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 06:08 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 06:08 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 06:08 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 06:08 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 06:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-30 10:27 - 2012-05-30 10:27 - 00001995 ____A C:\Users\Public\Desktop\MyPhotoCreations.lnk
2012-05-30 10:24 - 2012-05-30 10:16 - 67075816 ____A (Digilabs) C:\Users\Kev laptop\Downloads\MyPhotoCreationLInstaller.exe
2012-05-25 09:02 - 2012-01-26 12:53 - 00029664 ____A C:\Windows\DPINST.LOG
2012-05-23 05:54 - 2012-05-23 05:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_HPubA907_01009.Wdf
2012-05-19 18:26 - 2012-05-19 18:26 - 00001153 ____A C:\Users\Kev laptop\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-05-19 18:26 - 2012-05-19 18:26 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-05-19 18:26 - 2012-05-19 18:26 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-05-19 18:25 - 2012-05-19 18:25 - 00002233 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-05-19 06:54 - 2012-05-19 06:54 - 00284190 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-05-19 06:54 - 2012-05-19 06:53 - 00290156 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-05-18 21:14 - 2012-05-23 06:17 - 00017408 __ASH C:\Users\Kev laptop\Documents\Thumbs.db
2012-05-18 20:36 - 2012-05-18 20:37 - 00086584 ____A (Adobe Systems, Inc.) C:\Windows\SysWOW64\Drivers\adfs.sys
2012-05-18 20:36 - 2008-06-27 03:51 - 00086584 ____A (Adobe Systems, Inc.) C:\Windows\System32\Drivers\adfs.sys
2012-05-18 12:44 - 2012-05-18 11:10 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-05-18 11:17 - 2012-05-18 11:17 - 00002113 ____A C:\Users\Public\Desktop\QuickBooks Pro 2010.lnk
2012-05-18 08:19 - 2012-05-18 08:19 - 00003742 ____A C:\Windows\efi_test.log
2012-05-18 08:06 - 2012-05-18 07:02 - 00002204 ____A C:\Windows\efimi.log
2012-05-18 07:20 - 2012-05-18 07:20 - 00000062 ____A C:\Windows\efifsw.log
2012-05-18 07:20 - 2012-05-18 07:09 - 00004992 ____A C:\Windows\efiinst.log
2012-05-18 07:18 - 2012-05-18 07:18 - 00002546 ____A C:\Users\Public\Desktop\Fiery Command WorkStation 5.lnk
2012-05-18 07:18 - 2012-05-18 07:18 - 00000000 ____A C:\Windows\cws_install.done
2012-05-18 07:14 - 2012-05-18 07:14 - 00274432 ____A (IBPhoenix Inc.) C:\Windows\SysWOW64\IscDbc.dll
2012-05-18 07:14 - 2012-05-18 07:14 - 00262144 ____A (IBPhoenix Inc) C:\Windows\SysWOW64\OdbcJdbcMT.dll
2012-05-18 07:14 - 2012-05-18 07:14 - 00253952 ____A (IBPhoenix Inc) C:\Windows\SysWOW64\OdbcJdbc.dll
2012-05-18 07:14 - 2012-05-18 07:14 - 00155648 ____A (IBPhoenix Inc.) C:\Windows\SysWOW64\OdbcJdbcSetup.dll
2012-05-18 07:14 - 2012-05-18 07:14 - 00000401 ____A C:\Windows\ODBCINST.INI
2012-05-18 07:09 - 2012-05-18 07:06 - 00015542 ____A C:\Windows\aksdrvsetup.log
2012-05-18 04:04 - 2012-01-26 12:56 - 00000080 ____A C:\Windows\System32\Defrag.ini
2012-05-18 04:04 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf
2012-05-18 04:04 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\System32\license.rtf
2012-05-18 02:51 - 2012-05-18 02:27 - 00002872 ____A C:\Windows\System32\TmInstall.log
2012-05-18 02:27 - 2012-05-18 02:27 - 00004280 ____A C:\Windows\SysWOW64\TmInstall.log
2012-05-18 01:07 - 2012-05-18 01:07 - 00000186 ____A C:\Windows\FixPatch.log
2012-05-18 01:07 - 2012-05-18 01:07 - 00000020 ___SH C:\Users\Kev laptop\ntuser.ini
2012-05-18 01:07 - 2011-10-17 20:18 - 02714728 ____A C:\Windows\AsDebug.log
2012-05-18 01:07 - 2011-10-17 20:10 - 00002858 ____A C:\Windows\PQArecord.log
2012-05-18 01:07 - 2011-02-18 12:12 - 00261288 ____A C:\Windows\AsCDProc.log
2012-05-17 21:01 - 2012-05-17 21:01 - 00000178 ____A C:\Windows\Tasks\AutoKMSCustom.job


ZeroAccess:
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\@
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\L
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\U
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\L\00000004.@
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\L\1afb2d56
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\L\201d3dde
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\U\00000004.@
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\U\00000008.@
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\U\000000cb.@
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\U\80000000.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 7656.9 MB
Available physical RAM: 6907.06 MB
Total Pagefile: 7655.05 MB
Available Pagefile: 6901.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:300.41 GB) (Free:233.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:373.22 GB) (Free:364.03 GB) NTFS
4 Drive f: (Lexar) (Removable) (Total:3.73 GB) (Free:1.67 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 300 GB 25 GB
Partition 3 Primary 373 GB 325 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 300 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 373 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 4096 B

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Lexar FAT32 Removable 3823 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-08 22:19

======================= End Of Log ==========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
first off, a big thanks for your help!

reboot seems ok so far, but a little sluggish

here's the fixlog....

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-08-10 08:06:07 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{1be64ec9-fa84-4c81-8fc8-831216fb33ae} moved successfully.

==== End of Fixlog ====
 
I know.

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
a couple of notes...

1 - my kid installed and played a game before I got up this morning - hope it doesn't affect the process - I uninstalled as soon as I found it
2 - combofix was telling me that security essentials was still running even after I turned off real time protection, so I removed it

here's the combofix log:

ComboFix 12-08-09.01 - Kev laptop 11/08/2012 11:28:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.7657.6014 [GMT -4:00]
Running from: c:\users\Kev laptop\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kev laptop\AppData\Roaming\vso_ts_preview.xml
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 15:41 . 2012-08-11 15:41--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-11 03:30 . 2012-08-11 03:30--------d-----w-c:\users\Kev laptop\AppData\Roaming\Daedalic Entertainment
2012-08-11 03:26 . 2012-08-11 03:26--------d-----w-c:\windows\The Chronicles of Shakespeare 2 - A Midsummer Night's Dream
2012-08-10 20:54 . 2012-08-10 20:54--------d-----w-c:\users\Kev laptop\AppData\Roaming\URSE Games
2012-08-10 08:04 . 2012-08-10 08:05--------d-----w-C:\FRST
2012-08-09 13:54 . 2012-08-09 13:54328704----a-w-c:\windows\system32\services.exe.0CA5021C8A8CE5A6
2012-08-09 13:48 . 2012-08-09 13:48328704----a-w-c:\windows\system32\services.exe.EBD69DCCCC9A7A2C
2012-08-08 17:33 . 2012-08-08 17:33--------d-----w-c:\users\Kev laptop\AppData\Roaming\Enki Games
2012-08-08 00:12 . 2012-08-08 00:12--------d-----w-c:\users\Kev laptop\AppData\Roaming\DominiGames
2012-07-31 18:31 . 2012-07-31 18:31--------d-----w-c:\program files\Common Files\DESIGNER
2012-07-28 14:14 . 2012-07-28 14:14--------d-----w-c:\users\Kev laptop\AppData\Roaming\TikisLab
2012-07-25 15:41 . 2012-07-25 15:43--------d-----w-c:\users\Kev laptop\AppData\Roaming\Sonic
2012-07-22 01:07 . 2012-07-22 01:07--------d-----w-c:\users\Kev laptop\AppData\Roaming\AlawarEntertainment
2012-07-20 16:11 . 2012-07-24 09:59--------d-----w-c:\users\Kev laptop\AppData\Local\Windows Live
2012-07-19 19:40 . 2012-07-19 19:40--------d-----w-c:\users\Kev laptop\AppData\Roaming\Orneon
2012-07-17 21:52 . 2012-07-17 21:52--------d-----w-c:\users\Kev laptop\AppData\Roaming\Artogon
2012-07-15 03:40 . 2012-07-15 03:40--------d-----w-c:\users\Kev laptop\AppData\Local\Daedalic Entertainment
2012-07-15 03:37 . 2012-07-22 20:51--------d-----w-c:\program files (x86)\Lace Mamba Global Ltd
2012-07-15 03:16 . 2012-07-15 03:16--------d-----w-c:\users\Kev laptop\AppData\Roaming\DAVA
2012-07-15 03:13 . 2012-07-15 03:13466456----a-w-c:\windows\system32\wrap_oal.dll
2012-07-15 03:13 . 2012-07-15 03:13122904----a-w-c:\windows\system32\OpenAL32.dll
2012-07-15 03:13 . 2012-07-15 03:13--------d-----w-c:\program files (x86)\OpenAL
2012-07-15 03:13 . 2012-07-15 03:13444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-07-15 03:13 . 2012-07-15 03:13109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-07-15 03:05 . 2012-07-15 03:05--------d-----w-c:\users\Kev laptop\AppData\Roaming\SpeedyPC Software
2012-07-15 03:05 . 2012-07-15 03:05--------d-----w-c:\users\Kev laptop\AppData\Roaming\DriverCure
2012-07-15 03:04 . 2012-07-15 03:10--------d-----w-c:\programdata\SpeedyPC Software
2012-07-13 20:12 . 2012-07-13 20:12--------d-----w-c:\windows\system32\MpEngineStore
2012-07-13 18:13 . 2012-07-13 18:13328704----a-w-c:\windows\system32\services.exe.56DBC9E4D6E6459C
2012-07-13 17:41 . 2012-07-13 18:10--------d-----w-C:\sh4ldr
2012-07-13 17:41 . 2012-07-13 17:41--------d-----w-c:\program files\Enigma Software Group
2012-07-13 17:40 . 2012-07-13 18:09--------d-----w-c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-13 17:40 . 2012-07-13 17:40--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-13 16:18 . 2012-07-13 16:18328704----a-w-c:\windows\system32\services.exe.15F8F8FD5421836A
2012-07-13 16:15 . 2012-07-13 16:15328704----a-w-c:\windows\system32\services.exe.82FDE9765F3970EF
2012-07-13 16:12 . 2012-07-13 16:12328704----a-w-c:\windows\system32\services.exe.48BB8C9BAE64471C
2012-07-13 15:29 . 2012-07-13 15:29328704----a-w-c:\windows\system32\services.exe.465517795C13C4D3
2012-07-13 15:25 . 2012-07-13 15:25328704----a-w-c:\windows\system32\services.exe.BC8E4713E37C6DA5
2012-07-13 15:22 . 2012-07-13 15:22328704----a-w-c:\windows\system32\services.exe.682091D64104891E
2012-07-13 15:18 . 2012-07-13 15:18328704----a-w-c:\windows\system32\services.exe.01896B6780916145
2012-07-13 15:14 . 2012-07-13 15:14328704----a-w-c:\windows\system32\services.exe.517708032818F452
2012-07-13 15:08 . 2012-07-13 15:08328704----a-w-c:\windows\system32\services.exe.16C41E14DFFA663C
2012-07-13 15:02 . 2012-07-13 15:02328704----a-w-c:\windows\system32\services.exe.86C6ED9507E8338D
2012-07-12 18:30 . 2012-07-12 18:30--------d-sh--w-c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-11 15:43 . 2012-01-26 20:5845056----a-w-c:\windows\SysWow64\acovcnt.exe
2012-08-09 13:58 . 2009-07-13 23:19328704----a-w-c:\windows\system32\services.exe
2012-08-03 15:31 . 2012-05-17 23:3370344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 15:31 . 2012-05-17 23:33426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 00:50 . 2012-05-18 18:42737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-17 00:50 . 2012-05-18 18:3148648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-11 15:39 . 2012-05-18 16:1159701280----a-w-c:\windows\system32\MRT.exe
2012-06-28 00:47 . 2012-06-28 00:4753248----a-r-c:\users\Kev laptop\AppData\Roaming\Microsoft\Installer\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}\ARPPRODUCTICON.exe
2012-06-12 03:08 . 2012-07-11 15:433148800----a-w-c:\windows\system32\win32k.sys
2012-06-10 21:07 . 2012-06-10 21:07737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-10 21:07 . 2012-06-10 21:0748648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-06-10 21:07 . 2012-06-10 21:07573776----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-09 05:43 . 2012-07-11 14:0814172672----a-w-c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 14:082004480----a-w-c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 14:081881600----a-w-c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 14:081133568----a-w-c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 14:081390080----a-w-c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 14:081236992----a-w-c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 14:08805376----a-w-c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-26 09:0438424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 09:042428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-26 09:0444056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 09:0457880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 09:04701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-26 09:042622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-26 09:0499840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-26 09:04186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-26 09:0436864----a-w-c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 15:3817807360----a-w-c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 15:3810924032----a-w-c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 15:382311680----a-w-c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 15:381346048----a-w-c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 15:381392128----a-w-c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 15:381494528----a-w-c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 15:38237056----a-w-c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 15:3885504----a-w-c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 15:38173056----a-w-c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 15:38818688----a-w-c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 15:382144768----a-w-c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 15:3896768----a-w-c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 15:382382848----a-w-c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 15:38248320----a-w-c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 15:381800192----a-w-c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 15:381129472----a-w-c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 15:381427968----a-w-c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 15:38142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 15:382382848----a-w-c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 14:08458704----a-w-c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 14:08151920----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 14:0895600----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 14:08340992----a-w-c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 14:08307200----a-w-c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 14:0822016----a-w-c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 14:08225280----a-w-c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 14:08219136----a-w-c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 14:0896768----a-w-c:\windows\SysWow64\sspicli.dll
2012-05-20 02:37 . 2012-05-20 02:3753248----a-r-c:\users\Kev laptop\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-05-19 04:36 . 2012-05-19 04:3786584----a-w-c:\windows\SysWow64\drivers\adfs.sys
2012-05-19 04:36 . 2008-06-27 11:5186584----a-w-c:\windows\system32\drivers\adfs.sys
2012-05-18 18:31 . 2012-05-18 18:31573776----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-18 15:14 . 2012-05-18 15:14274432----a-w-c:\windows\SysWow64\IscDbc.dll
2012-05-18 15:14 . 2012-05-18 15:14262144----a-w-c:\windows\SysWow64\OdbcJdbcMT.dll
2012-05-18 15:14 . 2012-05-18 15:14253952----a-w-c:\windows\SysWow64\OdbcJdbc.dll
2012-05-18 15:14 . 2012-05-18 15:14155648----a-w-c:\windows\SysWow64\OdbcJdbcSetup.dll
2012-05-18 10:16 . 2011-03-29 01:3619736----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-18 3331312]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-05-19 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"PelAstro"="c:\programdata\HP Wi-Fi Mobile Mouse Config\PelAstro.exe" [2011-01-14 65536]
"HPMonitor"="c:\program files (x86)\Hewlett-Packard\HP Wi-Fi Mobile Mouse\hpMonitor23.exe" [2011-04-27 99328]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EFI ES-1000.lnk - c:\program files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Notifier.exe [2012-5-18 2138112]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2012-1-26 12862]
Fiery Command WorkStation 5.lnk - c:\program files (x86)\Fiery\Applications3\Command WorkStation 5\Contents\WinOS\cws.exe [2012-5-18 610304]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-1-18 984408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-19 1038088]
R3 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-01-18 250984]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-10-28 80512]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-10-28 42624]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2010-07-27 75648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-02 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-02 361984]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 AstroS;AstroS;c:\programdata\HP Wi-Fi Mobile Mouse Config\AstroS.exe [2010-12-01 172032]
S2 EFI ES1000;EFI ES1000;c:\program files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [2009-10-19 11776]
S2 ozwpansvc;Ozmo WPAN Service;c:\program files\Ozmo Devices\ozwpansvc.exe [2011-04-29 77080]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-10-15 17152]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-07-15 96896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-02 10208256]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-02 317952]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-07-15 214144]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
S3 HPMoA907;Mouse Suite Driver_A907 (WDF Version);c:\windows\system32\DRIVERS\HPMoA907.sys [2011-01-14 25088]
S3 HPubA907;USB Mouse Low Filter Driver_A907 (WDF Version);c:\windows\system32\Drivers\HPubA907.sys [2011-01-27 19456]
S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys [2011-04-29 106880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 15:31]
.
2012-05-18 c:\windows\Tasks\AutoKMSCustom.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-05-18 04:39]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2649880500-3787995184-3447727740-1001Core.job
- c:\users\Kev laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 03:20]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2649880500-3787995184-3447727740-1001UA.job
- c:\users\Kev laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\program files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Completion time: 2012-08-11 12:07:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-11 16:07
.
Pre-Run: 251,337,457,664 bytes free
Post-Run: 259,297,804,288 bytes free
.
- - End Of File - - F509BA7D10FA2A2D45FCE98E57B47B1C
 
Okay, that's fine.

Scan for malware

bf_new.gif
Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.
 
nothing found....

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kev laptop :: KEV-LAPTOP [administrator]

Protection: Enabled

12/08/2012 9:54:51 AM
mbam-log-2012-08-12 (09-54-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200247
Time elapsed: 3 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Kaspersky Security Scan (KSS)

The Kaspersky Security Scan is a scanning only tool, that searches for active infections such as rootkits, trojans, viruses, etc.

Please download the Kaspersky Security Scan from Kaspersky's Official Link and save it to your Desktop.

  • Double-click on the downloaded item. It will quickly download the latest version of KSS and then launch the installer. Please navigate through the installer.
  • After it finishes install, it will place an icon on your Desktop and launch itself.
  • In the Kaspersky Security Scan interface, choose full scan at the bottom:
    kssn.png
  • Once it finishes, it will show the report. Click on the Details button, and it will launch a HTML page.
  • You have two options - either A. Upload the HTML report here, file located at { C:/ProgramData/Kaspersky%20Lab/KSS2/DataRoot/HtmlReport/index.html } (Copy and paste the file path into the Address box in the Upload window), or B. Copy and paste all of the results in your next reply.
 
here it is...

[CENTER][CENTER][/CENTER][/CENTER]
[CENTER]
b1.png



[LEFT]
product_logo.png
[/LEFT]
[RIGHT]
company_logo.png
[/RIGHT]

[SIZE=42px]Detailed report[/SIZE][SIZE=42px]

[FONT=Arial]Problems found[/FONT]
Scanning date:

Database update date:


Product version:



[/size][/CENTER][SIZE=42px][/size][SIZE=42px]
[FONT=Arial][CENTER] [/CENTER]

Computer protection (0)
Information about anti-virus software and firewalls installed on the computer.[/FONT]
[FONT=Arial][CENTER] [/CENTER]

Malware (1)

Information about malware detected on the computer.
[LEFT]Kaspersky recommends[/LEFT][/FONT]
  1. Trojan.Win32.Miner.dw
    data0000.res
    C:\FRST\Quarantine\{1be64ec9-fa84-4c81-8fc8-831216fb33ae}\U\00000008.@/
[FONT=Arial][CENTER] [/CENTER]

Vulnerabilities (2)

Information about applications and operating system components in which vulnerabilities have been detected.[/FONT]
  1. C:\Program Files (x86)\Adobe\AdobePatchFiles\{F4814446-F9A2-1014-B423-D4B3E06BFB16}\645177e3fe67749c6b54ef48f0af397b
  2. C:\Program Files (x86)\Common Files\Adobe\Shell\CS4\icons.dll
[FONT=Arial][CENTER] [/CENTER]

Other issues (11)

Information about vulnerabilities associated with the settings of installed applications and the operating system.[/FONT]
  1. "Autorun from hard drives is allowed"
  2. "Autorun from network drives is enabled"
  3. "CD/DVD autorun is enabled"
  4. "Removable media autorun is enabled"
  5. "Microsoft Internet Explorer: clear history of typed URLs"
  6. "Microsoft Internet Explorer - disable caching data received via protected channel"
  7. "Microsoft Internet Explorer: disable sending error reports"
  8. "Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
  9. "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
  10. "Windows Explorer: display of known file types extensions is disabled"
  11. "Microsoft Internet Explorer: start page reset"
[CENTER]
s908259743
[/CENTER][/size]
 
Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran CCleaner
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
yep, completed all tasks...computer seems to be running well

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 33
Java version out of Date!
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.77
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

Any other questions before I mark this topic solved?
 
Java updated to current version...strange, I'm usually on top of all my updates...I'll be sure to keep a closer eye on them

Thanks again DMJ!!! I think you can go ahead and mark me solved :)
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back