Solved Hi, I had the Live Security Platinum virus

Kellie Resetar · Sep 15, 2012

Before I saw this forum, I had run SuperAntiSpyware which allowed my PC to become useable again. I then uninstalled MSE which was no longer working and reinstalled it and ran a full scan which looked like it had cleaned everything. Was able to get services for Windows Update and Virus Update rerunning but now my Windows Firewall still won't turn on - haven't noticed any other issues.

Yesterday I started following the virus removal instructions here and the logs are posted below. My MSE reran in the meantime and found another issue so I've also included that at the end of this post.

Malwarebytes Log:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.14.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kellie :: KELLIE-PC [administrator]
9/14/2012 4:35:40 PM
mbam-log-2012-09-14 (16-35-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247640
Time elapsed: 7 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\Kellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
Files Detected: 2
C:\Users\Kellie\AppData\Local\Temp\tsft.exe (Adware.Agent.K) -> Quarantined and deleted successfully.
C:\Users\Kellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
(end)

GMER Log: Nothing was found

DDS.Txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Kellie at 7:31:21 on 2012-09-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2092 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\ActivePath\ActiveMail\UpdateClient.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Kellie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Kellie\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = proxy_name:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ActiveMail: {ef7aed5f-0c26-4820-a570-7da8b6d93f4a} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PCShowServer] C:\Users\Kellie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
Trusted Zone: ameritrade.com\wwws
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\0544D43402341464544554259414 : DhcpNameServer = 4.2.2.2 192.168.1.254 192.168.2.1
TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\07164747562737F6E623 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\1447C616E6471602F457470716479656E647 : DhcpNameServer = 192.168.27.1
TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\27F6F6D6C696E687 : DhcpNameServer = 64.89.70.2 64.89.74.2
TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\34275616475727560234F6D666F6274737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DA17269D-5C3D-45C6-B0A4-B7FC9C9BA0DF}\34C61637379636F23557261627570234573747F6D656270275946494 : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: ActiveMail: {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll
BHO-X64: ActiveMail - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kellie\AppData\Roaming\Mozilla\Firefox\Profiles\48adz0vn.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kellie\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
FF - plugin: C:\Users\Kellie\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-15 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-3-14 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-15 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-15 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-11-15 243232]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250568]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-30 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-15 11:27:46 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0B6E400-3A3A-4172-A3F6-C20B873E27C7}\mpengine.dll
2012-09-14 20:35:18 -------- d-----w- C:\Users\Kellie\AppData\Roaming\Malwarebytes
2012-09-14 20:35:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-14 20:35:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-14 20:35:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-14 12:41:57 -------- d-----w- C:\Users\Kellie\AppData\Local\{504475F9-DA32-42AA-A95C-2D18D2C64CE6}
2012-09-14 11:58:10 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-14 11:57:52 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-09-14 11:57:52 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-09-14 00:40:52 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 17:14:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82831D0D-4E57-43F7-93A7-B82ECC7D7DF1}\gapaengine.dll
2012-09-13 17:13:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-13 17:13:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-13 13:15:02 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-09-13 13:12:13 -------- d-----w- C:\ProgramData\7531CC9202C75886D6CFC216F875F002
2012-09-13 11:27:19 -------- d-----w- C:\Users\Kellie\AppData\Local\{712604E2-B68F-499C-8043-EDD39F515764}
2012-09-12 15:04:39 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 15:04:39 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 15:04:39 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 15:04:39 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 15:04:38 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 15:04:38 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 15:04:38 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 11:22:09 -------- d-----w- C:\Users\Kellie\AppData\Local\{27F2B198-BF96-4147-B113-E02D9A6439B8}
2012-09-11 12:39:39 -------- d-----w- C:\Users\Kellie\AppData\Local\{537208BB-3988-404B-8CEC-01F97950503A}
2012-09-11 00:39:04 -------- d-----w- C:\Users\Kellie\AppData\Local\{DABBD7CA-267E-49D4-BDE7-ADB5E719C990}
2012-09-10 11:18:29 -------- d-----w- C:\Users\Kellie\AppData\Local\{67FBBA47-15E8-4857-8700-E90636810ABE}
2012-09-08 11:54:21 -------- d-----w- C:\Users\Kellie\AppData\Local\{5F169BC9-B1DA-4467-B9AC-4B146F51AB03}
2012-09-07 10:41:51 -------- d-----w- C:\Users\Kellie\AppData\Local\{5D716406-0B9F-4783-9AD1-E646399B793A}
2012-09-06 10:54:32 -------- d-----w- C:\Users\Kellie\AppData\Local\{259111C6-9697-4158-B71B-EE48915AF83B}
2012-09-05 22:52:54 -------- d-----w- C:\Users\Kellie\AppData\Local\{7BCCBFB1-71E7-4B46-BA7F-D24D8666DFA3}
2012-09-05 10:52:18 -------- d-----w- C:\Users\Kellie\AppData\Local\{0B77C6BB-7992-4508-B59F-BE3BCE7E8AF6}
2012-09-04 11:24:03 -------- d-----w- C:\Users\Kellie\AppData\Local\{8B71B99B-FBF3-4D6E-A182-CEE0F88184AB}
2012-09-03 18:55:48 -------- d-----w- C:\Users\Kellie\AppData\Local\{FB5F4F25-AFE4-4C18-9E32-A987B2CEC40C}
2012-09-02 13:00:49 -------- d-----w- C:\Users\Kellie\AppData\Local\{60C1F5B6-0D52-4E83-A240-09576B98D50E}
2012-09-01 11:11:43 -------- d-----w- C:\Users\Kellie\AppData\Local\{5E38E7F8-0D40-4A95-BFCB-D7C47F03676C}
2012-08-31 10:25:27 -------- d-----w- C:\Users\Kellie\AppData\Local\{107E23D5-B451-4E02-8077-2DB780EBF8FB}
2012-08-30 14:20:58 -------- d-----w- C:\Users\Kellie\AppData\Local\{1782E3FE-6E91-46F0-95B3-47E4A141E187}
2012-08-29 23:47:13 -------- d-----w- C:\Users\Kellie\AppData\Local\{A71A3060-275B-4AA0-9AD5-B25546CC3056}
2012-08-29 11:01:43 -------- d-----w- C:\Users\Kellie\AppData\Local\{C1B4A26C-DCCF-4D5F-A368-6C0B5D506F83}
2012-08-28 12:04:32 -------- d-----w- C:\Users\Kellie\AppData\Local\{F2DA06DE-4DC3-476E-90DA-0F765EE315BB}
2012-08-27 13:27:12 -------- d-----w- C:\Users\Kellie\AppData\Local\{1ADF3078-DD36-417D-8186-49204C8EE135}
2012-08-27 01:26:37 -------- d-----w- C:\Users\Kellie\AppData\Local\{23441D3E-DEE3-4C83-9711-F6E334F9A38E}
2012-08-26 12:22:10 -------- d-----w- C:\Users\Kellie\AppData\Local\{D05004D1-DB12-439A-B683-0EBBFEC4E483}
2012-08-26 00:16:37 -------- d-----w- C:\Users\Kellie\AppData\Local\{AA64046D-23F3-4C13-B72A-76F6F6ADA301}
2012-08-25 10:45:37 -------- d-----w- C:\Users\Kellie\AppData\Local\{A36EAEC6-A51B-4C24-9EC6-32AEA5F5184C}
2012-08-24 11:07:07 -------- d-----w- C:\Users\Kellie\AppData\Local\{E7A0CA10-7308-45F2-9D93-73B5B8EEFF25}
2012-08-23 15:54:35 -------- d-----w- C:\Program Files\CCleaner
2012-08-23 12:42:39 -------- d-----w- C:\Users\Kellie\AppData\Local\{CA888684-9D18-44EB-9565-6D37F07A7787}
2012-08-23 00:42:02 -------- d-----w- C:\Users\Kellie\AppData\Local\{7050B1A7-2E28-4095-9883-804D4C9FE3CD}
2012-08-22 10:20:41 -------- d-----w- C:\Users\Kellie\AppData\Local\{8A612F32-D57C-428F-998E-6D91BE2B01C4}
2012-08-21 13:04:10 -------- d-----w- C:\Users\Kellie\AppData\Local\{196A0DF7-195C-4838-B06A-356A9322C27C}
2012-08-21 00:20:01 -------- d-----w- C:\Users\Kellie\AppData\Local\{95EACD01-5657-46A0-8423-AD32225CEA13}
2012-08-20 10:50:44 -------- d-----w- C:\Users\Kellie\AppData\Local\{9AE0C2B4-0F4C-4913-A959-05D89BA3A5FB}
2012-08-19 12:08:07 -------- d-----w- C:\Users\Kellie\AppData\Local\{333E96D9-C35E-4FE3-9CFE-A5B6B0E77994}
2012-08-18 11:24:15 -------- d-----w- C:\Users\Kellie\AppData\Local\{9D37CDF9-C62A-4DDF-8654-C05EC826F11F}
2012-08-17 12:36:45 -------- d-----w- C:\Users\Kellie\AppData\Local\ElevatedDiagnostics
2012-08-17 11:44:21 -------- d-----w- C:\Users\Kellie\AppData\Local\{68043674-7AA5-432D-877D-DE1434CB0A84}
2012-08-17 11:43:59 -------- d-----w- C:\Users\Kellie\AppData\Local\{DE1A0A84-14B3-46C4-9F6B-6EB7184C8D0C}
2012-08-16 23:43:33 -------- d-----w- C:\Users\Kellie\AppData\Local\{4D090A5A-FA28-4F75-97D3-6572A40E72A8}
2012-08-16 23:43:22 -------- d-----w- C:\Users\Kellie\AppData\Local\{77939F90-2A1C-44EF-BF54-033D94DB162E}
.
==================== Find3M ====================
.
2012-09-14 00:40:47 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-14 00:40:47 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-23 11:12:48 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 11:12:48 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 7:32:18.07 ===============

Kellie Resetar · Sep 15, 2012

Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/28/2011 4:43:42 AM
System Uptime: 9/15/2012 6:05:55 AM (1 hours ago)
.
Motherboard: Gateway | | NV55C
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU | 1173/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 383.044 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP154: 8/29/2012 7:52:57 PM - Windows Update
RP155: 9/3/2012 2:53:03 PM - Windows Update
RP156: 9/7/2012 6:52:47 AM - Windows Update
RP157: 9/11/2012 7:14:21 AM - Windows Update
RP158: 9/12/2012 1:33:21 PM - Windows Update
RP159: 9/13/2012 4:59:35 PM - Installed Microsoft Fix it 50123
RP160: 9/13/2012 5:01:42 PM - Installed Microsoft Fix it 50123
RP161: 9/13/2012 5:08:43 PM - Installed Microsoft Fix it 50123
RP162: 9/13/2012 8:09:44 PM - Installed Microsoft Fix it 50123
RP163: 9/13/2012 8:40:08 PM - Installed Java 7 Update 7
RP164: 9/13/2012 8:54:56 PM - Installed Microsoft Fix it 50123
RP165: 9/13/2012 9:49:19 PM - Installed Microsoft Fix it 50123
RP166: 9/14/2012 7:34:23 AM - Installed Microsoft Fix it 50123
RP167: 9/14/2012 7:52:20 AM - Windows Update
RP168: 9/14/2012 7:57:54 AM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
18 Wheels of Steel - American Long Haul
Acrobat.com
ActiveMail
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Advertising Center
Agatha Christie - Death on the Nile
Amazon Kindle
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Backup Manager Basic
Bejeweled 2 Deluxe
Bing Desktop
Blackhawk Striker 2
Build-a-lot 2
Chuzzle Deluxe
CyberLink PowerDVD 9
D3DX10
Diner Dash 2 Restaurant Rescue
DIRECTV Player
Dora's Carnival Adventure
eBay Worldwide
FATE
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
GIMP 2.6.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript Lite 9.04
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2011
H&R Block Georgia 2009
H&R Block Georgia 2011
Identity Card
ImagXpress
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NOOK for PC
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Penguins!
Picasa 3
Plants vs. Zombies
Polar Bowler
Polar Golfer
Quicken 2011
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.10
TaxCut Premium + State 2007
Times Reader
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2010
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Video Web Camera
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games App (Gateway Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
9/8/2012 6:47:04 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
9/8/2012 6:47:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
9/15/2012 7:30:08 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
9/15/2012 7:30:08 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
9/15/2012 7:29:18 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
9/13/2012 9:43:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 9:43:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 9:19:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
9/13/2012 9:19:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
9/13/2012 9:19:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
9/13/2012 8:54:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Kellie-PC\Admin SID (S-1-5-21-2248584434-4130743615-47422387-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/13/2012 8:18:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 8:18:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 7:34:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 7:34:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 5:01:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 5:01:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 4:57:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 4:57:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 4:56:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 4:56:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/13/2012 4:51:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/13/2012 4:48:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/13/2012 4:48:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/13/2012 4:47:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/13/2012 4:43:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/13/2012 4:40:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/13/2012 2:42:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/13/2012 2:35:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
9/13/2012 2:24:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 2:19:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 2:14:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 2:09:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 2:04:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 1:59:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 1:54:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 1:49:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 1:44:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 1:39:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 1:34:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 1:29:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 1:24:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 1:19:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1150.0, AS: 1.135.1150.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/13/2012 1:15:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
9/13/2012 1:15:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
9/13/2012 1:15:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
9/13/2012 1:15:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
9/13/2012 1:15:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1150.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
9/13/2012 1:14:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/13/2012 1:13:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/13/2012 1:07:48 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/13/2012 1:07:48 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
MSE Results : TrojanDownloader:Win32/Karagany.I (I quarantined this and stopped the scan once I saw that it was running because of the instructions here about not running anything else once I start this process) but not sure if I should have just let it finish?

Jay Pfoutz · Sep 15, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
Press Scan button. It will do its scan and save a log on your flash drive.
Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
Type exit in the Command Prompt window and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

Kellie Resetar · Sep 15, 2012

Hi Jay - Thank you for your help.

Here's logs from last step:

FRST.Txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2012 03
Ran by SYSTEM at 15-09-2012 12:42:05
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-04-12] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [258304 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [600688 2010-10-22] (Chicony)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKU\Admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-10] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-07-29] ()
HKU\Kellie\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-08] (SUPERAntiSpyware.com)
HKU\Kellie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-10] (Google Inc.)
HKU\Kellie\...\Run: [PCShowServer] C:\Users\Kellie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [351888 2012-03-01] (NDS Technologies)
HKU\Kellie\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs:
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$f0f1e209943b7c659417dd7f8504e063\n. ATTENTION! ====> ZeroAccess
==================== Services (Whitelisted) ===================
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-09-08] (SUPERAntiSpyware.com)
2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) =====================
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-09-15 08:02 - 2012-09-15 08:02 - 01454171 ____A (Farbar) C:\Users\Kellie\Downloads\FRST64.exe
2012-09-15 03:30 - 2012-09-15 03:30 - 00607260 ____R (Swearware) C:\Users\Kellie\Downloads\dds.com
2012-09-14 13:44 - 2012-09-14 13:44 - 00302592 ____A C:\Users\Kellie\Downloads\qxxg0fqw.exe
2012-09-14 12:46 - 2012-09-14 12:46 - 00001040 ____A C:\Windows\PFRO.log
2012-09-14 12:35 - 2012-09-14 12:35 - 00001076 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 12:35 - 2012-09-14 12:35 - 00000000 ____D C:\Users\Kellie\AppData\Roaming\Malwarebytes
2012-09-14 12:35 - 2012-09-14 12:35 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-14 12:35 - 2012-09-14 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-14 12:35 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-14 12:33 - 2012-09-14 12:34 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Kellie\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-14 04:41 - 2012-09-14 04:42 - 00000000 ____D C:\Users\Kellie\AppData\Local\{504475F9-DA32-42AA-A95C-2D18D2C64CE6}
2012-09-14 04:05 - 2012-09-14 04:05 - 00000000 ____D C:\Users\All Users\Intel
2012-09-14 03:57 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-09-14 03:57 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-09-14 03:53 - 2012-09-14 03:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2012-09-14 03:27 - 2012-09-14 03:29 - 00036210 ____A C:\Users\Admin\Desktop\sfcdetails.txt
2012-09-13 16:43 - 2012-09-13 16:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Bullzip
2012-09-13 16:43 - 2012-09-13 16:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2012-09-13 16:40 - 2012-09-13 16:40 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-13 16:40 - 2012-09-13 16:40 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-13 16:40 - 2012-09-13 16:40 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-13 16:40 - 2012-09-13 16:40 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-13 16:40 - 2012-09-13 16:40 - 00000000 ____D C:\Program Files (x86)\Java
2012-09-13 15:57 - 2012-08-30 20:12 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-09-13 15:35 - 2012-09-13 15:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Google
2012-09-13 15:35 - 2012-09-13 15:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2012-09-13 15:29 - 2012-09-13 15:29 - 00073232 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-13 15:25 - 2012-09-13 16:29 - 00000530 ____A C:\Windows\DtcInstall.log
2012-09-13 09:13 - 2012-09-13 09:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-13 09:13 - 2012-09-13 09:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-13 09:12 - 2012-09-13 09:12 - 12621696 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (4).exe
2012-09-13 09:09 - 2012-09-13 09:09 - 12621696 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (3).exe
2012-09-13 09:08 - 2012-09-13 09:09 - 10288512 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (2).exe
2012-09-13 09:07 - 2012-09-15 08:36 - 00000728 ____A C:\Windows\setupact.log
2012-09-13 09:07 - 2012-09-13 09:07 - 00000000 ____A C:\Windows\setuperr.log
2012-09-13 09:03 - 2012-09-13 09:04 - 00004322 ____A C:\Users\Kellie\Documents\cc_20120913_130357.reg
2012-09-13 09:03 - 2012-09-13 09:03 - 00004032 ____A C:\Users\Kellie\Documents\cc_20120913_130314.reg
2012-09-13 08:55 - 2012-09-13 08:56 - 03927560 ____A (Piriform Ltd) C:\Users\Kellie\Downloads\ccsetup322.exe
2012-09-13 05:44 - 2012-09-13 05:44 - 10288512 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (1).exe
2012-09-13 05:15 - 2012-09-13 05:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-09-13 05:12 - 2012-09-13 05:37 - 00000000 ____D C:\Users\All Users\7531CC9202C75886D6CFC216F875F002
2012-09-13 04:54 - 2012-09-14 04:45 - 00008335 ____A C:\Users\Kellie\Documents\Bath Design Stores.xlsx
2012-09-13 03:27 - 2012-09-13 03:27 - 00000000 ____D C:\Users\Kellie\AppData\Local\{712604E2-B68F-499C-8043-EDD39F515764}
2012-09-12 09:15 - 2012-09-12 09:15 - 00010130 ____A C:\Users\Kellie\.recently-used.xbel
2012-09-12 07:04 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 07:04 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 07:04 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 07:04 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 07:04 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 07:04 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 07:04 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-12 03:22 - 2012-09-12 03:22 - 00000000 ____D C:\Users\Kellie\AppData\Local\{27F2B198-BF96-4147-B113-E02D9A6439B8}
2012-09-11 04:39 - 2012-09-11 04:40 - 00000000 ____D C:\Users\Kellie\AppData\Local\{537208BB-3988-404B-8CEC-01F97950503A}
2012-09-11 04:39 - 2012-09-11 04:39 - 00038400 ____A C:\Users\Kellie\Documents\Avaya Passworrds.xls
2012-09-10 16:39 - 2012-09-10 16:39 - 00000000 ____D C:\Users\Kellie\AppData\Local\{DABBD7CA-267E-49D4-BDE7-ADB5E719C990}
2012-09-10 03:18 - 2012-09-10 03:18 - 00000000 ____D C:\Users\Kellie\AppData\Local\{67FBBA47-15E8-4857-8700-E90636810ABE}
2012-09-08 09:15 - 2012-09-08 09:23 - 00009818 ____A C:\Users\Rob\Documents\Golf club values.xlsx
2012-09-08 03:54 - 2012-09-08 03:54 - 00000000 ____D C:\Users\Kellie\AppData\Local\{5F169BC9-B1DA-4467-B9AC-4B146F51AB03}
2012-09-07 02:41 - 2012-09-07 02:42 - 00000000 ____D C:\Users\Kellie\AppData\Local\{5D716406-0B9F-4783-9AD1-E646399B793A}
2012-09-06 02:54 - 2012-09-06 02:54 - 00000000 ____D C:\Users\Kellie\AppData\Local\{259111C6-9697-4158-B71B-EE48915AF83B}
2012-09-05 14:52 - 2012-09-05 14:53 - 00000000 ____D C:\Users\Kellie\AppData\Local\{7BCCBFB1-71E7-4B46-BA7F-D24D8666DFA3}
2012-09-05 02:52 - 2012-09-05 02:52 - 00000000 ____D C:\Users\Kellie\AppData\Local\{0B77C6BB-7992-4508-B59F-BE3BCE7E8AF6}
2012-09-04 03:24 - 2012-09-04 03:24 - 00000000 ____D C:\Users\Kellie\AppData\Local\{8B71B99B-FBF3-4D6E-A182-CEE0F88184AB}
2012-09-03 10:55 - 2012-09-03 10:56 - 00000000 ____D C:\Users\Kellie\AppData\Local\{FB5F4F25-AFE4-4C18-9E32-A987B2CEC40C}
2012-09-03 10:42 - 2012-09-15 08:35 - 00000350 ____A C:\Windows\Tasks\ActiveMail Chrome Watcher.job
2012-09-02 05:00 - 2012-09-02 05:01 - 00000000 ____D C:\Users\Kellie\AppData\Local\{60C1F5B6-0D52-4E83-A240-09576B98D50E}
2012-09-01 03:11 - 2012-09-01 03:11 - 00000000 ____D C:\Users\Kellie\AppData\Local\{5E38E7F8-0D40-4A95-BFCB-D7C47F03676C}
2012-08-31 02:25 - 2012-08-31 02:25 - 00000000 ____D C:\Users\Kellie\AppData\Local\{107E23D5-B451-4E02-8077-2DB780EBF8FB}
2012-08-30 06:20 - 2012-08-30 06:21 - 00000000 ____D C:\Users\Kellie\AppData\Local\{1782E3FE-6E91-46F0-95B3-47E4A141E187}
2012-08-29 15:47 - 2012-08-29 15:47 - 00000000 ____D C:\Users\Kellie\AppData\Local\{A71A3060-275B-4AA0-9AD5-B25546CC3056}
2012-08-29 03:01 - 2012-08-29 03:02 - 00000000 ____D C:\Users\Kellie\AppData\Local\{C1B4A26C-DCCF-4D5F-A368-6C0B5D506F83}
2012-08-28 04:04 - 2012-08-28 04:04 - 00000000 ____D C:\Users\Kellie\AppData\Local\{F2DA06DE-4DC3-476E-90DA-0F765EE315BB}
2012-08-27 05:27 - 2012-08-27 05:27 - 00000000 ____D C:\Users\Kellie\AppData\Local\{1ADF3078-DD36-417D-8186-49204C8EE135}
2012-08-26 17:26 - 2012-08-26 17:26 - 00000000 ____D C:\Users\Kellie\AppData\Local\{23441D3E-DEE3-4C83-9711-F6E334F9A38E}
2012-08-26 04:22 - 2012-08-26 04:22 - 00000000 ____D C:\Users\Kellie\AppData\Local\{D05004D1-DB12-439A-B683-0EBBFEC4E483}
2012-08-25 16:16 - 2012-08-25 16:16 - 00000000 ____D C:\Users\Kellie\AppData\Local\{AA64046D-23F3-4C13-B72A-76F6F6ADA301}
2012-08-25 02:45 - 2012-08-25 02:45 - 00000000 ____D C:\Users\Kellie\AppData\Local\{A36EAEC6-A51B-4C24-9EC6-32AEA5F5184C}
2012-08-24 04:57 - 2012-08-24 04:57 - 00151341 ____A C:\Users\Kellie\Downloads\U969117_201112_201112.xls
2012-08-24 04:57 - 2012-08-24 04:57 - 00066310 ____A C:\Users\Kellie\Downloads\U969117_201105_201105.xls
2012-08-24 04:53 - 2012-08-24 04:53 - 00113730 ____A C:\Users\Kellie\Downloads\U969117_201104_201104.xls
2012-08-24 03:07 - 2012-08-24 03:07 - 00000000 ____D C:\Users\Kellie\AppData\Local\{E7A0CA10-7308-45F2-9D93-73B5B8EEFF25}
2012-08-23 08:06 - 2012-08-23 08:08 - 00082306 ____A C:\Users\Kellie\Documents\cc_20120823_120650.reg
2012-08-23 07:54 - 2012-09-13 08:56 - 00000829 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-23 07:54 - 2012-09-13 08:56 - 00000000 ____D C:\Program Files\CCleaner
2012-08-23 07:52 - 2012-08-23 07:53 - 03907920 ____A (Piriform Ltd) C:\Users\Kellie\Downloads\ccsetup321.exe
2012-08-23 04:42 - 2012-08-23 04:43 - 00000000 ____D C:\Users\Kellie\AppData\Local\{CA888684-9D18-44EB-9565-6D37F07A7787}
2012-08-23 03:14 - 2012-09-05 02:47 - 00002307 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-22 16:42 - 2012-08-22 16:42 - 00000000 ____D C:\Users\Kellie\AppData\Local\{7050B1A7-2E28-4095-9883-804D4C9FE3CD}
2012-08-22 02:20 - 2012-08-22 02:21 - 00000000 ____D C:\Users\Kellie\AppData\Local\{8A612F32-D57C-428F-998E-6D91BE2B01C4}
2012-08-21 05:04 - 2012-08-21 05:04 - 00000000 ____D C:\Users\Kellie\AppData\Local\{196A0DF7-195C-4838-B06A-356A9322C27C}
2012-08-20 16:20 - 2012-08-20 16:20 - 00000000 ____D C:\Users\Kellie\AppData\Local\{95EACD01-5657-46A0-8423-AD32225CEA13}
2012-08-20 02:50 - 2012-08-20 02:51 - 00000000 ____D C:\Users\Kellie\AppData\Local\{9AE0C2B4-0F4C-4913-A959-05D89BA3A5FB}
2012-08-19 04:08 - 2012-08-19 04:08 - 00000000 ____D C:\Users\Kellie\AppData\Local\{333E96D9-C35E-4FE3-9CFE-A5B6B0E77994}
2012-08-18 03:24 - 2012-08-18 03:24 - 00000000 ____D C:\Users\Kellie\AppData\Local\{9D37CDF9-C62A-4DDF-8654-C05EC826F11F}
2012-08-17 03:44 - 2012-08-17 03:44 - 00000000 ____D C:\Users\Kellie\AppData\Local\{68043674-7AA5-432D-877D-DE1434CB0A84}
2012-08-17 03:43 - 2012-08-17 03:44 - 00000000 ____D C:\Users\Kellie\AppData\Local\{DE1A0A84-14B3-46C4-9F6B-6EB7184C8D0C}
2012-08-16 15:43 - 2012-08-16 15:43 - 00000000 ____D C:\Users\Kellie\AppData\Local\{77939F90-2A1C-44EF-BF54-033D94DB162E}
2012-08-16 15:43 - 2012-08-16 15:43 - 00000000 ____D C:\Users\Kellie\AppData\Local\{4D090A5A-FA28-4F75-97D3-6572A40E72A8}
2012-08-16 03:13 - 2012-08-16 03:13 - 00000000 ____D C:\Users\Kellie\AppData\Local\{97F94A94-C8BF-4EE3-8BF3-A42F281CEA85}
2012-08-16 03:13 - 2012-08-16 03:13 - 00000000 ____D C:\Users\Kellie\AppData\Local\{3EA1221A-75D3-4374-B050-E3A8C4CB7F54}

==================== 3 Months Modified Files ==================
2012-09-15 08:36 - 2012-09-13 09:07 - 00000728 ____A C:\Windows\setupact.log
2012-09-15 08:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-15 08:35 - 2012-09-03 10:42 - 00000350 ____A C:\Windows\Tasks\ActiveMail Chrome Watcher.job
2012-09-15 08:32 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-15 08:28 - 2011-12-10 13:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-15 08:28 - 2011-03-13 22:34 - 01090668 ____A C:\Windows\WindowsUpdate.log
2012-09-15 08:02 - 2012-09-15 08:02 - 01454171 ____A (Farbar) C:\Users\Kellie\Downloads\FRST64.exe
2012-09-15 07:55 - 2012-04-04 02:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-15 04:35 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-15 04:35 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-15 04:35 - 2007-11-22 18:37 - 00023468 ____A C:\Users\Public\Documents\Address File.xlsx
2012-09-15 04:27 - 2011-12-10 13:50 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-15 03:30 - 2012-09-15 03:30 - 00607260 ____R (Swearware) C:\Users\Kellie\Downloads\dds.com
2012-09-15 03:17 - 2012-07-30 06:01 - 00000332 ____A C:\Windows\Tasks\ActiveMail Updater.job
2012-09-14 13:44 - 2012-09-14 13:44 - 00302592 ____A C:\Users\Kellie\Downloads\qxxg0fqw.exe
2012-09-14 12:46 - 2012-09-14 12:46 - 00001040 ____A C:\Windows\PFRO.log
2012-09-14 12:35 - 2012-09-14 12:35 - 00001076 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 12:34 - 2012-09-14 12:33 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Kellie\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-14 04:45 - 2012-09-13 04:54 - 00008335 ____A C:\Users\Kellie\Documents\Bath Design Stores.xlsx
2012-09-14 03:29 - 2012-09-14 03:27 - 00036210 ____A C:\Users\Admin\Desktop\sfcdetails.txt
2012-09-13 16:40 - 2012-09-13 16:40 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-13 16:40 - 2012-09-13 16:40 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-13 16:40 - 2012-09-13 16:40 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-13 16:40 - 2012-09-13 16:40 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-13 16:40 - 2012-06-06 16:44 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-13 16:40 - 2012-06-06 16:44 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-13 16:29 - 2012-09-13 15:25 - 00000530 ____A C:\Windows\DtcInstall.log
2012-09-13 15:29 - 2012-09-13 15:29 - 00073232 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-13 15:29 - 2011-10-24 17:04 - 00073232 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-13 09:13 - 2011-10-26 15:27 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-13 09:13 - 2011-10-26 15:26 - 00743856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-13 09:12 - 2012-09-13 09:12 - 12621696 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (4).exe
2012-09-13 09:09 - 2012-09-13 09:09 - 12621696 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (3).exe
2012-09-13 09:09 - 2012-09-13 09:08 - 10288512 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (2).exe
2012-09-13 09:07 - 2012-09-13 09:07 - 00000000 ____A C:\Windows\setuperr.log
2012-09-13 09:04 - 2012-09-13 09:03 - 00004322 ____A C:\Users\Kellie\Documents\cc_20120913_130357.reg
2012-09-13 09:03 - 2012-09-13 09:03 - 00004032 ____A C:\Users\Kellie\Documents\cc_20120913_130314.reg
2012-09-13 08:56 - 2012-09-13 08:55 - 03927560 ____A (Piriform Ltd) C:\Users\Kellie\Downloads\ccsetup322.exe
2012-09-13 08:56 - 2012-08-23 07:54 - 00000829 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-13 08:23 - 2007-08-07 16:49 - 59322368 ____A C:\Users\Public\Documents\Resetar.mny
2012-09-13 05:44 - 2012-09-13 05:44 - 10288512 ____A (Microsoft Corporation) C:\Users\Kellie\Downloads\mseinstall (1).exe
2012-09-12 12:48 - 2011-01-22 14:06 - 39407616 ____A C:\Users\Public\Documents\Quicken old.QDF
2012-09-12 09:15 - 2012-09-12 09:15 - 00010130 ____A C:\Users\Kellie\.recently-used.xbel
2012-09-12 08:49 - 2011-01-22 14:06 - 49123328 ____A C:\Users\Public\Documents\Quicken (2).QDF
2012-09-12 07:14 - 2012-07-19 10:26 - 00118912 ____A C:\Users\Public\Documents\Quicken (2)OFXLOG.DAT
2012-09-12 07:13 - 2012-07-19 10:26 - 02129168 ____A C:\Users\Public\Documents\Quicken (2)OFXOLD.DAT
2012-09-11 04:49 - 2012-06-18 08:29 - 00015139 ____A C:\Users\Kellie\Documents\EBAY Transaction History.xlsx
2012-09-11 04:39 - 2012-09-11 04:39 - 00038400 ____A C:\Users\Kellie\Documents\Avaya Passworrds.xls
2012-09-08 09:23 - 2012-09-08 09:15 - 00009818 ____A C:\Users\Rob\Documents\Golf club values.xlsx
2012-09-07 13:04 - 2012-09-14 12:35 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-05 02:47 - 2012-08-23 03:14 - 00002307 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-30 20:43 - 2011-08-28 07:04 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-30 20:12 - 2012-09-13 15:57 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-08-24 04:57 - 2012-08-24 04:57 - 00151341 ____A C:\Users\Kellie\Downloads\U969117_201112_201112.xls
2012-08-24 04:57 - 2012-08-24 04:57 - 00066310 ____A C:\Users\Kellie\Downloads\U969117_201105_201105.xls
2012-08-24 04:53 - 2012-08-24 04:53 - 00113730 ____A C:\Users\Kellie\Downloads\U969117_201104_201104.xls
2012-08-23 08:08 - 2012-08-23 08:06 - 00082306 ____A C:\Users\Kellie\Documents\cc_20120823_120650.reg
2012-08-23 07:53 - 2012-08-23 07:52 - 03907920 ____A (Piriform Ltd) C:\Users\Kellie\Downloads\ccsetup321.exe
2012-08-23 03:12 - 2012-04-04 02:30 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-23 03:12 - 2011-09-06 14:11 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-22 10:12 - 2012-09-12 07:04 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 07:04 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 07:04 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 07:04 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-16 02:25 - 2009-07-13 20:45 - 00320720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-02 09:58 - 2012-09-12 07:04 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 07:04 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-30 06:02 - 2012-07-30 06:02 - 00001097 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-30 06:00 - 2012-07-30 06:01 - 16801656 ____A (Mozilla) C:\Users\Kellie\Downloads\Firefox_Setup_14.0.1.exe
2012-07-18 12:56 - 2011-01-22 14:13 - 01927232 ____A C:\Users\Public\Documents\QuickenOFXLOG.DAT
2012-07-18 10:15 - 2012-08-15 12:17 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-13 03:29 - 2012-07-13 03:29 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b06.log
2012-07-10 07:46 - 2011-01-22 14:13 - 02103440 ____A C:\Users\Public\Documents\QuickenOFXOLD.DAT
2012-07-04 14:16 - 2012-08-15 12:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 12:17 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 12:17 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 12:17 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 12:17 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-12 07:04 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-06-28 20:55 - 2012-08-15 15:56 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 15:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 15:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 15:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 15:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 15:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 15:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 15:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 15:56 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 15:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 15:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 15:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 15:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 15:56 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 15:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 15:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 15:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 15:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 15:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 15:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 15:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 15:56 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 15:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 15:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 15:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 15:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2248584434-4130743615-47422387-1001\$f0f1e209943b7c659417dd7f8504e063
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-08-29 15:53:06
Restore point made on: 2012-09-03 10:53:18
Restore point made on: 2012-09-07 02:53:05
Restore point made on: 2012-09-11 03:14:36
Restore point made on: 2012-09-12 09:33:31
Restore point made on: 2012-09-13 12:59:44
Restore point made on: 2012-09-13 13:01:45
Restore point made on: 2012-09-13 13:08:46
Restore point made on: 2012-09-13 16:09:55
Restore point made on: 2012-09-13 16:40:16
Restore point made on: 2012-09-13 16:54:59
Restore point made on: 2012-09-13 17:49:27
Restore point made on: 2012-09-14 03:34:35
Restore point made on: 2012-09-14 03:52:32
Restore point made on: 2012-09-14 03:57:57
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3766.71 MB
Available physical RAM: 3059.19 MB
Total Pagefile: 3764.86 MB
Available Pagefile: 3051.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (Gateway) (Fixed) (Total:451.66 GB) (Free:382.98 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:1.91 GB) NTFS
4 Drive g: () (Removable) (Total:0.12 GB) (Free:0.05 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 125 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 14 GB 1024 KB
Partition 2 Primary 100 MB 14 GB
Partition 3 Primary 451 GB 14 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 14 GB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 451 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 125 MB 0 B
==================================================================================
Disk: 1
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
=========================================================
Last Boot: 2012-09-06 08:57
==================== End Of Log =============================

Kellie Resetar · Sep 15, 2012

Search.txt:

Farbar Recovery Scan Tool (x64) Version: 15-09-2012 03
Ran by SYSTEM at 2012-09-15 12:44:28
Running from G:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======

Jay Pfoutz · Sep 15, 2012

FRST Fixlist

Download the attached file, please. Save it on your flash drive in same location as FRST.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Kellie Resetar · Sep 16, 2012

I ran the FRST Fixlist and everything worked fine. Log is below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-09-2012 03
Ran by SYSTEM at 2012-09-16 07:27:37 Run:1
Running from G:\
==============================================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Value was restored successfully .
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
==== End of Fixlog ====

Can I go back to using my PC normally?

Kellie Resetar · Sep 16, 2012

Hi Jay,
Wanted to let you know that my Window Firewall not working again (seemed to be working right after I ran the above) so not sure if this would have fixed.

Jay Pfoutz · Sep 17, 2012

Yeah, that's usual with this infection. Let's continue disinfection. I doubt the machine is clean just yet...

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Kellie Resetar · Sep 17, 2012

Good morning.
Here's the log from this step -

ComboFix 12-09-16.01 - Kellie 09/17/2012 7:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2255 [GMT -4:00]
Running from: c:\users\Kellie\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Kellie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
c:\users\Kellie\Documents\ZDS08027.TMP
c:\users\Kellie\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 11:40 . 2012-09-17 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-17 11:40 . 2012-09-17 11:40 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-09-16 11:42 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2332E9A-98D5-47CB-B4A5-FB18DE0AC7B8}\mpengine.dll
2012-09-15 20:41 . 2012-09-15 20:42 -------- d-----w- C:\FRST
2012-09-15 11:37 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\users\Kellie\AppData\Roaming\Malwarebytes
2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\programdata\Malwarebytes
2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-14 20:35 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 12:05 . 2012-09-14 12:05 -------- d-----w- c:\programdata\Intel
2012-09-14 11:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-14 11:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-14 11:53 . 2012-09-14 11:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
2012-09-14 00:43 . 2012-09-14 00:43 -------- d-----w- c:\users\Admin\AppData\Local\Adobe
2012-09-14 00:43 . 2012-09-14 00:43 -------- d-----w- c:\users\Admin\AppData\Roaming\Bullzip
2012-09-14 00:41 . 2012-09-14 00:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-14 00:40 . 2012-09-14 00:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 00:40 . 2012-09-14 00:40 -------- d-----w- c:\program files (x86)\Java
2012-09-13 23:52 . 2012-09-14 01:40 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2012-09-13 23:35 . 2012-09-13 23:35 -------- d-----w- c:\users\Admin\AppData\Local\Google
2012-09-13 17:14 . 2012-02-09 18:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82831D0D-4E57-43F7-93A7-B82ECC7D7DF1}\gapaengine.dll
2012-09-13 17:13 . 2012-09-13 17:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-13 17:13 . 2012-09-13 17:13 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-13 13:15 . 2012-09-13 13:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-13 13:12 . 2012-09-13 13:37 -------- d-----w- c:\programdata\7531CC9202C75886D6CFC216F875F002
2012-09-12 15:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 15:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 15:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 15:04 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 15:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-23 15:54 . 2012-09-13 16:56 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 00:40 . 2012-06-07 00:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-14 00:40 . 2012-06-07 00:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 04:43 . 2011-08-28 15:04 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-23 11:12 . 2012-04-04 10:30 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 11:12 . 2011-09-06 22:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-15 20:17 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 20:17 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 20:17 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 20:17 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 20:17 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 23:56 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 23:56 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 23:56 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 23:56 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 23:56 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 23:56 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 23:56 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 23:56 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 23:56 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 23:56 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 23:56 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 23:56 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 23:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 23:56 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 23:56 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 23:56 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 23:56 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 23:56 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 23:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-08 5663616]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-10-22 600688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-29 243232]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\ActiveMail Chrome Watcher.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-09-12 12:11]
.
2012-09-17 c:\windows\Tasks\ActiveMail Updater.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-09-12 12:11]
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:12]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 21:50]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 21:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = proxy_name:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: ameritrade.com\wwws
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kellie\AppData\Roaming\Mozilla\Firefox\Profiles\48adz0vn.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-PCShowServer - c:\users\Kellie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-09-17 07:50:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-17 11:50
.
Pre-Run: 410,044,534,784 bytes free
Post-Run: 409,713,094,656 bytes free
.
- - End Of File - - F3B07188FA500548603C545319C91293

Jay Pfoutz · Sep 17, 2012

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:

ClearJavaCache::

DDS::
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = proxy_name:8080

Click to expand...
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

Kellie Resetar · Sep 17, 2012

Here's result of last ComboFix. Going to run the ESET Scan now.

ComboFix 12-09-16.01 - Kellie 09/17/2012 16:56:04.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2249 [GMT -4:00]
Running from: c:\users\Kellie\Downloads\ComboFix.exe
Command switches used :: c:\users\Kellie\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 21:00 . 2012-09-17 21:00 -------- d-----w- c:\users\Rob\AppData\Local\temp
2012-09-17 21:00 . 2012-09-17 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-17 21:00 . 2012-09-17 21:00 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-09-17 13:28 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E8E1E93-BC2E-4D9F-94BA-DD1D84C6E27F}\mpengine.dll
2012-09-17 11:59 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 20:41 . 2012-09-15 20:42 -------- d-----w- C:\FRST
2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\users\Kellie\AppData\Roaming\Malwarebytes
2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\programdata\Malwarebytes
2012-09-14 20:35 . 2012-09-14 20:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-14 20:35 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 12:05 . 2012-09-14 12:05 -------- d-----w- c:\programdata\Intel
2012-09-14 11:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-14 11:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-14 11:53 . 2012-09-14 11:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
2012-09-14 00:43 . 2012-09-14 00:43 -------- d-----w- c:\users\Admin\AppData\Local\Adobe
2012-09-14 00:43 . 2012-09-14 00:43 -------- d-----w- c:\users\Admin\AppData\Roaming\Bullzip
2012-09-14 00:41 . 2012-09-14 00:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-14 00:40 . 2012-09-14 00:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 00:40 . 2012-09-14 00:40 -------- d-----w- c:\program files (x86)\Java
2012-09-13 23:52 . 2012-09-14 01:40 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2012-09-13 23:35 . 2012-09-13 23:35 -------- d-----w- c:\users\Admin\AppData\Local\Google
2012-09-13 17:14 . 2012-02-09 18:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82831D0D-4E57-43F7-93A7-B82ECC7D7DF1}\gapaengine.dll
2012-09-13 17:13 . 2012-09-13 17:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-13 17:13 . 2012-09-13 17:13 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-13 13:15 . 2012-09-13 13:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-13 13:12 . 2012-09-13 13:37 -------- d-----w- c:\programdata\7531CC9202C75886D6CFC216F875F002
2012-09-12 15:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 15:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 15:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 15:04 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 15:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-23 15:54 . 2012-09-13 16:56 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 00:40 . 2012-06-07 00:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-14 00:40 . 2012-06-07 00:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 04:43 . 2011-08-28 15:04 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-23 11:12 . 2012-04-04 10:30 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 11:12 . 2011-09-06 22:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-15 20:17 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 20:17 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 20:17 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 20:17 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 20:17 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 23:56 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 23:56 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 23:56 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 23:56 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 23:56 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 23:56 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 23:56 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 23:56 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 23:56 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 23:56 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 23:56 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 23:56 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 23:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 23:56 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 23:56 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 23:56 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 23:56 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 23:56 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 23:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-17_11.44.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-16 03:17 . 2012-09-17 11:57 55288 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-17 21:03 38192 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-28 08:45 . 2012-09-17 21:03 13426 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2248584434-4130743615-47422387-1001_UserData.bin
+ 2011-08-29 02:18 . 2012-09-17 11:53 7552 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-09-17 11:42 . 2012-09-17 11:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-17 21:01 . 2012-09-17 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-17 11:42 . 2012-09-17 11:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-17 21:01 . 2012-09-17 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-31 19:15 . 2012-09-17 20:48 254844 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-09-17 20:49 626540 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-17 01:23 626540 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-17 01:23 107784 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-17 20:49 107784 c:\windows\system32\perfc009.dat
+ 2011-03-14 06:59 . 2012-09-17 11:56 163840 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-14 06:59 . 2012-09-14 20:30 163840 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-09-17 11:41 292800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-17 21:00 292800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-14 06:59 . 2012-09-17 11:56 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-14 06:59 . 2012-09-14 20:30 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-14 20:30 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-17 11:56 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-29 02:18 . 2012-09-17 11:41 33239643 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2248584434-4130743615-47422387-1001-4096.dat
+ 2011-08-29 02:18 . 2012-09-17 21:00 33239643 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2248584434-4130743615-47422387-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-08 5663616]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-10-22 600688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-29 243232]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\ActiveMail Chrome Watcher.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-09-12 12:11]
.
2012-09-17 c:\windows\Tasks\ActiveMail Updater.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-09-12 12:11]
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:12]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 21:50]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 21:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: ameritrade.com\wwws
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kellie\AppData\Roaming\Mozilla\Firefox\Profiles\48adz0vn.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-09-17 17:07:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-17 21:07
ComboFix2.txt 2012-09-17 11:50
.
Pre-Run: 410,733,531,136 bytes free
Post-Run: 410,547,015,680 bytes free
.
- - End Of File - - 7854D6209071249709CFBDF6ECB57714

Kellie Resetar · Sep 17, 2012

The ESET Scan completed and No Threats were found.

Jay Pfoutz · Sep 18, 2012

Hi! Your logs appear to be clean. If there are no more issues, then we shall finish up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advanced System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name I.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive I.e. C
For a few moments the system will make some calculations:
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kellie Resetar · Sep 18, 2012

Here is checkup.txt -
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.1
Java 7 Update 7
Adobe Reader X (10.1.4)
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Thank you for all of your help. This is a great site - very professional and organized. I'll send another thank you your way in the next day or so.

Jay Pfoutz · Sep 19, 2012

Excellent!

Firefox update
Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > About Firefox > Check for Updates.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

Kellie Resetar · Sep 20, 2012

Firefox is now updated and everything appears to be working fine. No more questions. Thank again for your help!

Jay Pfoutz · Sep 20, 2012

You're welcome. Your contribution is appreciated!

Topic marked solved.

Solved Hi, I had the Live Security Platinum virus

Kellie Resetar

Posts: 11 +0

Kellie Resetar

Posts: 11 +0

Jay Pfoutz

Posts: 4,279 +49

Kellie Resetar

Posts: 11 +0

Kellie Resetar

Posts: 11 +0

Jay Pfoutz

Posts: 4,279 +49

Attachments

Kellie Resetar

Posts: 11 +0

Kellie Resetar

Posts: 11 +0

Jay Pfoutz

Posts: 4,279 +49

Kellie Resetar

Posts: 11 +0

Jay Pfoutz

Posts: 4,279 +49

Kellie Resetar

Posts: 11 +0

Kellie Resetar

Posts: 11 +0

Jay Pfoutz

Posts: 4,279 +49

Kellie Resetar

Posts: 11 +0

Jay Pfoutz

Posts: 4,279 +49

Kellie Resetar

Posts: 11 +0

Jay Pfoutz

Posts: 4,279 +49

Similar threads

Latest posts