Solved Serifef.ab and p

Sistrunk · Dec 9, 2012

Hello there!
I recently found that my computer was not able to connect to the internet through certain wifi routers. After digging a little deeper I found that my firewall has been disabled and connot get it back on. Did a scan with security essentials and found the serifef trojans. Also did the scan with malwarebytes and a different threat was detected. But when I choose to remove the threat I can no longer reboot the computer without doing a restore. The attached Malwarebytes file is the one before the removal. Since I had to restore. Been reading some of the threads and I'm very impressed with your guys work here. So I'll thank you guys ahead of time and I'm sure after.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jose :: RYAN-LAPTOP [administrator]
12/9/2012 5:18:20 PM
mbam-log-2012-12-09 (17-18-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222090
Time elapsed: 19 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\users\jose\appdata\local\temp\ms0cfg32.exe (Exploit.Drop.GS) -> Delete on reboot.
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_15
Run by Jose at 21:57:23 on 2012-12-09
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uProxyServer = 127.0.0.1:5555
uProxyOverride = <local>;*.local
uURLSearchHooks: agihelper.AGUtils: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} -
dURLSearchHooks: agihelper.AGUtils: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} -
mWinlogon: Userinit = userinit.exe,
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Kiwee Toolbar: {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} -
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB5; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; .NET CLR 3.5.21022)" -"http://www.miniclip.com/games/alien-hive/en/"
mRun: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe"
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {4DFE522A-5D3D-4711-9437-67E066BE1E6E} - hxxp://192.168.254.254/gc2/weblib.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : DHCPNameServer = 8.8.8.8
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://jvhpropheticgeneration.blogspot.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npNavIn.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: !HIDDEN! 2009-06-27 03:03; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============
.
R? AGCoreService;AG Core Services
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? Com4QLBEx;Com4QLBEx
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? GamesAppService;GamesAppService
R? hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver
R? hcw72ATV;WinTV HVR-950 NTSC
R? hcw72DTV;WinTV HVR-950 ATSC/QAM
R? JMCR;JMCR
R? libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1
R? NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? USBAAPL64;Apple Mobile USB Driver
R? w7Svc;webcam 7 Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller
S? {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49}
S? AESTFilters;Andrea ST Filters Service
S? afcdp;afcdp
S? afcdpsrv;Acronis Nonstop Backup service
S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
S? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? DragonUpdater;COMODO Dragon Update Service
S? enecir;ENE CIR Receiver
S? FontCache;Windows Font Cache Service
S? HauppaugeTVServer;HauppaugeTVServer
S? hpsrv;HP Service
S? jjtAutoLaunch;jjtAutoLaunch
S? MpFilter;Microsoft Malware Protection Driver
S? PerfHost;Performance Counter DLL Host
S? RDPDISPM;RDPDISPM
S? Recovery Service for Windows;Recovery Service for Windows
S? ScrybeUpdater;Scrybe Updater
S? tdrpman258;Acronis Try&Decide and Restore Points filter (build 258)
S? TeamViewer6;TeamViewer 6
S? TfFsMon;TfFsMon
S? TfNetMon;TfNetMon
S? TfSysMon;TfSysMon
S? ThreatFire;ThreatFire
S? TVCapSvc;TV Background Capture Service (TVBCS)
S? TVSched;TV Task Scheduler (TVTS)
S? usbfilter;AMD USB Filter Driver
S? wlcrasvc;Windows Live Mesh remote connections service
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-23 13:47:16 50952 ----a-w- C:\Windows\System32\certsentry.dll
2012-11-23 13:47:16 42760 ----a-w- C:\Windows\SysWow64\certsentry.dll
2012-11-23 13:35:39 65309168 ----a-w- C:\Windows\System32\mrt.exe
2012-11-08 04:37:52 94288 ----a-w- C:\Windows\System32\drivers\inspect.sys
2012-11-08 04:37:50 584056 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-11-08 04:37:50 45872 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-11-08 04:37:48 22736 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-11-08 04:37:38 41240 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-11-08 04:37:36 301264 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-11-08 04:37:32 390392 ----a-w- C:\Windows\System32\guard64.dll
2012-10-21 17:04:57 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-21 17:04:57 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-21 17:04:50 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 22:03:45.66 ===============

Sistrunk · Dec 9, 2012

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/12/2009 5:45:36 PM
System Uptime: 12/9/2012 9:29:54 PM (1 hours ago)
.
Motherboard: Compal | | 30FC
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-75 | Socket M2/S1G1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 114.421 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.018 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel
.
==== System Restore Points ===================
.
RP885: 10/9/2012 2:26:06 AM - Scheduled Checkpoint
RP886: 10/11/2012 2:42:17 AM - Scheduled Checkpoint
RP889: 11/19/2012 11:39:21 PM - Scheduled Checkpoint
RP890: 11/21/2012 7:05:26 PM - Device Driver Package Install: Microsoft Display adapters
RP891: 11/21/2012 7:35:14 PM - Windows Update
RP893: 11/22/2012 4:57:19 AM - Microsoft Antimalware Checkpoint
RP895: 11/22/2012 12:15:34 PM - Microsoft Antimalware Checkpoint
RP896: 11/22/2012 4:56:56 PM - before update
RP897: 11/22/2012 5:42:16 PM - Windows Update
RP898: 11/22/2012 7:23:10 PM - Windows Update
RP899: 11/23/2012 8:18:26 AM - Windows Update
RP900: 11/23/2012 8:50:56 AM - Device Driver Package Install: COMODO Network Service
RP901: 12/9/2012 6:07:09 PM - AFTER SCAN
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Acronis True Image Home
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
AMD USB Audio Driver Filter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
Audia
AVS Audio Editor version 4.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Battlefield 2(TM)
BitTorrent
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCP Accelerator
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cognitive Tutor
Comcast High-Speed Internet Install Wizard
Comodo Dragon
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Complete Control Program
Complete Control Program (Commercial Version)
CyberLink DVD Suite
D3DX10
daVinci
DNA
Drag Net
Dropbox
EA Download Manager
EAWManager 1.0.15
EAWPilot 1.1.60.0
ESU for Microsoft Vista
Extron Electronics - DataViewer
Extron Electronics - Global Configurator 3.2
Extron Electronics - USB Driver Installer v1.0.0
ExtronCorLib
Google SketchUp 8
Graboid Video 1.73
grandMA 3D 6 [2.5.3][6.6] v6.0.20.5248
grandMA2 onPC 2.5.3.6
Harman How To Listen (Public) 2.0.4
Hauppauge MCE XP/Vista Software Encoder (2.0.28062)
Hauppauge WinTV 7
Hauppauge WinTV Infrared Remote
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Games
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Product Detection
HP Quick Launch Buttons
HP Total Care Advisor
HP Update
HP User Guides 0129
HP Wireless Assistant
HPSSupply
HPTCSSetup
IDT Audio
iLive Editor V1.83
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
Junk Mail filter update
Kiwee Chatbar
Kiwee Toolbar for Firefox
Kiwee Toolbar for Internet Explorer
Kramer Software
LabelPrint
Lantronix CPR 4.3.0.0 (x64)
LightScribe System Software 1.14.17.1
LightScribe Template Designs - Music Pack 1
Live 7.0.10
Logitech Gaming Software 5.10
Malwarebytes Anti-Malware version 1.61.0.1400
Martin LightJockey version 2.95
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
Navionics PC App-1.7.1.0
Navionics PC App-1.7.2.0
Navionics PC App-1.7.3.0
Navionics World
ooVoo
PA095 / PA075 USB2.0 DOCK 7.10
Performance Manager
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
PunkBuster Services
QLBCASL
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Segoe UI
Shop for HP Supplies
Shure Wireless Workbench Software 4.3
Skins
Skype™ 5.3
Smaart 7
SPORE Creature Creator Trial Edition
SR 4 Label Maker
Studio Manager 64bit
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
System Architect 2.30
TeamViewer 6
The Sims™ 3
ThreatFire
Transparent TaskBar
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
USBPre Microphone Interface
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.0.1
webcam 7
WildTangent Games App (HP Games)
Windows Driver Package - Extron Electronics (WinUSB) Extron (12/01/2009 1.0.0.11)
Windows Driver Package - Synaptics (SynTP) Mouse (03/31/2011 15.2.20.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Wireless Systems Manager
Yahoo! Install Manager
Yamaha DME-N Network Driver
Yamaha LS9 Editor
.
==== End Of File ===========================

Broni · Dec 9, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Since I had to restore

What exactly do you mean by "restore"?

Sistrunk · Dec 9, 2012

After I chose to remove the checked threat on malwarebytes I could not reboot and the windows auto repair could not fix it. So restored to an earlier restore point from the other options menu.

Broni · Dec 9, 2012

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Sistrunk · Dec 9, 2012

I downloaded and ran the roguekiller and it wants to reboot and directed me to their website. Should I reboot now? I also downloaded the aswMBR but have not run it yet

Sistrunk · Dec 10, 2012

Tried to include the reports from rouguekiller but my ie has stopped responding.

Broni · Dec 10, 2012

Try different browser.

Sistrunk · Dec 10, 2012

Ok, got it back running! and here are the reports before the reboot:
RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 11 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hostsRogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
--- User ---
[MBR] b424df27bf04a85c6a2b283f75a9bf42
[BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Ativa 1GB USB Device +++++
--- User ---
[MBR] 9d91487f44fb2ffb075e82c1d7101251
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 8 | Size: 953 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_12092012_02d2341.txt >>
RKreport[1]_S_12092012_02d2338.txt ; RKreport[2]_D_12092012_02d2341.txt

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
--- User ---
[MBR] b424df27bf04a85c6a2b283f75a9bf42
[BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Ativa 1GB USB Device +++++
--- User ---
[MBR] 9d91487f44fb2ffb075e82c1d7101251
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 8 | Size: 953 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_12092012_02d2338.txt >>
RKreport[1]_S_12092012_02d2338.txt
RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
--- User ---
[MBR] b424df27bf04a85c6a2b283f75a9bf42
[BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Ativa 1GB USB Device +++++
--- User ---
[MBR] 9d91487f44fb2ffb075e82c1d7101251
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 8 | Size: 953 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_12092012_02d2341.txt >>
RKreport[1]_S_12092012_02d2338.txt ; RKreport[2]_D_12092012_02d2341.txt

Sistrunk · Dec 10, 2012

Tried to reboot after but now won't reboot. Goes to windows repair screen. I just shut the comp down for now and I'll wait for further instructions. Hitting the hay I'll check back tomorrow afternoon.

Broni · Dec 10, 2012

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

Sistrunk · Dec 10, 2012

Sorry Broni, but this is about as frustrating as the NHL lockout! Can't get anything online but my phone. So I'll download the files from work tomorrow and try to post then.

Broni · Dec 10, 2012

No problem

Sistrunk · Dec 13, 2012

Ok, here are the FRST and Search logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012
Ran by SYSTEM at 11-12-2012 17:47:06
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9577680 2012-11-07] (COMODO)
HKLM-x32\...\Run: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe" [378128 2010-01-14] (PC Tools)
HKLM-x32\...\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
HKU\Jose\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Jose\...\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB5; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; .NET CLR 3.5.21022)" -"http://www.miniclip.com/games/alien-hive/en/" [460216 2009-03-19] (Adobe Systems, Inc.)
HKU\Jose\...\Winlogon: [Shell] Explorer.exe
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039}: [NameServer]8.26.56.26,156.154.70.22
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Scrybe.lnk
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)

==================== Services (Whitelisted) ===================

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1054568 2010-03-27] (Acronis)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-11-21] (Acronis)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2828408 2012-11-07] (COMODO)
2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1853584 2012-09-28] ()
2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works)
2 jjtAutoLaunch; "C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe" [114688 2002-01-22] (Sound Devices, LLC)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-24] ()
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-06-29] ()
2 ScrybeUpdater; "C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe" [1300264 2011-05-27] (Synaptics, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)
2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe service [70928 2010-01-14] (PC Tools)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2008-09-24] ()
2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116096 2008-09-24] ()
3 w7Svc; C:\Program Files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV [4999680 2011-07-27] (Moonware Studios)
2 AGCoreService; "C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" [x]

==================== Drivers (Whitelisted) =====================

1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [584056 2012-11-07] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [45872 2012-11-07] (COMODO)
3 hcw72ADFilter; C:\Windows\System32\Drivers\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.)
3 hcw72ATV; C:\Windows\System32\Drivers\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.)
3 hcw72DTV; C:\Windows\System32\Drivers\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.)
3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [28672 2011-08-26] (http://libusb-win32.sourceforge.net)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-11-21] (Acronis)
0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
0 TfSysMon; C:\Windows\System32\Drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
4 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
1 toocpocs; \??\C:\Windows\system32\drivers\toocpocs.sys [x]
1 xlleposz; \??\C:\Windows\system32\drivers\xlleposz.sys [x]
1 zxjqdcmu; \??\C:\Windows\system32\drivers\zxjqdcmu.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-09 20:41 - 2012-12-09 20:41 - 00003021 ____A C:\Users\Jose\Desktop\RKreport[2]_D_12092012_02d2341.txt
2012-12-09 20:38 - 2012-12-09 20:38 - 00002918 ____A C:\Users\Jose\Desktop\RKreport[1]_S_12092012_02d2338.txt
2012-12-09 20:36 - 2012-12-09 20:40 - 00000000 ____D C:\Users\Jose\Desktop\RK_Quarantine
2012-12-09 20:34 - 2012-12-09 20:35 - 04732416 ____A (AVAST Software) C:\Users\Jose\Desktop\aswMBR.exe
2012-12-09 20:34 - 2012-12-09 20:34 - 00753664 ____A C:\Users\Jose\Desktop\RogueKiller.exe
2012-12-09 19:03 - 2012-12-09 19:03 - 00015931 ____A C:\Users\Jose\Desktop\dds.txt
2012-12-09 19:03 - 2012-12-09 19:03 - 00013584 ____A C:\Users\Jose\Desktop\attach.txt
2012-12-09 18:53 - 2012-12-09 18:53 - 00688992 ____R (Swearware) C:\Users\Jose\Desktop\dds.com
2012-12-09 18:52 - 2012-12-09 18:52 - 00688992 ____A (Swearware) C:\Users\Jose\Downloads\dds.com
2012-11-23 05:50 - 2012-12-09 20:48 - 00000000 ____D C:\Users\Jose\{945e8b33-257c-47a6-a7b1-1bea1374f118}
2012-11-23 05:48 - 2012-11-23 05:48 - 00001753 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-11-23 05:48 - 2012-11-23 05:48 - 00001753 ____A C:\Users\All Users\Desktop\COMODO Firewall.lnk
2012-11-23 05:47 - 2012-12-09 18:36 - 00000000 ____D C:\Users\All Users\Comodo
2012-11-23 05:47 - 2012-12-09 18:36 - 00000000 ____D C:\Users\All Users\Application Data\Comodo
2012-11-23 05:47 - 2012-11-23 05:47 - 00050952 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2012-11-23 05:47 - 2012-11-23 05:47 - 00042760 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2012-11-23 05:47 - 2012-11-23 05:47 - 00000951 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
2012-11-23 05:47 - 2012-11-23 05:47 - 00000951 ____A C:\Users\All Users\Desktop\Comodo Dragon.lnk
2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\Local Settings\Comodo
2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\Local Settings\Application Data\Comodo
2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\AppData\Local\Comodo
2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Program Files (x86)\Comodo
2012-11-23 05:46 - 2012-11-23 05:46 - 00000000 ____D C:\Program Files\COMODO
2012-11-23 05:34 - 2012-11-23 05:34 - 00001945 ____A C:\Windows\epplauncher.mif
2012-11-23 05:33 - 2012-11-23 05:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-11-23 05:30 - 2012-11-23 05:43 - 98142048 ____A (COMODO) C:\Users\Jose\Downloads\cfw_installer.exe
2012-11-23 05:30 - 2010-04-06 00:34 - 00345984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-11-23 05:21 - 2012-11-23 05:22 - 02202416 ____A (Check Point Software Technologies LTD) C:\Users\Jose\Downloads\zaSetupWeb_102_078_000 (1).exe
2012-11-23 05:21 - 2012-02-29 07:37 - 00005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-11-23 05:21 - 2012-02-29 07:35 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-11-23 05:21 - 2012-02-29 07:11 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-11-23 05:21 - 2012-02-29 07:09 - 00157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-11-23 05:21 - 2012-02-29 05:52 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-11-23 05:18 - 2012-09-13 05:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-11-23 05:18 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-11-23 05:17 - 2012-07-04 06:33 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-23 05:15 - 2012-08-24 08:07 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-11-23 05:15 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-11-23 05:14 - 2012-06-01 16:20 - 01268736 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-11-23 05:14 - 2012-06-01 16:20 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-11-23 05:14 - 2012-06-01 16:20 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-11-23 05:14 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-11-23 05:14 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-11-23 05:14 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-11-23 05:11 - 2012-08-29 03:40 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-11-22 16:22 - 2012-11-22 16:22 - 00000000 __AHT C:\Windows\wusa.lock
2012-11-22 16:20 - 2012-11-22 16:21 - 02202416 ____A (Check Point Software Technologies LTD) C:\Users\Jose\Downloads\zaSetupWeb_102_078_000.exe
2012-11-22 16:16 - 2012-11-22 22:14 - 00000000 ____D C:\c40bedb1496b4042420d2909bd
2012-11-22 16:15 - 2012-11-22 16:16 - 13529576 ____A (Microsoft Corporation) C:\Users\Jose\Downloads\mseinstall.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 17773056 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 12268544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 10884096 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 09702400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-11-22 14:51 - 2012-11-22 14:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-11-22 14:51 - 2012-11-22 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-22 14:51 - 2012-11-22 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-22 14:51 - 2012-11-22 14:51 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 02136064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01797632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01785344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-22 14:51 - 2012-11-22 14:51 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-22 14:51 - 2012-11-22 14:51 - 01389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01344000 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01102336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-11-22 14:51 - 2012-11-22 14:51 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-11-22 14:51 - 2012-11-22 14:51 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00236544 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-11-22 14:51 - 2012-11-22 14:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-11-22 14:51 - 2012-11-22 14:51 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-11-22 02:02 - 2012-11-22 02:06 - 00000000 ____D C:\Program Files\Microsoft Fix it Center
2012-11-21 20:00 - 2012-11-23 05:33 - 00000000 ____D C:\Program Files\Microsoft Security Client

==================== One Month Modified Files and Folders =======

2012-12-11 17:46 - 2012-12-11 17:46 - 00000000 ____D C:\FRST
2012-12-09 23:02 - 2008-01-20 19:26 - 00193650 ____A C:\Windows\PFRO.log
2012-12-09 23:01 - 2009-02-12 14:44 - 01831480 ____A C:\Windows\WindowsUpdate.log
2012-12-09 23:01 - 2008-10-22 23:45 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-12-09 23:01 - 2006-11-02 07:42 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-09 23:01 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-09 23:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-09 23:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-09 23:00 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\tracing
2012-12-09 22:04 - 2012-04-01 00:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\Local Settings\Windows Live
2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\Local Settings\Application Data\Windows Live
2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\AppData\Local\Windows Live
2012-12-09 20:48 - 2012-11-23 05:50 - 00000000 ____D C:\Users\Jose\{945e8b33-257c-47a6-a7b1-1bea1374f118}
2012-12-09 20:48 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
2012-12-09 20:48 - 2006-11-02 04:33 - 86245376 ____A C:\Windows\System32\config\software_previous
2012-12-09 20:47 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
2012-12-09 20:47 - 2006-11-02 04:33 - 26214400 ____A C:\Windows\System32\config\system_previous
2012-12-09 20:41 - 2012-12-09 20:41 - 00003021 ____A C:\Users\Jose\Desktop\RKreport[2]_D_12092012_02d2341.txt
2012-12-09 20:40 - 2012-12-09 20:36 - 00000000 ____D C:\Users\Jose\Desktop\RK_Quarantine
2012-12-09 20:38 - 2012-12-09 20:38 - 00002918 ____A C:\Users\Jose\Desktop\RKreport[1]_S_12092012_02d2338.txt
2012-12-09 20:35 - 2012-12-09 20:34 - 04732416 ____A (AVAST Software) C:\Users\Jose\Desktop\aswMBR.exe
2012-12-09 20:34 - 2012-12-09 20:34 - 00753664 ____A C:\Users\Jose\Desktop\RogueKiller.exe
2012-12-09 20:28 - 2006-11-02 04:33 - 00057344 ____A C:\Windows\System32\config\sam_previous
2012-12-09 20:28 - 2006-11-02 04:33 - 00024576 ____A C:\Windows\System32\config\security_previous
2012-12-09 19:05 - 2006-11-02 04:46 - 00756338 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-09 19:03 - 2012-12-09 19:03 - 00015931 ____A C:\Users\Jose\Desktop\dds.txt
2012-12-09 19:03 - 2012-12-09 19:03 - 00013584 ____A C:\Users\Jose\Desktop\attach.txt
2012-12-09 18:54 - 2006-11-02 07:27 - 00189181 ____A C:\Windows\setupact.log
2012-12-09 18:53 - 2012-12-09 18:53 - 00688992 ____R (Swearware) C:\Users\Jose\Desktop\dds.com
2012-12-09 18:52 - 2012-12-09 18:52 - 00688992 ____A (Swearware) C:\Users\Jose\Downloads\dds.com
2012-12-09 18:48 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2012-12-09 18:36 - 2012-11-23 05:47 - 00000000 ____D C:\Users\All Users\Comodo
2012-12-09 18:36 - 2012-11-23 05:47 - 00000000 ____D C:\Users\All Users\Application Data\Comodo
2012-12-09 18:34 - 2009-03-01 17:29 - 00000000 ____D C:\users\Jose
2012-12-09 18:32 - 2006-11-02 07:21 - 00325464 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-09 18:29 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-12-09 18:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Journal
2012-12-09 17:25 - 2006-11-02 04:33 - 55574528 ____A C:\Windows\System32\config\components_previous
2012-12-09 17:25 - 2006-11-02 04:33 - 00524288 ____A C:\Windows\System32\config\default_previous
2012-11-23 05:48 - 2012-11-23 05:48 - 00001753 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-11-23 05:48 - 2012-11-23 05:48 - 00001753 ____A C:\Users\All Users\Desktop\COMODO Firewall.lnk
2012-11-23 05:47 - 2012-11-23 05:47 - 00050952 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2012-11-23 05:47 - 2012-11-23 05:47 - 00042760 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2012-11-23 05:47 - 2012-11-23 05:47 - 00000951 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
2012-11-23 05:47 - 2012-11-23 05:47 - 00000951 ____A C:\Users\All Users\Desktop\Comodo Dragon.lnk
2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\Local Settings\Comodo
2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\Local Settings\Application Data\Comodo
2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Jose\AppData\Local\Comodo
2012-11-23 05:47 - 2012-11-23 05:47 - 00000000 ____D C:\Program Files (x86)\Comodo
2012-11-23 05:46 - 2012-11-23 05:46 - 00000000 ____D C:\Program Files\COMODO
2012-11-23 05:43 - 2012-11-23 05:30 - 98142048 ____A (COMODO) C:\Users\Jose\Downloads\cfw_installer.exe
2012-11-23 05:35 - 2006-11-02 04:35 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-11-23 05:34 - 2012-11-23 05:34 - 00001945 ____A C:\Windows\epplauncher.mif
2012-11-23 05:33 - 2012-11-23 05:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-11-23 05:33 - 2012-11-21 20:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-11-23 05:22 - 2012-11-23 05:21 - 02202416 ____A (Check Point Software Technologies LTD) C:\Users\Jose\Downloads\zaSetupWeb_102_078_000 (1).exe
2012-11-22 22:14 - 2012-11-22 16:16 - 00000000 ____D C:\c40bedb1496b4042420d2909bd
2012-11-22 16:40 - 2011-04-11 19:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-22 16:22 - 2012-11-22 16:22 - 00000000 __AHT C:\Windows\wusa.lock
2012-11-22 16:21 - 2012-11-22 16:20 - 02202416 ____A (Check Point Software Technologies LTD) C:\Users\Jose\Downloads\zaSetupWeb_102_078_000.exe
2012-11-22 16:16 - 2012-11-22 16:15 - 13529576 ____A (Microsoft Corporation) C:\Users\Jose\Downloads\mseinstall.exe
2012-11-22 14:54 - 2006-11-02 05:33 - 00000000 ___RD C:\Windows\Offline Web Pages
2012-11-22 14:54 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-22 14:52 - 2012-01-08 10:14 - 00004753 ____A C:\Windows\IE9_main.log
2012-11-22 14:52 - 2006-11-02 04:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
2012-11-22 14:52 - 2006-11-02 04:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
2012-11-22 14:52 - 2006-11-01 22:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-11-22 14:52 - 2006-11-01 22:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-11-22 14:51 - 2012-11-22 14:51 - 17773056 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 12268544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 10884096 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 09702400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-11-22 14:51 - 2012-11-22 14:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-11-22 14:51 - 2012-11-22 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-22 14:51 - 2012-11-22 14:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-22 14:51 - 2012-11-22 14:51 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 02136064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01797632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01785344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-22 14:51 - 2012-11-22 14:51 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-22 14:51 - 2012-11-22 14:51 - 01389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01344000 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 01102336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-11-22 14:51 - 2012-11-22 14:51 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-11-22 14:51 - 2012-11-22 14:51 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00236544 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-11-22 14:51 - 2012-11-22 14:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-11-22 14:51 - 2012-11-22 14:51 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-11-22 14:51 - 2012-11-22 14:51 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-11-22 14:49 - 2008-10-23 00:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-11-22 14:44 - 2008-10-23 01:11 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-22 14:44 - 2008-10-23 01:11 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-11-22 02:06 - 2012-11-22 02:02 - 00000000 ____D C:\Program Files\Microsoft Fix it Center
2012-11-21 15:31 - 2009-04-15 14:28 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-11-19 20:54 - 2009-03-02 20:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-13 17:37 - 2009-03-16 11:46 - 00000000 ____D C:\Users\Jose\Application Data\DNA
2012-11-13 17:37 - 2009-03-16 11:46 - 00000000 ____D C:\Users\Jose\AppData\Roaming\DNA
2012-11-13 17:37 - 2009-03-02 13:46 - 00000000 ____D C:\Users\Jose\Tracing
2012-11-13 17:36 - 2010-11-07 18:34 - 00000000 ____D C:\Windows\pss
2012-11-13 17:33 - 2010-11-20 05:46 - 00000000 ____D C:\Users\Jose\Application Data\Dropbox
2012-11-13 17:33 - 2010-11-20 05:46 - 00000000 ____D C:\Users\Jose\AppData\Roaming\Dropbox
2012-11-13 17:32 - 2009-03-16 11:46 - 00000000 ____D C:\Program Files (x86)\DNA

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-08 22:26:41
Restore point made on: 2012-10-10 22:42:47
Restore point made on: 2012-11-12 00:44:20
Restore point made on: 2012-11-19 20:39:37
Restore point made on: 2012-11-21 16:06:14
Restore point made on: 2012-11-21 16:35:25
Restore point made on: 2012-11-22 01:58:39
Restore point made on: 2012-11-22 09:16:18
Restore point made on: 2012-11-22 13:57:29
Restore point made on: 2012-11-22 14:42:25
Restore point made on: 2012-11-22 16:23:52
Restore point made on: 2012-11-23 05:18:55
Restore point made on: 2012-11-23 05:51:24
Restore point made on: 2012-12-09 15:07:43

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 1789.02 MB
Available physical RAM: 1202.84 MB
Total Pagefile: 1535.46 MB
Available Pagefile: 1173.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:285.18 GB) (Free:114.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (My 1GB) (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 954 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 285 GB 1024 KB
Partition 2 Primary 13 GB 285 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 285 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 953 MB 4096 B

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F My 1GB FAT Removable 953 MB Healthy

=========================================================

Last Boot: 2012-12-09 18:38

==================== End Of Log =============================
Farbar Recovery Scan Tool (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-11 17:51:08
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2010-08-27 19:51] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2010-08-27 19:51] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2010-08-27 19:51] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\system64\services.exe
[2008-01-18 22:03] - [2008-01-19 00:00] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\System32\services.exe
[2010-08-27 19:51] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-07-21 23:09] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-07-21 23:10] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2010-07-16 23:09] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2010-07-16 23:04] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

====== End Of Search ======

Broni · Dec 13, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

Sistrunk · Dec 14, 2012

Uploaded and ran the fixlist file but still not booting. Unfortunately I can not post the log file right now for as I don't have an online comp at home. But will get it up ASAP.

Broni · Dec 14, 2012

That's fine.
We'll run another fix.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot now.

Sistrunk · Dec 14, 2012

Since I can't download the file, can I just manually copy the file you sent and run it?

Broni · Dec 14, 2012

You can download it on a computer you're posting from.

Sistrunk · Dec 18, 2012

I've been posting from my phone and been trying to take a drive to work to download the files. But have been on the road recently.

Broni · Dec 18, 2012

Keep me posted....

Sistrunk · Dec 19, 2012

Okay have the file now. Here's the post from the first fix where the comp still did not boot.
going to load new file later and hopefully post back tonight.

RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Jose [Admin rights]
Mode : Scan -- Date : 12/09/2012 23:38:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
--- User ---
[MBR] b424df27bf04a85c6a2b283f75a9bf42
[BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Ativa 1GB USB Device +++++
--- User ---
[MBR] 9d91487f44fb2ffb075e82c1d7101251
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 8 | Size: 953 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12092012_02d2338.txt >>
RKreport[1]_S_12092012_02d2338.txt

Broni · Dec 19, 2012

This is not Fixlog.txt log.
It's RogueKiller log.

Sistrunk · Dec 24, 2012

Sorry clicked on the wrong one. Still trying to get a comp online at home. 

Sistrunk · Dec 27, 2012

The comp is still not booting and here is the fix log.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-19 17:58:59 Run:3
Running from F:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Solved Serifef.ab and p

Posts: 70 +0

Posts: 70 +0

Posts: 56,041 +516

Posts: 70 +0

Posts: 56,041 +516

Posts: 70 +0

Posts: 70 +0

Posts: 56,041 +516

Posts: 70 +0

Posts: 70 +0

Posts: 56,041 +516

Posts: 70 +0

Posts: 56,041 +516

Posts: 70 +0

Posts: 56,041 +516

Attachments

Posts: 70 +0

Posts: 56,041 +516

Attachments

Posts: 70 +0

Posts: 56,041 +516

Posts: 70 +0

Posts: 56,041 +516

Posts: 70 +0

Posts: 56,041 +516

Posts: 70 +0

Posts: 70 +0

Similar threads