MacThreat
Posts: 15 +0
Hey, I'm currently having a problem with the Sirefef Virus. As requested in the other threads, I have attached all the files that were asked for in the other threads. I looked through the reg edits that where said before, but some of the things don't exist for me. So I am wondering if you could help me out.
Thanks
I am able to get into Safe Mode although I am NOT able to get into "Repair your Computer", it will not let me in.
----------------------------------------------------
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.17.07
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Richard :: RICHARD-PC [administrator]
9/17/2012 10:14:38 AM
mbam-log-2012-09-17 (10-14-38).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338260
Time elapsed: 46 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\00000004.@.vir (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\80000000.@.vir (Trojan.Small) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Quarantined and deleted successfully.
(end)
----------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-17 08:55:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-75ZCT2 rev.11.01A11
Running: 0tfrv1tc.exe; Driver: C:\Users\Richard\AppData\Local\Temp\ufliqfow.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\fastfat \Fat 8EB89A7A
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions /NOEXECUTE=OPTIN IN/MINT
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 632
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg50AE.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\gtn50AF.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\gth50B0.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424??\??\C:\Program Files\Google\GoogleToolbarNotifier\Goo50B1.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier??\??\C:\Users\Richard\AppData\Local\Temp\Google Toolbar\inuF22E.tmp??\??\C:\Users\Richard\AppData\Local\Temp\gusF1FC.tmp??\??\C:\Users\Richard\AppData\Local\Temp\Google Toolbar\inuF4DE.tmp??\??\C:\Program Files\Google??\??\C:\Config.Msi\557a4.rbf??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12bar.dll??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsvc.exe??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\T8RES.DLL??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12bar.dll??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsv
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 591
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 360685184
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID b9265288-e6fa-49b4-bf68-cba46ef
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@LeaseObtainedTime 1347648854
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@T1 1347708533
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@T2 1347753292
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@LeaseTerminatesTime 1347821654
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{5ABBDF6B-5E9F-471F-B34B-050A74CF2C97}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{5CA5E396-62A1-4E15-AF42-67CBA03EB5EB}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2606743370-2938532883-3730318516-1000@State 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2606743370-2938532883-3730318516-1000@RefCount 0
---- EOF - GMER 1.0.15 ----
----------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Richard at 11:14:05 on 2012-09-17
MicrosoftÆ Windows Vistaô Home Premium 6.0.6002.2.1252.1.1033.18.3030.2541 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80307&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80307
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Toolbar BHO: {a916eefe-6a17-4d7d-a131-2738b260bb55} - c:\progra~1\guffins\bar\1.bin\u4bar.dll
BHO: Search Assistant BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - c:\program files\guffins\bar\1.bin\u4SrcAs.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - c:\program files\guffins\bar\1.bin\u4bar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [MyScrapNook_12bar Uninstall] rundll32 c:\progra~1\12UNIN~1.DLL,O -3
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.entergy.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 8.8.8.8 68.87.73.242
TCP: Interfaces\{C71C8B04-BBD1-4567-8DFC-94204726ED96} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9} : DhcpNameServer = 8.8.8.8 68.87.73.242
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-3-24 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-3-24 203264]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-24 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 GuffinsService;GuffinsService;c:\progra~1\guffins\bar\1.bin\u4barsvc.exe --> c:\progra~1\guffins\bar\1.bin\u4barsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-31 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-31 136176]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-24 112128]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-24 133472]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-24 279488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-17 15:06:4854016----a-w-c:\windows\system32\drivers\dovtuw.sys
2012-09-15 17:29:09279552----a-w-c:\windows\system32\services.exe
2012-09-15 17:12:13--------d-----w-C:\FRST
2012-09-15 17:12:0397440----a-w-c:\windows\system32\drivers\SMR310.SYS
2012-09-15 17:12:0320----a-w-c:\windows\system32\drivers\SMR310.dat
2012-09-15 17:12:02--------d-----w-C:\NPE
2012-09-15 17:11:55--------d-----w-c:\users\richard\appdata\local\NPE
2012-09-15 16:48:10--------d-----w-c:\program files\HitmanPro
2012-09-15 16:47:57--------d-----w-c:\programdata\HitmanPro
2012-09-14 22:00:48303616----a-w-C:\SetACL.exe
2012-09-14 21:43:30290304----a-w-C:\subinacl.exe
2012-09-14 21:43:20--------d-----w-C:\Tweaking.com_Windows_Repair_Logs
2012-09-14 20:51:09--------d-----w-c:\windows\pss
2012-09-14 20:37:4754016----a-w-c:\windows\system32\drivers\uoyffqy.sys
2012-09-14 19:30:11--------d-----w-c:\program files\ESET
2012-09-14 19:25:31--------d-----w-c:\users\richard\appdata\roaming\Malwarebytes
2012-09-14 19:25:2522856----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-14 19:25:25--------d-----w-c:\programdata\Malwarebytes
2012-09-14 19:25:24--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-09-14 19:04:16172408----a-w-c:\program files\12res.dll
.
==================== Find3M ====================
.
.
============= FINISH: 11:15:49.21 ===============
----------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2012 02
Ran by Richard at 17-09-2012 11:22:33
Running from F:\
Service Pack 2 (X86) OS Language: English(US)
The current controlset is ControlSet001
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
==================== One Month Created Files and Folders ========
2012-09-17 11:13 - 2012-09-17 11:13 - 00607260 ____A (Swearware) C:\Users\Richard\Downloads\dds.com
2012-09-17 11:06 - 2012-09-17 11:06 - 00054016 ____A C:\Windows\System32\Drivers\dovtuw.sys
2012-09-15 13:50 - 2012-09-15 13:50 - 00302592 ____A C:\Users\Richard\Downloads\0tfrv1tc.exe
2012-09-15 13:29 - 2009-04-11 02:27 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-09-15 13:12 - 2012-09-15 13:12 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-15 13:12 - 2012-09-15 13:12 - 00000020 ____A C:\Windows\System32\Drivers\SMR310.dat
2012-09-15 13:12 - 2012-09-15 13:12 - 00000000 ____D C:\NPE
2012-09-15 13:12 - 2012-09-15 13:12 - 00000000 ____D C:\FRST
2012-09-15 13:11 - 2012-09-15 13:11 - 00000000 ____D C:\Users\Richard\AppData\Local\NPE
2012-09-15 12:48 - 2012-09-15 12:48 - 00001694 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-09-15 12:48 - 2012-09-15 12:48 - 00000000 ____D C:\Program Files\HitmanPro
2012-09-15 12:47 - 2012-09-15 12:48 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-09-15 12:26 - 2012-09-15 12:26 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-09-14 18:00 - 2008-05-07 22:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-09-14 17:43 - 2004-06-11 16:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-09-14 17:41 - 2012-09-17 11:12 - 00000680 ____A C:\Users\Richard\AppData\Local\d3d9caps.dat
2012-09-14 17:41 - 2012-09-14 17:41 - 00000488 ____A C:\Windows\WindowsUpdate.log
2012-09-14 17:17 - 2012-09-15 11:33 - 00000000 ___SD C:\32788R22FWJFW
2012-09-14 17:17 - 2012-09-15 11:33 - 00000000 ____D C:\Windows\erdnt
2012-09-14 17:17 - 2012-09-15 11:33 - 00000000 ____D C:\Qoobox
2012-09-14 16:51 - 2012-09-15 12:04 - 00000000 ____D C:\Windows\pss
2012-09-14 16:37 - 2012-09-14 16:37 - 00054016 ____A C:\Windows\System32\Drivers\uoyffqy.sys
2012-09-14 15:30 - 2012-09-14 15:30 - 00000000 ____D C:\Program Files\ESET
2012-09-14 15:25 - 2012-09-14 15:27 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 15:25 - 2012-09-14 15:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-14 15:25 - 2012-09-14 15:25 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Malwarebytes
2012-09-14 15:25 - 2012-09-14 15:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-14 15:25 - 2012-09-07 17:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-14 15:13 - 2012-09-17 11:10 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-09-14 15:04 - 2012-05-28 13:13 - 00172408 ____A () C:\Program Files\12res.dll
==================== 3 Months Modified Files ==================
2012-09-17 11:13 - 2012-09-17 11:13 - 00607260 ____A (Swearware) C:\Users\Richard\Downloads\dds.com
2012-09-17 11:12 - 2012-09-14 17:41 - 00000680 ____A C:\Users\Richard\AppData\Local\d3d9caps.dat
2012-09-17 11:10 - 2012-09-14 15:13 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-09-17 11:06 - 2012-09-17 11:06 - 00054016 ____A C:\Windows\System32\Drivers\dovtuw.sys
2012-09-15 13:50 - 2012-09-15 13:50 - 00302592 ____A C:\Users\Richard\Downloads\0tfrv1tc.exe
2012-09-15 13:35 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-15 13:12 - 2012-09-15 13:12 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-15 13:12 - 2012-09-15 13:12 - 00000020 ____A C:\Windows\System32\Drivers\SMR310.dat
2012-09-15 12:48 - 2012-09-15 12:48 - 00001694 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-09-14 18:05 - 2006-11-02 06:33 - 00728784 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-14 17:41 - 2012-09-14 17:41 - 00000488 ____A C:\Windows\WindowsUpdate.log
2012-09-14 17:18 - 2012-05-31 19:12 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-14 16:37 - 2012-09-14 16:37 - 00054016 ____A C:\Windows\System32\Drivers\uoyffqy.sys
2012-09-14 15:27 - 2012-09-14 15:25 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 15:12 - 2006-11-02 09:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-14 15:12 - 2006-11-02 08:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-14 15:12 - 2006-11-02 08:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-14 14:56 - 2012-05-31 19:12 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-14 12:35 - 2012-04-23 21:29 - 00001849 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-09-07 17:04 - 2012-09-14 15:25 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-08 18:24 - 2006-11-02 06:22 - 47972352 ____A C:\Windows\System32\config\software_previous
2012-08-08 18:24 - 2006-11-02 06:22 - 37748736 ____A C:\Windows\System32\config\components_previous
2012-08-08 18:24 - 2006-11-02 06:22 - 24903680 ____A C:\Windows\System32\config\system_previous
2012-08-08 18:24 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-08-08 18:24 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-08-08 18:24 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-07-16 08:13 - 2006-11-02 08:47 - 00379584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-15 22:50 - 2006-11-02 06:23 - 00000219 ____A C:\Windows\win.ini
2012-07-12 14:33 - 2009-04-11 11:34 - 00039424 ____A C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-11 11:20 - 2012-07-11 11:20 - 00011264 ____A C:\Users\Richard\Documents\Scavenger Rules.wps
2012-07-11 11:20 - 2009-03-31 22:02 - 00000318 ____A C:\Users\Richard\AppData\Roaming\wklnhst.dat
2012-07-03 03:13 - 2006-11-02 06:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-30 09:44 - 2012-06-30 09:44 - 00000168 ____A C:\Users\Richard\Desktop\sing.url
2012-06-24 19:32 - 2012-06-24 19:32 - 00001614 ____A C:\Users\Richard\Desktop\Calculator.lnk
ZeroAccess:
C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}
C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\L
C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U
ZeroAccess:
C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}
C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\@
C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\L
C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3030.17 MB
Available physical RAM: 2483.72 MB
Total Pagefile: 3164.69 MB
Available Pagefile: 2879.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.5 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:222.81 GB) (Free:189.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.42 GB) NTFS
4 Drive f: () (Removable) (Total:15.1 GB) (Free:5.65 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 15 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 32 KB
Partition 2 Primary 10 GB 79 MB
Partition 3 Primary 223 GB 10 GB
=========================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 78 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 223 GB Healthy Boot
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 16 KB
=========================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 15 GB Healthy
=========================================================
Last Boot: 2012-09-14 15:00
==================== End Of Log ============================
Thanks
I am able to get into Safe Mode although I am NOT able to get into "Repair your Computer", it will not let me in.
----------------------------------------------------
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.17.07
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Richard :: RICHARD-PC [administrator]
9/17/2012 10:14:38 AM
mbam-log-2012-09-17 (10-14-38).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338260
Time elapsed: 46 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\00000004.@.vir (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\80000000.@.vir (Trojan.Small) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Quarantined and deleted successfully.
(end)
----------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-17 08:55:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-75ZCT2 rev.11.01A11
Running: 0tfrv1tc.exe; Driver: C:\Users\Richard\AppData\Local\Temp\ufliqfow.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\fastfat \Fat 8EB89A7A
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions /NOEXECUTE=OPTIN IN/MINT
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 632
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg50AE.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\gtn50AF.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\gth50B0.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424??\??\C:\Program Files\Google\GoogleToolbarNotifier\Goo50B1.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier??\??\C:\Users\Richard\AppData\Local\Temp\Google Toolbar\inuF22E.tmp??\??\C:\Users\Richard\AppData\Local\Temp\gusF1FC.tmp??\??\C:\Users\Richard\AppData\Local\Temp\Google Toolbar\inuF4DE.tmp??\??\C:\Program Files\Google??\??\C:\Config.Msi\557a4.rbf??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12bar.dll??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsvc.exe??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\T8RES.DLL??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12bar.dll??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsv
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 591
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 360685184
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID b9265288-e6fa-49b4-bf68-cba46ef
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@LeaseObtainedTime 1347648854
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@T1 1347708533
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@T2 1347753292
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@LeaseTerminatesTime 1347821654
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{5ABBDF6B-5E9F-471F-B34B-050A74CF2C97}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{5CA5E396-62A1-4E15-AF42-67CBA03EB5EB}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2606743370-2938532883-3730318516-1000@State 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2606743370-2938532883-3730318516-1000@RefCount 0
---- EOF - GMER 1.0.15 ----
----------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Richard at 11:14:05 on 2012-09-17
MicrosoftÆ Windows Vistaô Home Premium 6.0.6002.2.1252.1.1033.18.3030.2541 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80307&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80307
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Toolbar BHO: {a916eefe-6a17-4d7d-a131-2738b260bb55} - c:\progra~1\guffins\bar\1.bin\u4bar.dll
BHO: Search Assistant BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - c:\program files\guffins\bar\1.bin\u4SrcAs.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - c:\program files\guffins\bar\1.bin\u4bar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [MyScrapNook_12bar Uninstall] rundll32 c:\progra~1\12UNIN~1.DLL,O -3
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.entergy.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 8.8.8.8 68.87.73.242
TCP: Interfaces\{C71C8B04-BBD1-4567-8DFC-94204726ED96} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9} : DhcpNameServer = 8.8.8.8 68.87.73.242
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-3-24 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-3-24 203264]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-24 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 GuffinsService;GuffinsService;c:\progra~1\guffins\bar\1.bin\u4barsvc.exe --> c:\progra~1\guffins\bar\1.bin\u4barsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-31 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-31 136176]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-24 112128]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-24 133472]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-24 279488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-17 15:06:4854016----a-w-c:\windows\system32\drivers\dovtuw.sys
2012-09-15 17:29:09279552----a-w-c:\windows\system32\services.exe
2012-09-15 17:12:13--------d-----w-C:\FRST
2012-09-15 17:12:0397440----a-w-c:\windows\system32\drivers\SMR310.SYS
2012-09-15 17:12:0320----a-w-c:\windows\system32\drivers\SMR310.dat
2012-09-15 17:12:02--------d-----w-C:\NPE
2012-09-15 17:11:55--------d-----w-c:\users\richard\appdata\local\NPE
2012-09-15 16:48:10--------d-----w-c:\program files\HitmanPro
2012-09-15 16:47:57--------d-----w-c:\programdata\HitmanPro
2012-09-14 22:00:48303616----a-w-C:\SetACL.exe
2012-09-14 21:43:30290304----a-w-C:\subinacl.exe
2012-09-14 21:43:20--------d-----w-C:\Tweaking.com_Windows_Repair_Logs
2012-09-14 20:51:09--------d-----w-c:\windows\pss
2012-09-14 20:37:4754016----a-w-c:\windows\system32\drivers\uoyffqy.sys
2012-09-14 19:30:11--------d-----w-c:\program files\ESET
2012-09-14 19:25:31--------d-----w-c:\users\richard\appdata\roaming\Malwarebytes
2012-09-14 19:25:2522856----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-14 19:25:25--------d-----w-c:\programdata\Malwarebytes
2012-09-14 19:25:24--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-09-14 19:04:16172408----a-w-c:\program files\12res.dll
.
==================== Find3M ====================
.
.
============= FINISH: 11:15:49.21 ===============
----------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2012 02
Ran by Richard at 17-09-2012 11:22:33
Running from F:\
Service Pack 2 (X86) OS Language: English(US)
The current controlset is ControlSet001
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
==================== One Month Created Files and Folders ========
2012-09-17 11:13 - 2012-09-17 11:13 - 00607260 ____A (Swearware) C:\Users\Richard\Downloads\dds.com
2012-09-17 11:06 - 2012-09-17 11:06 - 00054016 ____A C:\Windows\System32\Drivers\dovtuw.sys
2012-09-15 13:50 - 2012-09-15 13:50 - 00302592 ____A C:\Users\Richard\Downloads\0tfrv1tc.exe
2012-09-15 13:29 - 2009-04-11 02:27 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-09-15 13:12 - 2012-09-15 13:12 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-15 13:12 - 2012-09-15 13:12 - 00000020 ____A C:\Windows\System32\Drivers\SMR310.dat
2012-09-15 13:12 - 2012-09-15 13:12 - 00000000 ____D C:\NPE
2012-09-15 13:12 - 2012-09-15 13:12 - 00000000 ____D C:\FRST
2012-09-15 13:11 - 2012-09-15 13:11 - 00000000 ____D C:\Users\Richard\AppData\Local\NPE
2012-09-15 12:48 - 2012-09-15 12:48 - 00001694 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-09-15 12:48 - 2012-09-15 12:48 - 00000000 ____D C:\Program Files\HitmanPro
2012-09-15 12:47 - 2012-09-15 12:48 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-09-15 12:26 - 2012-09-15 12:26 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-09-14 18:00 - 2008-05-07 22:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-09-14 17:43 - 2004-06-11 16:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-09-14 17:41 - 2012-09-17 11:12 - 00000680 ____A C:\Users\Richard\AppData\Local\d3d9caps.dat
2012-09-14 17:41 - 2012-09-14 17:41 - 00000488 ____A C:\Windows\WindowsUpdate.log
2012-09-14 17:17 - 2012-09-15 11:33 - 00000000 ___SD C:\32788R22FWJFW
2012-09-14 17:17 - 2012-09-15 11:33 - 00000000 ____D C:\Windows\erdnt
2012-09-14 17:17 - 2012-09-15 11:33 - 00000000 ____D C:\Qoobox
2012-09-14 16:51 - 2012-09-15 12:04 - 00000000 ____D C:\Windows\pss
2012-09-14 16:37 - 2012-09-14 16:37 - 00054016 ____A C:\Windows\System32\Drivers\uoyffqy.sys
2012-09-14 15:30 - 2012-09-14 15:30 - 00000000 ____D C:\Program Files\ESET
2012-09-14 15:25 - 2012-09-14 15:27 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 15:25 - 2012-09-14 15:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-14 15:25 - 2012-09-14 15:25 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Malwarebytes
2012-09-14 15:25 - 2012-09-14 15:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-14 15:25 - 2012-09-07 17:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-14 15:13 - 2012-09-17 11:10 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-09-14 15:04 - 2012-05-28 13:13 - 00172408 ____A () C:\Program Files\12res.dll
==================== 3 Months Modified Files ==================
2012-09-17 11:13 - 2012-09-17 11:13 - 00607260 ____A (Swearware) C:\Users\Richard\Downloads\dds.com
2012-09-17 11:12 - 2012-09-14 17:41 - 00000680 ____A C:\Users\Richard\AppData\Local\d3d9caps.dat
2012-09-17 11:10 - 2012-09-14 15:13 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-09-17 11:06 - 2012-09-17 11:06 - 00054016 ____A C:\Windows\System32\Drivers\dovtuw.sys
2012-09-15 13:50 - 2012-09-15 13:50 - 00302592 ____A C:\Users\Richard\Downloads\0tfrv1tc.exe
2012-09-15 13:35 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-15 13:12 - 2012-09-15 13:12 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-15 13:12 - 2012-09-15 13:12 - 00000020 ____A C:\Windows\System32\Drivers\SMR310.dat
2012-09-15 12:48 - 2012-09-15 12:48 - 00001694 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-09-14 18:05 - 2006-11-02 06:33 - 00728784 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-14 17:41 - 2012-09-14 17:41 - 00000488 ____A C:\Windows\WindowsUpdate.log
2012-09-14 17:18 - 2012-05-31 19:12 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-14 16:37 - 2012-09-14 16:37 - 00054016 ____A C:\Windows\System32\Drivers\uoyffqy.sys
2012-09-14 15:27 - 2012-09-14 15:25 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 15:12 - 2006-11-02 09:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-14 15:12 - 2006-11-02 08:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-14 15:12 - 2006-11-02 08:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-14 14:56 - 2012-05-31 19:12 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-14 12:35 - 2012-04-23 21:29 - 00001849 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-09-07 17:04 - 2012-09-14 15:25 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-08 18:24 - 2006-11-02 06:22 - 47972352 ____A C:\Windows\System32\config\software_previous
2012-08-08 18:24 - 2006-11-02 06:22 - 37748736 ____A C:\Windows\System32\config\components_previous
2012-08-08 18:24 - 2006-11-02 06:22 - 24903680 ____A C:\Windows\System32\config\system_previous
2012-08-08 18:24 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-08-08 18:24 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-08-08 18:24 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-07-16 08:13 - 2006-11-02 08:47 - 00379584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-15 22:50 - 2006-11-02 06:23 - 00000219 ____A C:\Windows\win.ini
2012-07-12 14:33 - 2009-04-11 11:34 - 00039424 ____A C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-11 11:20 - 2012-07-11 11:20 - 00011264 ____A C:\Users\Richard\Documents\Scavenger Rules.wps
2012-07-11 11:20 - 2009-03-31 22:02 - 00000318 ____A C:\Users\Richard\AppData\Roaming\wklnhst.dat
2012-07-03 03:13 - 2006-11-02 06:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-30 09:44 - 2012-06-30 09:44 - 00000168 ____A C:\Users\Richard\Desktop\sing.url
2012-06-24 19:32 - 2012-06-24 19:32 - 00001614 ____A C:\Users\Richard\Desktop\Calculator.lnk
ZeroAccess:
C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}
C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\L
C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U
ZeroAccess:
C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}
C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\@
C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\L
C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3030.17 MB
Available physical RAM: 2483.72 MB
Total Pagefile: 3164.69 MB
Available Pagefile: 2879.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.5 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:222.81 GB) (Free:189.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.42 GB) NTFS
4 Drive f: () (Removable) (Total:15.1 GB) (Free:5.65 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 15 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 32 KB
Partition 2 Primary 10 GB 79 MB
Partition 3 Primary 223 GB 10 GB
=========================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 78 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 223 GB Healthy Boot
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 16 KB
=========================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 15 GB Healthy
=========================================================
Last Boot: 2012-09-14 15:00
==================== End Of Log ============================