Solved Sirefef.w/b/y removal

Lyr21

Posts: 34   +0
I've got a Windows 7 64-bit system that has been infected with these virus'. I've attempted to do virus removal (prior to finding this forum) and was unsuccessful. I've followed the preliminary instructions for viruses/spyware/malware post.

1. done. uninstalled and reinstalled MS Security essentials, ran a quick scan. no troubles found.

2. Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.14.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: SKELCE-L7 [administrator]

Protection: Enabled

3/14/2013 4:35:05 PM
mbam-log-2013-03-14 (16-35-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280082
Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


3. DSS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16446
Run by Administrator at 16:42:34 on 2013-03-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2226 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Windows\SysWOW64\srvany.exe
c:\Windows\sysWOW64\SDIOAssist.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} - hxxps://conference.lyrix.com/buddies/eDialCollabViewer.cab
TCP: NameServer = 10.0.25.9 10.0.25.10
TCP: Interfaces\{333C415A-D9CD-4CC1-930F-61EBC822D465} : DHCPNameServer = 10.0.25.9 10.0.25.10
TCP: Interfaces\{9CE328ED-8EEF-41A7-9937-8723F37EF483} : DHCPNameServer = 10.0.25.9 10.0.25.10
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-10-20 22128]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2010-9-2 21504]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-12 89600]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2010-5-10 2683712]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488]
R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-14 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-14 682344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2011-10-12 8192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-12 2656280]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2011-10-12 27760]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2011-10-12 616960]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-10-12 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-10-12 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-10-12 172960]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-12 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-14 24176]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-10-12 74984]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2011-10-12 83560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-10-12 158976]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-10-12 72808]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2010-9-2 17408]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-14 20:27:3476232----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DDFF698D-FF8C-4A23-92E3-C95FE750BE95}\offreg.dll
2013-03-14 20:18:51972264----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CC589DA-1DC2-4BD0-9CED-19F1C9717AF0}\gapaengine.dll
2013-03-14 20:18:489162192----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DDFF698D-FF8C-4A23-92E3-C95FE750BE95}\mpengine.dll
2013-03-14 20:12:54--------d-----w-C:\Program Files (x86)\Microsoft Security Client
2013-03-14 20:12:50--------d-----w-C:\Program Files\Microsoft Security Client
2013-03-14 20:01:40--------d-----w-C:\Windows\System32\appmgmt
2013-03-14 19:24:17--------d-----w-C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-03-14 19:24:02--------d-----w-C:\ProgramData\Malwarebytes
2013-03-14 19:24:0024176----a-w-C:\Windows\System32\drivers\mbam.sys
2013-03-14 19:24:00--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-14 19:23:46--------d-----w-C:\Users\Administrator\AppData\Local\Programs
2013-03-14 18:45:3127256----a-w-C:\Windows\System32\drivers\FixZeroAccess.sys
2013-03-14 18:27:20--------d-----w-C:\TDSSKiller_Quarantine
2013-03-14 18:17:13--------d-----w-C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 18:09:16--------d-----w-C:\Users\Administrator\AppData\Local\Google
2013-03-14 18:08:13--------d-----w-C:\Users\Administrator\AppData\Local\Broadcom
2013-03-14 18:02:59328704----a-w-C:\Windows\System32\services.exe.558F246069ECD6FE
2013-03-14 17:51:5150392----a-w-C:\Windows\System32\drivers\qiylpclo.sys
2013-03-14 17:51:51328704----a-w-C:\Windows\System32\services.exe.C6D8E622821D75E6
2013-03-14 17:49:20328704----a-w-C:\Windows\System32\services.exe.A1579CA9577EFA72
2013-03-14 17:45:40328704----a-w-C:\Windows\System32\services.exe.C7B83C312CE2B608
2013-03-14 17:41:16328704----a-w-C:\Windows\System32\services.exe.9609358E6A1092CD
2013-03-14 17:35:53328704----a-w-C:\Windows\System32\services.exe.9CA94B43777B0A61
2013-03-14 17:25:07328704----a-w-C:\Windows\System32\services.exe.B0624FF8A4BEE640
2013-02-28 14:38:00--------d-----w-C:\ProgramData\Ask
2013-02-28 14:37:40861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
.
==================== Find3M ====================
.
2013-03-14 18:05:24328704----a-w-C:\Windows\System32\services.exe
2013-02-28 14:37:27782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-01-30 09:00:12273840------w-C:\Windows\System32\MpSigStub.exe
2013-01-20 19:59:04230320----a-w-C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 19:59:04130008----a-w-C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 16:57:08.92 ===============
 
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2011 4:17:38 PM
System Uptime: 3/14/2013 4:10:04 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 03PH4G
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 233.66 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Shrew Soft Virtual Adapter
Device ID: ROOT\VNET\0000
Manufacturer: Shrew Soft
Name: Shrew Soft Virtual Adapter
PNP Device ID: ROOT\VNET\0000
Service: vnet
.
==== System Restore Points ===================
.
RP94: 6/19/2012 8:38:03 AM - Windows Update
RP95: 1/18/2013 10:54:20 AM - Scheduled Checkpoint
RP96: 2/13/2013 4:21:57 PM - Scheduled Checkpoint
RP97: 2/28/2013 9:36:37 AM - Removed Java(TM) 6 Update 29
RP98: 2/28/2013 9:37:18 AM - Installed Java 7 Update 15
RP99: 3/14/2013 4:00:17 PM - Removed Java(TM) 6 Update 27 (64-bit)
RP100: 3/14/2013 4:02:48 PM - Removed Adobe Reader X (10.1.4).
RP101: 3/14/2013 4:04:52 PM - Removed Java 7 Update 15
RP102: 3/14/2013 4:18:21 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
AccelerometerP11
Actual Multiple Monitors 3.3
AuthenTec Fingerprint Software
Bing Bar
BioAPI Framework
Broadcom NetXtreme-I Netlink Driver and Management Installer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Custom
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Client System Update
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
Dell System Manager
Dell Touchpad
Dell Webcam Central
DellAccess
Digital Line Detect
DW WLAN Card Utility
EMBASSY Security Center
Gemalto
Google Chrome
Google Earth
Google Update Helper
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Small Business 2007
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
Notepad++
NTRU TCG Software Stack
O2Micro Flash Memory Card Windows Driver
O2Micro OZ776 SCR Driver
OfficeSuite Softphone
PC-CCID
Preboot Manager
Private Information Manager
PuTTY version 0.61
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Shrew Soft VPN Client
SPBA 5.9
Trusted Drive Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Upek Touchchip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software Installer
WIDCOMM Bluetooth Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
WinSCP 4.3.5
.
==== Event Viewer Messages From Past Week ========
.
3/14/2013 4:10:45 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
3/14/2013 4:10:44 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
3/14/2013 4:10:25 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain LYRIX due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
3/14/2013 3:19:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 3:16:37 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/14/2013 3:16:34 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
3/14/2013 3:16:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/14/2013 3:16:34 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
3/14/2013 3:15:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:54:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:54:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:53:38 PM, Error: Service Control Manager [7034] - The O2SDIOAssist service terminated unexpectedly. It has done this 1 time(s).
3/14/2013 2:52:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:52:16 PM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
3/14/2013 2:52:16 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
3/14/2013 2:52:16 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.0.8001.0 Engine Type: Network Inspection System User: skelce-l7\Administrator Error Code: 0x8007042c Error description: The dependency service or group failed to start.
3/14/2013 2:52:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: skelce-l7\Administrator Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
3/14/2013 2:52:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: skelce-l7\Administrator Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
3/14/2013 2:49:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:46:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:46:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:46:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:46:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:38:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:38:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:38:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:38:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:30:35 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/14/2013 2:30:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/14/2013 2:30:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/14/2013 2:30:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/14/2013 2:30:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/14/2013 2:30:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/14/2013 2:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/14/2013 2:30:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
3/14/2013 2:30:17 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
3/14/2013 2:30:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:30:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:30:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:30:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:30:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vflt vwififlt Wanarpv6 WfpLwf
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/14/2013 2:30:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/14/2013 2:29:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:29:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:29:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:20:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:19:02 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:620 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: skelce-l7\Administrator Process Name: C:\Windows\system32\services.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
3/14/2013 2:14:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:04:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:04:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:04:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:04:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 2:02:59 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:616 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
3/14/2013 2:02:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:02:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:02:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 2:02:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
 
3/14/2013 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:51:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:49:20 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:648 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
3/14/2013 1:48:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:48:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:48:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:48:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:45:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:540 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
3/14/2013 1:44:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:44:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:44:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:44:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:41:16 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:568 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
3/14/2013 1:40:39 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
3/14/2013 1:40:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
3/14/2013 1:40:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:40:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:40:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:40:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:39:03 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/14/2013 1:39:03 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/14/2013 1:39:03 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
3/14/2013 1:39:03 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
3/14/2013 1:39:03 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
3/14/2013 1:38:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:37:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:37:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:37:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:37:50 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
3/14/2013 1:37:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:35:53 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:568 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
3/14/2013 1:34:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:34:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:34:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:34:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:30:48 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:608 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
3/14/2013 1:30:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:30:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:30:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:29:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:28:00 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:604 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
3/14/2013 1:27:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.137.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:27:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:27:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...9.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/14/2013 1:27:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:25:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:600 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.139.0, AS: 1.129.139.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
3/14/2013 1:23:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/14/2013 1:23:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.139.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================




Note: I'm done for the day and will look at this tomorrow morning.
Thanks.
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

redtarget.gif
Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Here is the first log file from RogueKiller:


RogueKiller V8.5.3 [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 03/15/2013 09:26:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{43c45790-a302-66a2-21db-bedf28d52ae1}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{43c45790-a302-66a2-21db-bedf28d52ae1}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-75PVMT0 +++++
--- User ---
[MBR] 34fe3d60538e0876a50085de178ae1ee
[BSP] 4339813d9f975cd25b58ddd0f502f2f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12044 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24748032 | Size: 293160 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03152013_02d0926.txt >>
RKreport[1]_S_03152013_02d0926.txt


Here is the second log file from Rogue Killer

RogueKiller V8.5.3 [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 03/15/2013 09:28:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{43c45790-a302-66a2-21db-bedf28d52ae1}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{43c45790-a302-66a2-21db-bedf28d52ae1}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-75PVMT0 +++++
--- User ---
[MBR] 34fe3d60538e0876a50085de178ae1ee
[BSP] 4339813d9f975cd25b58ddd0f502f2f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12044 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24748032 | Size: 293160 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03152013_02d0928.txt >>
RKreport[1]_S_03152013_02d0926.txt ; RKreport[2]_D_03152013_02d0928.txt


Here is the first mbar-log-xxxxx.txt file

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: SKELCE-L7 [administrator]

3/15/2013 10:09:40 AM
mbar-log-2013-03-15 (10-09-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29428
Time elapsed: 36 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\Users\skelce.LYRIX\Local Settings\Application Data\{43c45790-a302-66a2-21db-bedf28d52ae1}\U (Backdoor.0Access) -> Delete on reboot.
c:\Users\skelce.LYRIX\Local Settings\Application Data\{43c45790-a302-66a2-21db-bedf28d52ae1}\L (Backdoor.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)

Here is the second mbar-log-xxxx.txt file
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.15.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: SKELCE-L7 [administrator]

3/15/2013 10:26:58 AM
mbar-log-2013-03-15 (10-26-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29402
Time elapsed: 15 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the system-log.txt
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4186894336, free: 1997606912

------------ Kernel report ------------
03/15/2013 09:32:43
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\PBADRV.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\vfilter.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\o2sdjw7x64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\O2MDRw7x64.sys
\SystemRoot\system32\DRIVERS\b57nd60a.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\BCM42RLY.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\difxapi.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\ole32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\nsi.dll
\Windows\System32\advapi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006314060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800447e050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.15.05
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006314060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006314b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006314060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80061b1930, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa800447e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00a76ce80, 0xfffffa8006314060, 0xfffffa80063f2790
Lower DeviceData: 0xfffff8a00a8be880, 0xfffffa800447e050, 0xfffffa800653a310
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1A17B0CE

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 24666112
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 24748032 Numsec = 600391680

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Infected: c:\Users\skelce.LYRIX\Local Settings\Application Data\{43c45790-a302-66a2-21db-bedf28d52ae1}\U --> [Backdoor.0Access]
Infected: c:\Users\skelce.LYRIX\Local Settings\Application Data\{43c45790-a302-66a2-21db-bedf28d52ae1}\L --> [Backdoor.0Access]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4186894336, free: 1753407488

------------ Kernel report ------------
03/15/2013 10:11:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\PBADRV.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\vfilter.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\o2sdjw7x64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\O2MDRw7x64.sys
\SystemRoot\system32\DRIVERS\b57nd60a.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\BCM42RLY.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\difxapi.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\ole32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\nsi.dll
\Windows\System32\advapi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006314060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800447e050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa800653a310
Downloaded database version: v2013.03.15.06
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006314060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006314b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006314060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80061b1930, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa800447e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00fdb6dc0, 0xfffffa8006314060, 0xfffffa80063f2790
Lower DeviceData: 0xfffff8a002b18c00, 0xfffffa800447e050, 0xfffffa800653a310
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1A17B0CE

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 24666112
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 24748032 Numsec = 600391680

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
 
Good :)

redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Ran combofix and I ran into an issue when it rebooted the computer and I tried to login after the reboot. No matter what account I tried, I was always getting an error saying "the request is not supported"

I then rebooted into safe mode and I was able to login with the administrator username/password (which is the user that I've been logged in as this entire time) and I was able to login and combofix finished running and created the logfile afterwards.

Here is the logfile from combofix:

ComboFix 13-03-17.01 - Administrator 03/18/2013 15:31:42.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2183 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\lyr-fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\skelce.LYRIX\g2mdlhlpx.exe
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 )))))))))))))))))))))))))))))))
.
.
2013-03-18 19:38 . 2013-03-18 19:38--------d-----w-c:\users\tlesniak\AppData\Local\temp
2013-03-18 19:19 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77C3C763-32EC-429C-A745-5659E13B1E6D}\mpengine.dll
2013-03-18 14:41 . 2013-03-18 14:418294480----a-w-c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-03-15 13:44 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-15 13:44 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-15 13:33 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
2013-03-15 13:33 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
2013-03-15 13:33 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
2013-03-15 13:33 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
2013-03-14 20:32 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
2013-03-14 20:32 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
2013-03-14 20:32 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
2013-03-14 20:32 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2013-03-14 20:32 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
2013-03-14 20:32 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2013-03-14 20:32 . 2013-01-05 05:535553512----a-w-c:\windows\system32\ntoskrnl.exe
2013-03-14 20:32 . 2013-01-05 05:003967848----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2013-03-14 20:32 . 2013-01-05 05:003913064----a-w-c:\windows\SysWow64\ntoskrnl.exe
2013-03-14 20:30 . 2012-11-01 05:432002432----a-w-c:\windows\system32\msxml6.dll
2013-03-14 20:30 . 2012-11-01 05:431882624----a-w-c:\windows\system32\msxml3.dll
2013-03-14 20:30 . 2012-11-01 04:471389568----a-w-c:\windows\SysWow64\msxml6.dll
2013-03-14 20:30 . 2012-11-01 04:471236992----a-w-c:\windows\SysWow64\msxml3.dll
2013-03-14 20:30 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll
2013-03-14 20:30 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll
2013-03-14 20:28 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
2013-03-14 20:28 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
2013-03-14 20:28 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2013-03-14 20:28 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2013-03-14 20:28 . 2012-11-23 03:1368608----a-w-c:\windows\system32\taskhost.exe
2013-03-14 20:28 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
2013-03-14 20:28 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
2013-03-14 20:28 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
2013-03-14 20:28 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
2013-03-14 20:18 . 2013-03-14 20:18972264------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC589DA-1DC2-4BD0-9CED-19F1C9717AF0}\gapaengine.dll
2013-03-14 20:18 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-14 20:12 . 2013-03-14 20:12--------d-----w-c:\program files (x86)\Microsoft Security Client
2013-03-14 20:12 . 2013-03-14 20:13--------d-----w-c:\program files\Microsoft Security Client
2013-03-14 20:01 . 2013-03-14 20:01--------d-----w-c:\windows\system32\appmgmt
2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\programdata\Malwarebytes
2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-14 19:24 . 2012-12-14 20:4924176----a-w-c:\windows\system32\drivers\mbam.sys
2013-03-14 18:45 . 2013-03-14 18:4527256----a-w-c:\windows\system32\drivers\FixZeroAccess.sys
2013-03-14 18:27 . 2013-03-14 18:33--------d-----w-C:\TDSSKiller_Quarantine
2013-03-14 18:17 . 2013-03-14 18:17--------d-----w-C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 18:02 . 2013-03-14 18:02328704----a-w-c:\windows\system32\services.exe.558F246069ECD6FE
2013-03-14 17:51 . 2013-03-14 17:5150392----a-w-c:\windows\system32\drivers\qiylpclo.sys
2013-03-14 17:51 . 2013-03-14 17:51328704----a-w-c:\windows\system32\services.exe.C6D8E622821D75E6
2013-03-14 17:49 . 2013-03-14 17:49328704----a-w-c:\windows\system32\services.exe.A1579CA9577EFA72
2013-03-14 17:45 . 2013-03-14 17:45328704----a-w-c:\windows\system32\services.exe.C7B83C312CE2B608
2013-03-14 17:41 . 2013-03-14 17:41328704----a-w-c:\windows\system32\services.exe.9609358E6A1092CD
2013-03-14 17:40 . 2013-03-18 19:20--------d-----w-c:\users\Administrator
2013-03-14 17:35 . 2013-03-14 17:35328704----a-w-c:\windows\system32\services.exe.9CA94B43777B0A61
2013-03-14 17:25 . 2013-03-14 17:25328704----a-w-c:\windows\system32\services.exe.B0624FF8A4BEE640
2013-02-28 17:13 . 2013-02-28 17:13--------d-----w-c:\programdata\Creative
2013-02-28 14:38 . 2013-02-28 14:38--------d-----w-c:\programdata\Ask
2013-02-28 14:37 . 2013-02-28 14:37861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
2013-02-28 14:17 . 2013-02-28 14:17--------d-----w-c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 18:05 . 2009-07-13 23:19328704----a-w-c:\windows\system32\services.exe
2013-03-04 18:53 . 2011-10-21 18:0872013344----a-w-c:\windows\system32\MRT.exe
2013-02-28 14:37 . 2011-10-12 15:16782240----a-w-c:\windows\SysWow64\deployJava1.dll
2013-01-30 09:00 . 2010-11-21 03:27273840------w-c:\windows\system32\MpSigStub.exe
2013-01-20 19:59 . 2013-01-20 19:59230320----a-w-c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59130008----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-03-14 20:2944032----a-w-c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-10-12 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-05-16 616960]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-12 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-12 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 27760]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 18:271629648----a-w-c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.25.9 10.0.25.10
DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} - hxxps://conference.lyrix.com/buddies/eDialCollabViewer.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6e,d9,
96,b9,8c,eb,09,95,4e,cb,e8,4c,62,3e,21
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,22,
8b,3d,1f,d0,00,93,c0,15,24,7e,43,26,d8
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e1,
af,1e,5d,36,03,a7,2e,06,f3,08,c5,47,e1
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,21,dc,
c9,75,aa,2f,0d,85,82,47,9c,27,73,86,51
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,17,
e4,65,9f,41,04,a2,37,d2,a9,21,9d,10,1d
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,f8,
a6,5a,91,bf,5b,a1,e1,44,e0,c1,41,f0,11
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:fb,dc,3b,5f,e5,23,ce,01
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-18 15:46:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-18 19:45
.
Pre-Run: 251,519,410,176 bytes free
Post-Run: 251,337,719,808 bytes free
.
- - End Of File - - 57B1CE1907504827746A1E044CAB982F
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\services.exe.B0624FF8A4BEE640
c:\windows\system32\services.exe.9CA94B43777B0A61
c:\windows\system32\services.exe.9609358E6A1092CD
c:\windows\system32\services.exe.C7B83C312CE2B608
c:\windows\system32\services.exe.A1579CA9577EFA72
c:\windows\system32\services.exe.C6D8E622821D75E6
c:\windows\system32\services.exe.558F246069ECD6FE

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
I did as you requested however nothing has happened. I drag the CFScript file onto combofix and I initially get the little combofix extraction box, but then that disappears and nothing happens. There is no combofix.txt log file (or I should say that the file hasn't changed since the previous run as the update timestamp is from an hour ago when I ran it) and if I try to reboot and login with the administrator account I still get the 'The request is not supported' error so I can only login under 'safe-mode'
 
Nevermind.. the autoscan box finally popped up after about 10-15 minutes of me dragging the file onto combofix
 
Ok. combofix ran. here is the logfile:

ComboFix 13-03-17.01 - Administrator 03/18/2013 16:51:58.2.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2970 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\lyr-fix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\services.exe.558F246069ECD6FE"
"c:\windows\system32\services.exe.9609358E6A1092CD"
"c:\windows\system32\services.exe.9CA94B43777B0A61"
"c:\windows\system32\services.exe.A1579CA9577EFA72"
"c:\windows\system32\services.exe.B0624FF8A4BEE640"
"c:\windows\system32\services.exe.C6D8E622821D75E6"
"c:\windows\system32\services.exe.C7B83C312CE2B608"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\services.exe.558F246069ECD6FE
c:\windows\system32\services.exe.9609358E6A1092CD
c:\windows\system32\services.exe.9CA94B43777B0A61
c:\windows\system32\services.exe.A1579CA9577EFA72
c:\windows\system32\services.exe.B0624FF8A4BEE640
c:\windows\system32\services.exe.C6D8E622821D75E6
c:\windows\system32\services.exe.C7B83C312CE2B608
.
.
((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 )))))))))))))))))))))))))))))))
.
.
2013-03-18 20:59 . 2013-03-18 20:59--------d-----w-c:\users\tlesniak\AppData\Local\temp
2013-03-18 20:59 . 2013-03-18 20:59--------d-----w-c:\users\skelce\AppData\Local\temp
2013-03-18 20:59 . 2013-03-18 20:59--------d-----w-c:\users\skelce.LYRIX\AppData\Local\temp
2013-03-18 20:59 . 2013-03-18 20:59--------d-----w-c:\users\Default\AppData\Local\temp
2013-03-18 19:19 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77C3C763-32EC-429C-A745-5659E13B1E6D}\mpengine.dll
2013-03-18 14:41 . 2013-03-18 14:418294480----a-w-c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-03-15 13:44 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-15 13:44 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-15 13:33 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
2013-03-15 13:33 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
2013-03-15 13:33 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
2013-03-15 13:33 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
2013-03-14 20:32 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
2013-03-14 20:32 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
2013-03-14 20:32 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
2013-03-14 20:32 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2013-03-14 20:32 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
2013-03-14 20:32 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2013-03-14 20:32 . 2013-01-05 05:535553512----a-w-c:\windows\system32\ntoskrnl.exe
2013-03-14 20:32 . 2013-01-05 05:003967848----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2013-03-14 20:32 . 2013-01-05 05:003913064----a-w-c:\windows\SysWow64\ntoskrnl.exe
2013-03-14 20:30 . 2012-11-01 05:432002432----a-w-c:\windows\system32\msxml6.dll
2013-03-14 20:30 . 2012-11-01 05:431882624----a-w-c:\windows\system32\msxml3.dll
2013-03-14 20:30 . 2012-11-01 04:471389568----a-w-c:\windows\SysWow64\msxml6.dll
2013-03-14 20:30 . 2012-11-01 04:471236992----a-w-c:\windows\SysWow64\msxml3.dll
2013-03-14 20:30 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll
2013-03-14 20:30 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll
2013-03-14 20:28 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
2013-03-14 20:28 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
2013-03-14 20:28 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2013-03-14 20:28 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2013-03-14 20:28 . 2012-11-23 03:1368608----a-w-c:\windows\system32\taskhost.exe
2013-03-14 20:28 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
2013-03-14 20:28 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
2013-03-14 20:28 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
2013-03-14 20:28 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
2013-03-14 20:18 . 2013-03-14 20:18972264------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC589DA-1DC2-4BD0-9CED-19F1C9717AF0}\gapaengine.dll
2013-03-14 20:18 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-14 20:12 . 2013-03-14 20:12--------d-----w-c:\program files (x86)\Microsoft Security Client
2013-03-14 20:12 . 2013-03-14 20:13--------d-----w-c:\program files\Microsoft Security Client
2013-03-14 20:01 . 2013-03-14 20:01--------d-----w-c:\windows\system32\appmgmt
2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\programdata\Malwarebytes
2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-14 19:24 . 2012-12-14 20:4924176----a-w-c:\windows\system32\drivers\mbam.sys
2013-03-14 18:45 . 2013-03-14 18:4527256----a-w-c:\windows\system32\drivers\FixZeroAccess.sys
2013-03-14 18:27 . 2013-03-14 18:33--------d-----w-C:\TDSSKiller_Quarantine
2013-03-14 18:17 . 2013-03-14 18:17--------d-----w-C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 17:51 . 2013-03-14 17:5150392----a-w-c:\windows\system32\drivers\qiylpclo.sys
2013-03-14 17:40 . 2013-03-18 19:20--------d-----w-c:\users\Administrator
2013-02-28 17:13 . 2013-02-28 17:13--------d-----w-c:\programdata\Creative
2013-02-28 14:38 . 2013-02-28 14:38--------d-----w-c:\programdata\Ask
2013-02-28 14:37 . 2013-02-28 14:37861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
2013-02-28 14:17 . 2013-02-28 14:17--------d-----w-c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 18:05 . 2009-07-13 23:19328704----a-w-c:\windows\system32\services.exe
2013-03-04 18:53 . 2011-10-21 18:0872013344----a-w-c:\windows\system32\MRT.exe
2013-02-28 14:37 . 2011-10-12 15:16782240----a-w-c:\windows\SysWow64\deployJava1.dll
2013-01-30 09:00 . 2010-11-21 03:27273840------w-c:\windows\system32\MpSigStub.exe
2013-01-20 19:59 . 2013-01-20 19:59230320----a-w-c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59130008----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-03-14 20:2944032----a-w-c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-10-12 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-05-16 616960]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-12 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-12 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 27760]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 18:271629648----a-w-c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.25.9 10.0.25.10
DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} - hxxps://conference.lyrix.com/buddies/eDialCollabViewer.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6e,d9,
96,b9,8c,eb,09,95,4e,cb,e8,4c,62,3e,21
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,22,
8b,3d,1f,d0,00,93,c0,15,24,7e,43,26,d8
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e1,
af,1e,5d,36,03,a7,2e,06,f3,08,c5,47,e1
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,21,dc,
c9,75,aa,2f,0d,85,82,47,9c,27,73,86,51
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,17,
e4,65,9f,41,04,a2,37,d2,a9,21,9d,10,1d
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,f8,
a6,5a,91,bf,5b,a1,e1,44,e0,c1,41,f0,11
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:fb,dc,3b,5f,e5,23,ce,01
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-18 17:00:48
ComboFix-quarantined-files.txt 2013-03-18 21:00
ComboFix2.txt 2013-03-18 19:46
.
Pre-Run: 251,292,106,752 bytes free
Post-Run: 250,970,275,840 bytes free
.
- - End Of File - - 96CE127BBCCFB9966655928966B430A3
 
Looks good.

How is computer doing?

==============================

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I am unable to login via a regular boot. I always get the 'the request is not supported' error, so there is that issue. The only way that I can login is if I boot into safe mode.

Not sure if I should continue with your latest steps (adwcleaner, jrt, otl) in safe mode or not.
 
At what exact point of booting process are you getting that error and when did it happen for the first time?
 
[FONT=arial]I get this error after I type in my username/password. This started during the first time that I ran combofix. combofix auto rebooted the system and when the system came back up I couldn't login. I had to boot into safe mode and enter my username/passwd (same one that I couldn't login with during a normal bootup) and then it logged in and completed running combofix. That produced the above combofix log that I posted[/FONT]
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Here's the FRST.txt log file:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 19-03-2013 10:03:17
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
HKU\skelce.LYRIX\...\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [1675592 2011-08-05] (Actual Tools)
HKU\tlesniak\...\Run: [OfficeSuite Softphone] "C:\Program Files (x86)\Broadview\officesuite.exe" [14979072 2011-04-11] ()
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.25.9 10.0.25.10
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Services (Whitelisted) ===================

2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [158720 2010-06-29] (Broadcom Corporation)
2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-07] ()
2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-07] ()
2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-07] ()
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22056 2013-01-27] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
3 catchme; \??\C:\lyr-fix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
2013-03-18 13:00 - 2013-03-18 13:00 - 00018630 ____A C:\ComboFix.txt
2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2013-03-18 11:30 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-03-18 11:30 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-03-18 11:30 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-03-18 11:28 - 2013-03-18 11:44 - 00000000 ____D C:\Windows\erdnt
2013-03-18 10:10 - 2013-03-18 13:00 - 00000000 ____D C:\Qoobox
2013-03-15 05:33 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-03-15 05:33 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-03-15 05:33 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-03-15 05:33 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
2013-03-15 05:28 - 2013-03-15 05:30 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
2013-03-15 05:27 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-15 05:27 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-15 05:27 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-15 05:27 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-15 05:27 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-15 05:27 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-15 05:27 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-15 05:27 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-15 05:27 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-15 05:27 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-15 05:27 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-15 05:27 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-15 05:27 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-15 05:27 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-15 05:27 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-15 05:27 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-15 05:27 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-15 05:27 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-15 05:27 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-15 05:27 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-15 05:27 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-15 05:27 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-15 05:27 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-15 05:27 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-15 05:27 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-15 05:27 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-15 05:27 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-15 05:27 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-15 05:27 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
2013-03-15 05:24 - 2013-03-15 05:28 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2013-03-14 13:02 - 2013-03-14 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
2013-03-14 12:32 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-03-14 12:32 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-03-14 12:32 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-03-14 12:32 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-03-14 12:32 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-03-14 12:32 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-03-14 12:31 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-03-14 12:31 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-03-14 12:31 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-03-14 12:31 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-03-14 12:31 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-03-14 12:31 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-03-14 12:31 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-03-14 12:31 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-03-14 12:31 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-03-14 12:31 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-03-14 12:31 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-03-14 12:31 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-03-14 12:31 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-03-14 12:31 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-03-14 12:30 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-03-14 12:30 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-03-14 12:30 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-03-14 12:30 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-03-14 12:30 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-03-14 12:30 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-03-14 12:29 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-03-14 12:29 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-03-14 12:29 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-03-14 12:29 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-03-14 12:29 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-03-14 12:29 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-03-14 12:29 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-03-14 12:29 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-03-14 12:29 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-03-14 12:29 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-03-14 12:29 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-03-14 12:29 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-03-14 12:29 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-03-14 12:29 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-03-14 12:29 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-03-14 12:29 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-03-14 12:29 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-03-14 12:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-03-14 12:29 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-03-14 12:29 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-03-14 12:28 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-03-14 12:28 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-03-14 12:28 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-03-14 12:28 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-03-14 12:28 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-03-14 12:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-03-14 12:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-03-14 12:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-03-14 12:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-03-14 12:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-03-14 12:13 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2013-03-14 12:13 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-03-14 12:13 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-03-14 12:12 - 2013-03-14 12:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-14 11:24 - 2012-12-14 12:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-03-14 11:21 - 2013-03-14 11:22 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-03-14 10:27 - 2013-03-14 10:33 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
2013-03-14 09:40 - 2013-03-18 11:20 - 00000000 ____D C:\users\Administrator
2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-03-14 09:40 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-03-14 09:21 - 2013-03-14 09:22 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
2013-02-28 06:38 - 2013-02-28 06:38 - 00000000 ____D C:\ProgramData\Ask
2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

==================== One Month Modified Files and Folders =======

2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
2013-03-18 13:12 - 2011-10-12 07:07 - 02030933 ____A C:\Windows\WindowsUpdate.log
2013-03-18 13:12 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-18 13:12 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-18 13:11 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-18 13:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-18 13:07 - 2009-07-13 20:51 - 00055603 ____A C:\Windows\setupact.log
2013-03-18 13:04 - 2010-11-20 19:47 - 00029012 ____A C:\Windows\PFRO.log
2013-03-18 13:00 - 2013-03-18 13:00 - 00018630 ____A C:\ComboFix.txt
2013-03-18 13:00 - 2013-03-18 10:10 - 00000000 ____D C:\Qoobox
2013-03-18 12:59 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2013-03-18 12:32 - 2011-10-20 12:46 - 00000224 ____A C:\Windows\System32\config\netlogon.ftl
2013-03-18 11:44 - 2013-03-18 11:28 - 00000000 ____D C:\Windows\erdnt
2013-03-18 11:39 - 2009-07-13 18:34 - 70516736 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-03-18 11:39 - 2009-07-13 18:34 - 20709376 ____A C:\Windows\System32\config\SYSTEM.bak
2013-03-18 11:39 - 2009-07-13 18:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2013-03-18 11:39 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-03-18 11:39 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-03-18 11:38 - 2011-10-21 10:47 - 00000000 ____D C:\users\skelce.LYRIX
2013-03-18 11:27 - 2011-10-21 05:47 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-18 11:20 - 2013-03-14 09:40 - 00000000 ____D C:\users\Administrator
2013-03-18 11:20 - 2011-10-21 05:47 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-18 11:18 - 2011-10-21 05:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-18 11:18 - 2011-10-20 12:48 - 00000000 ____D C:\users\tlesniak
2013-03-18 11:18 - 2011-10-20 12:17 - 00000000 ____D C:\users\skelce
2013-03-18 11:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-18 06:27 - 2009-07-13 20:45 - 00412624 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-15 06:10 - 2012-01-11 09:25 - 00000000 __SHD C:\Users\skelce.LYRIX\AppData\Local\{43c45790-a302-66a2-21db-bedf28d52ae1}
2013-03-15 06:09 - 2011-10-21 08:06 - 00000039 ____A C:\Windows\vbaddin.ini
2013-03-15 06:09 - 2011-10-21 06:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-15 06:08 - 2011-02-10 06:33 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
2013-03-15 05:30 - 2013-03-15 05:28 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
2013-03-15 05:28 - 2013-03-15 05:24 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
2013-03-15 05:24 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2013-03-14 13:09 - 2013-03-14 13:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
2013-03-14 12:13 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-14 12:13 - 2011-10-21 05:31 - 00001945 ____A C:\Windows\epplauncher.mif
2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-14 12:03 - 2011-10-21 05:39 - 00000000 ____D C:\ProgramData\Adobe
2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-14 11:22 - 2013-03-14 11:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-03-14 10:33 - 2013-03-14 10:27 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-14 10:28 - 2012-07-18 09:59 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2013-03-14 10:05 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-03-14 09:22 - 2013-03-14 09:21 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
2013-03-14 09:17 - 2011-10-21 11:14 - 00000000 ____D C:\Users\skelce.LYRIX\AppData\Roaming\Skinux
2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
2013-03-04 10:53 - 2011-10-21 10:08 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-28 09:45 - 2011-10-21 10:19 - 00000000 ____D C:\Users\tlesniak\AppData\Roaming\Skinux
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
2013-02-28 09:11 - 2011-10-21 05:48 - 00002261 ____A C:\Users\tlesniak\Desktop\Google Chrome.lnk
2013-02-28 09:11 - 2011-10-20 12:49 - 00108840 ____A C:\Users\tlesniak\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
2013-02-28 08:49 - 2012-04-20 07:22 - 00012389 ____A C:\Users\skelce.LYRIX\Desktop\EE Stock Ownership Addresses.xlsx
2013-02-28 06:38 - 2013-02-28 06:38 - 00000000 ____D C:\ProgramData\Ask
2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-02-28 06:37 - 2011-10-12 07:16 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-18 07:54:32
Restore point made on: 2013-02-13 13:22:03
Restore point made on: 2013-02-28 06:36:48
Restore point made on: 2013-02-28 06:37:22
Restore point made on: 2013-03-14 12:00:32
Restore point made on: 2013-03-14 12:02:54
Restore point made on: 2013-03-14 12:04:58
Restore point made on: 2013-03-14 12:18:28
Restore point made on: 2013-03-15 05:22:18
Restore point made on: 2013-03-18 06:36:34
Restore point made on: 2013-03-18 10:04:27
Restore point made on: 2013-03-18 11:13:04

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3992.93 MB
Available physical RAM: 3351.01 MB
Total Pagefile: 3991.13 MB
Available Pagefile: 3340.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:286.29 GB) (Free:233.78 GB) NTFS
3 Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:11.76 GB) (Free:5.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1920 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 1A17B0CE

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 11 GB 40 MB
Partition 3 Primary 286 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 11 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 286 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1920 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 1A17B0CE

Partition 1:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB

Partition 2:
=========
Hex: 8019150507FEFFFF0040010000607801
Active: YES
Type: 07 (NTFS)
Size: 12 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00A079010040C923
Active: NO
Type: 07 (NTFS)
Size: 286 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 6F20736B

Partition 1:
=========
Hex: 6F74686572206D656469612EFF0D0A44
Active: NO
Type: 72
Size: 544 GB

Partition 2:
=========
Hex: 69736B206572726F72FF0D0A50726573
Active: NO
Type: 65
Size: 923 GB

Partition 3:
=========
Hex: 7320616E79206B657920746F20726573
Active: NO
Type: 79
Size: 923 GB

Partition 4:
=========
Hex: 746172740D0A00000000000000ACCBD8
Active: NO
Type: 0D
Size: -336763289600 byte


Last Boot: 2013-03-05 08:03

==================== End Of Log =============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
 

Attachments

  • fixlist.txt
    27 bytes · Views: 1
I can now boot normally and login!

fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-19 15:30:04 Run:1
Running from F:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
 
Done. Unfortunately I'm back to the same situation getting the "the request is not supported" when I do a normal boot and try to login. I get this error after entering the username/password. So I had to reboot into safe mode and login, then combo fix was able to finish running and generate the following log file:


ComboFix 13-03-19.01 - Administrator 03/19/2013 16:10:28.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2510 [GMT -4:00]
Running from: c:\users\Administrator.skelce-l7\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 20:16 . 2013-03-19 20:16--------d-----w-c:\users\tlesniak\AppData\Local\temp
2013-03-19 20:16 . 2013-03-19 20:16--------d-----w-c:\users\skelce\AppData\Local\temp
2013-03-18 19:19 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77C3C763-32EC-429C-A745-5659E13B1E6D}\mpengine.dll
2013-03-18 14:41 . 2013-03-18 14:418294480----a-w-c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-03-15 13:44 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-15 13:44 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-15 13:33 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
2013-03-15 13:33 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
2013-03-15 13:33 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
2013-03-15 13:33 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
2013-03-14 20:32 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
2013-03-14 20:32 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
2013-03-14 20:32 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
2013-03-14 20:32 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2013-03-14 20:32 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
2013-03-14 20:32 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2013-03-14 20:32 . 2013-01-05 05:535553512----a-w-c:\windows\system32\ntoskrnl.exe
2013-03-14 20:32 . 2013-01-05 05:003967848----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2013-03-14 20:32 . 2013-01-05 05:003913064----a-w-c:\windows\SysWow64\ntoskrnl.exe
2013-03-14 20:30 . 2012-11-01 05:432002432----a-w-c:\windows\system32\msxml6.dll
2013-03-14 20:30 . 2012-11-01 05:431882624----a-w-c:\windows\system32\msxml3.dll
2013-03-14 20:30 . 2012-11-01 04:471389568----a-w-c:\windows\SysWow64\msxml6.dll
2013-03-14 20:30 . 2012-11-01 04:471236992----a-w-c:\windows\SysWow64\msxml3.dll
2013-03-14 20:30 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll
2013-03-14 20:30 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll
2013-03-14 20:28 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
2013-03-14 20:28 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
2013-03-14 20:28 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2013-03-14 20:28 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2013-03-14 20:28 . 2012-11-23 03:1368608----a-w-c:\windows\system32\taskhost.exe
2013-03-14 20:28 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
2013-03-14 20:28 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
2013-03-14 20:28 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
2013-03-14 20:28 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
2013-03-14 20:18 . 2013-03-14 20:18972264------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC589DA-1DC2-4BD0-9CED-19F1C9717AF0}\gapaengine.dll
2013-03-14 20:18 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-14 20:12 . 2013-03-14 20:12--------d-----w-c:\program files (x86)\Microsoft Security Client
2013-03-14 20:12 . 2013-03-14 20:13--------d-----w-c:\program files\Microsoft Security Client
2013-03-14 20:01 . 2013-03-14 20:01--------d-----w-c:\windows\system32\appmgmt
2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\programdata\Malwarebytes
2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-14 19:24 . 2012-12-14 20:4924176----a-w-c:\windows\system32\drivers\mbam.sys
2013-03-14 18:45 . 2013-03-14 18:4527256----a-w-c:\windows\system32\drivers\FixZeroAccess.sys
2013-03-14 18:27 . 2013-03-14 18:33--------d-----w-C:\TDSSKiller_Quarantine
2013-03-14 18:17 . 2013-03-14 18:17--------d-----w-C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 17:51 . 2013-03-14 17:5150392----a-w-c:\windows\system32\drivers\qiylpclo.sys
2013-03-14 17:40 . 2013-03-18 19:20--------d-----w-c:\users\Administrator
2013-02-28 17:13 . 2013-02-28 17:13--------d-----w-c:\programdata\Creative
2013-02-28 14:38 . 2013-02-28 14:38--------d-----w-c:\programdata\Ask
2013-02-28 14:37 . 2013-02-28 14:37861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
2013-02-28 14:17 . 2013-02-28 14:17--------d-----w-c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 18:05 . 2009-07-13 23:19328704----a-w-c:\windows\system32\services.exe
2013-03-04 18:53 . 2011-10-21 18:0872013344----a-w-c:\windows\system32\MRT.exe
2013-02-28 14:37 . 2011-10-12 15:16782240----a-w-c:\windows\SysWow64\deployJava1.dll
2013-01-30 09:00 . 2010-11-21 03:27273840------w-c:\windows\system32\MpSigStub.exe
2013-01-20 19:59 . 2013-01-20 19:59230320----a-w-c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59130008----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-03-14 20:2944032----a-w-c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-10-12 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-05-16 616960]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-12 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-12 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 27760]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.25.9 10.0.25.10
DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} - hxxps://conference.lyrix.com/buddies/eDialCollabViewer.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
SafeBoot-MsMpSvc
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_Plugin.exe
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-19 16:25:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-19 20:25
ComboFix2.txt 2013-03-18 21:00
ComboFix3.txt 2013-03-18 19:46
.
Pre-Run: 250,769,440,768 bytes free
Post-Run: 250,329,329,664 bytes free
.
- - End Of File - - EC384447D40BE09EC40C840379A8B3AB
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 19-03-2013 16:33:36
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
HKU\skelce.LYRIX\...\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [1675592 2011-08-05] (Actual Tools)
HKU\tlesniak\...\Run: [OfficeSuite Softphone] "C:\Program Files (x86)\Broadview\officesuite.exe" [14979072 2011-04-11] ()
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.25.9 10.0.25.10
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Services (Whitelisted) ===================

2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [158720 2010-06-29] (Broadcom Corporation)
2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-07] ()
2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-07] ()
2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-07] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [x]
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [x]

==================== Drivers (Whitelisted) =====================

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-19 15:30 - 2013-03-19 15:30 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-03-19 12:33 - 2013-03-19 12:33 - 00108840 ____A C:\Users\Administrator.skelce-l7\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\Documents\Bluetooth Exchange Folder
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Roaming\Creative
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Broadcom
2013-03-19 12:32 - 2013-03-19 12:32 - 00000020 ___SH C:\Users\Administrator.skelce-l7\ntuser.ini
2013-03-19 12:32 - 2013-03-19 12:32 - 00000000 ____D C:\users\Administrator.skelce-l7
2013-03-19 12:32 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Microsoft Help
2013-03-19 12:25 - 2013-03-19 12:25 - 00021054 ____A C:\ComboFix.txt
2013-03-19 12:06 - 2013-03-19 12:07 - 05041561 ____R (Swearware) C:\Users\Administrator.skelce-l7\Desktop\ComboFix.exe
2013-03-19 12:05 - 2013-03-19 12:05 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Google
2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2013-03-18 11:30 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-03-18 11:30 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-03-18 11:30 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-03-18 11:28 - 2013-03-19 12:16 - 00000000 ____D C:\Windows\erdnt
2013-03-18 10:10 - 2013-03-19 12:25 - 00000000 ____D C:\Qoobox
2013-03-15 05:33 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-03-15 05:33 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-03-15 05:33 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-03-15 05:33 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
2013-03-15 05:28 - 2013-03-15 05:30 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
2013-03-15 05:27 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-15 05:27 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-15 05:27 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-15 05:27 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-15 05:27 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-15 05:27 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-15 05:27 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-15 05:27 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-15 05:27 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-15 05:27 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-15 05:27 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-15 05:27 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-15 05:27 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-15 05:27 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-15 05:27 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-15 05:27 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-15 05:27 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-15 05:27 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-15 05:27 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-15 05:27 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-15 05:27 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-15 05:27 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-15 05:27 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-15 05:27 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-15 05:27 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-15 05:27 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-15 05:27 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-15 05:27 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-15 05:27 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
2013-03-15 05:24 - 2013-03-15 05:28 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2013-03-14 13:02 - 2013-03-14 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
2013-03-14 12:32 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-03-14 12:32 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-03-14 12:32 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-03-14 12:32 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-03-14 12:32 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-03-14 12:32 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-03-14 12:31 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-03-14 12:31 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-03-14 12:31 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-03-14 12:31 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-03-14 12:31 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-03-14 12:31 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-03-14 12:31 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-03-14 12:31 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-03-14 12:31 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-03-14 12:31 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-03-14 12:31 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-03-14 12:31 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-03-14 12:31 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-03-14 12:31 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-03-14 12:30 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-03-14 12:30 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-03-14 12:30 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-03-14 12:30 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-03-14 12:30 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-03-14 12:30 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-03-14 12:29 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-03-14 12:29 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-03-14 12:29 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-03-14 12:29 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-03-14 12:29 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-03-14 12:29 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-03-14 12:29 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-03-14 12:29 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-03-14 12:29 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-03-14 12:29 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-03-14 12:29 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-03-14 12:29 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-03-14 12:29 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-03-14 12:29 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-03-14 12:29 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-03-14 12:29 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-03-14 12:29 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-03-14 12:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-03-14 12:29 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-03-14 12:29 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-03-14 12:28 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-03-14 12:28 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-03-14 12:28 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-03-14 12:28 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-03-14 12:28 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-03-14 12:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-03-14 12:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-03-14 12:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-03-14 12:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-03-14 12:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-03-14 12:13 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2013-03-14 12:13 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-03-14 12:13 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-03-14 12:12 - 2013-03-14 12:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-14 11:24 - 2012-12-14 12:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-03-14 11:21 - 2013-03-14 11:22 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-03-14 10:27 - 2013-03-14 10:33 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
2013-03-14 09:40 - 2013-03-18 11:20 - 00000000 ____D C:\users\Administrator
2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-03-14 09:40 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-03-14 09:21 - 2013-03-14 09:22 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
2013-02-28 06:38 - 2013-02-28 06:38 - 00000000 ____D C:\ProgramData\Ask
2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

==================== One Month Modified Files and Folders =======

2013-03-19 15:30 - 2013-03-19 15:30 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-03-19 12:33 - 2013-03-19 12:33 - 00108840 ____A C:\Users\Administrator.skelce-l7\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\Documents\Bluetooth Exchange Folder
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Roaming\Creative
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Broadcom
2013-03-19 12:32 - 2013-03-19 12:32 - 00000020 ___SH C:\Users\Administrator.skelce-l7\ntuser.ini
2013-03-19 12:32 - 2013-03-19 12:32 - 00000000 ____D C:\users\Administrator.skelce-l7
2013-03-19 12:25 - 2013-03-19 12:25 - 00021054 ____A C:\ComboFix.txt
2013-03-19 12:25 - 2013-03-18 10:10 - 00000000 ____D C:\Qoobox
2013-03-19 12:20 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-03-19 12:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-19 12:18 - 2009-07-13 20:51 - 00055827 ____A C:\Windows\setupact.log
2013-03-19 12:17 - 2011-10-21 05:47 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-19 12:17 - 2010-11-20 19:47 - 00029564 ____A C:\Windows\PFRO.log
2013-03-19 12:16 - 2013-03-18 11:28 - 00000000 ____D C:\Windows\erdnt
2013-03-19 12:16 - 2009-07-13 18:34 - 68464640 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 14417920 ____A C:\Windows\System32\config\SYSTEM.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 00335872 ____A C:\Windows\System32\config\DEFAULT.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 00061440 ____A C:\Windows\System32\config\SAM.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
2013-03-19 12:10 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-19 12:10 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-19 12:07 - 2013-03-19 12:06 - 05041561 ____R (Swearware) C:\Users\Administrator.skelce-l7\Desktop\ComboFix.exe
2013-03-19 12:05 - 2013-03-19 12:05 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Google
2013-03-19 12:05 - 2009-07-13 21:13 - 00796280 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
2013-03-18 13:12 - 2011-10-12 07:07 - 02030933 ____A C:\Windows\WindowsUpdate.log
2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2013-03-18 12:32 - 2011-10-20 12:46 - 00000224 ____A C:\Windows\System32\config\netlogon.ftl
2013-03-18 11:38 - 2011-10-21 10:47 - 00000000 ____D C:\users\skelce.LYRIX
2013-03-18 11:27 - 2011-10-21 05:47 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-18 11:20 - 2013-03-14 09:40 - 00000000 ____D C:\users\Administrator
2013-03-18 11:18 - 2011-10-21 05:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-18 11:18 - 2011-10-20 12:48 - 00000000 ____D C:\users\tlesniak
2013-03-18 11:18 - 2011-10-20 12:17 - 00000000 ____D C:\users\skelce
2013-03-18 11:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-18 06:27 - 2009-07-13 20:45 - 00412624 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-15 06:10 - 2012-01-11 09:25 - 00000000 __SHD C:\Users\skelce.LYRIX\AppData\Local\{43c45790-a302-66a2-21db-bedf28d52ae1}
2013-03-15 06:09 - 2011-10-21 08:06 - 00000039 ____A C:\Windows\vbaddin.ini
2013-03-15 06:09 - 2011-10-21 06:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-15 06:08 - 2011-02-10 06:33 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
2013-03-15 05:30 - 2013-03-15 05:28 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
2013-03-15 05:28 - 2013-03-15 05:24 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
2013-03-15 05:24 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2013-03-14 13:09 - 2013-03-14 13:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
2013-03-14 12:13 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-14 12:13 - 2011-10-21 05:31 - 00001945 ____A C:\Windows\epplauncher.mif
2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-14 12:03 - 2011-10-21 05:39 - 00000000 ____D C:\ProgramData\Adobe
2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-14 11:22 - 2013-03-14 11:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-03-14 10:33 - 2013-03-14 10:27 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-14 10:28 - 2012-07-18 09:59 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2013-03-14 10:05 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-03-14 09:22 - 2013-03-14 09:21 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
2013-03-14 09:17 - 2011-10-21 11:14 - 00000000 ____D C:\Users\skelce.LYRIX\AppData\Roaming\Skinux
2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
2013-03-04 10:53 - 2011-10-21 10:08 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-28 09:45 - 2011-10-21 10:19 - 00000000 ____D C:\Users\tlesniak\AppData\Roaming\Skinux
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
2013-02-28 09:11 - 2011-10-21 05:48 - 00002261 ____A C:\Users\tlesniak\Desktop\Google Chrome.lnk
2013-02-28 09:11 - 2011-10-20 12:49 - 00108840 ____A C:\Users\tlesniak\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
2013-02-28 08:49 - 2012-04-20 07:22 - 00012389 ____A C:\Users\skelce.LYRIX\Desktop\EE Stock Ownership Addresses.xlsx
2013-02-28 06:38 - 2013-02-28 06:38 - 00000000 ____D C:\ProgramData\Ask
2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-02-28 06:37 - 2011-10-12 07:16 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-18 07:54:32
Restore point made on: 2013-02-13 13:22:03
Restore point made on: 2013-02-28 06:36:48
Restore point made on: 2013-02-28 06:37:22
Restore point made on: 2013-03-14 12:00:32
Restore point made on: 2013-03-14 12:02:54
Restore point made on: 2013-03-14 12:04:58
Restore point made on: 2013-03-14 12:18:28
Restore point made on: 2013-03-15 05:22:18
Restore point made on: 2013-03-18 06:36:34
Restore point made on: 2013-03-18 10:04:27
Restore point made on: 2013-03-18 11:13:04
Restore point made on: 2013-03-19 12:04:03

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3992.93 MB
Available physical RAM: 3351.72 MB
Total Pagefile: 3991.13 MB
Available Pagefile: 3338.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:286.29 GB) (Free:233.22 GB) NTFS
3 Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:11.76 GB) (Free:5.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1920 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 1A17B0CE

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 11 GB 40 MB
Partition 3 Primary 286 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 11 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 286 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1920 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 1A17B0CE

Partition 1:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB

Partition 2:
=========
Hex: 8019150507FEFFFF0040010000607801
Active: YES
Type: 07 (NTFS)
Size: 12 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00A079010040C923
Active: NO
Type: 07 (NTFS)
Size: 286 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 6F20736B

Partition 1:
=========
Hex: 6F74686572206D656469612EFF0D0A44
Active: NO
Type: 72
Size: 544 GB

Partition 2:
=========
Hex: 69736B206572726F72FF0D0A50726573
Active: NO
Type: 65
Size: 923 GB

Partition 3:
=========
Hex: 7320616E79206B657920746F20726573
Active: NO
Type: 79
Size: 923 GB

Partition 4:
=========
Hex: 746172740D0A00000000000000ACCBD8
Active: NO
Type: 0D
Size: -336763289600 byte


Last Boot: 2013-03-05 08:03

==================== End Of Log =============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
 

Attachments

  • fixlist.txt
    27 bytes · Views: 1
I am able to login when booting normally. Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-19 16:45:11 Run:2
Running from F:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
 
Back