Jump to content

empire1012

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I could use some assistance. I have ran MalwareBytes multiple times from safemode on my computer and this same virus keeps reappearing. thanks in advance for any help. Below are the mbam, Attach.txt and DDS.txt Here is the mbam log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.24.09 Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Madrid :: MADRID-PC [administrator] 9/24/2012 12:40:33 PM mbam-log-2012-09-24 (12-40-33).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 446131 Time elapsed: 44 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 5 HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is the Attach.txt log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 6/11/2008 10:00:41 PM System Uptime: 9/24/2012 2:13:25 PM (0 hours ago) . Motherboard: Gateway | | G33M05G1 Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz | Socket 775 | 2498/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 493.657 GiB free. D: is FIXED (NTFS) - 16 GiB total, 7.274 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0001 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter PNP Device ID: ROOT\*ISATAP\0001 Service: tunnel . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: HP LaserJet 4000 Series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: Hewlett-Packard Name: HP LaserJet 4000 Series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 4500_Help 8000A809 8000A809_eDocs 8000A809_Help Adobe Acrobat 5.0 Adobe Flash Player 11 ActiveX Adobe Reader 8.3.1 Adobe Shockwave Player 11.5 Apple Application Support Apple Software Update ArcSoft Insta Video Sharing Plus ArcSoft Print Creations ArcSoft Print Creations - Greeting Card ArcSoft Print Creations - Photo Book ArcSoft Print Creations - Photo Calendar Audacity 1.2.6 AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5 AVS DVD Authoring AVS DVD Copy version 4.1.1 AVS Media Player 4.1.1.60 AVS Screen Capture version 2.0.1 AVS Update Manager 1.0 AVS Video Converter 6 AVS Video Editor 6 AVS Video Recorder 2.4 AVS Video ReMaker 3.1.2.102 AVS YouTube Uploader version 2.1 AVS4YOU Software Navigator 1.4 BPD_HPSU bpd_scan BPDSoftware BPDSoftware_Ini BufferChm BurnToDisk version 1.0 Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities MyCamera Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Cisco Connect CloneDVD2 Compatibility Pack for the 2007 Office system CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder DictionaryBoss DocMgr DocProc DocProcQFolder Epson Event Manager Epson FAX Utility Epson PC-FAX Driver Epson Print CD EPSON Scan EpsonNet Print EpsonNet Setup eSupportQFolder EzTune Fax Gateway Games Gateway Recovery Center Installer GearDrvs Google Update Helper GPBaseService GPBaseService2 Greeting Card Factory Photo Card Maker HOT ALBUM MYBOX Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photosmart Essential 2.5 HP Update HPProductAssistant HPSSupply J4500 Java Auto Updater Java 6 Update 26 Java 6 Update 5 Kaspersky Anti-Virus 2011 KB0817 Keyboard Driver Logitech QuickCam Software Logitech® Camera Driver LTCM Client Malwarebytes Anti-Malware version 1.65.0.1400 MarketResearch Microsoft Money Essentials Microsoft Money Shared Libraries Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MP3 Rocket MSN Toolbar MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK myPrintMileage (Officejet Pro 8000 A809) Napster Napster Burn Engine NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OVT Scanner PC Matic 1.1.0.48 PC Pitstop Download Nitro 1.5.0.0 PC Pitstop SuperShield 1.0.0.27 PC Speed Maximizer v3.0 PhotoImpression Picasa 3 Pivot Software Power2Go 5.0 Presto! PageManager 8.15.01 SE ProductContext PSSWCORE QuickTime Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Scan ScanSoft PaperPort 11 SDK Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype Toolbars Skype™ 5.10 Smart Copy 3.0.5.8 SmartWebPrinting Snap 'n Share Pro SolutionCenter Status The Print Shop 2.0 Deluxe Toolbox TrayApp Ulead DVD PictureShow 2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Vegas Movie Studio HD 9.0 VideoExpress1.0 VideoToolkit01 WebReg WISECOMM DVRSERVER Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 9/24/2012 2:15:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Kaspersky Anti-Virus Service service to connect. 9/24/2012 2:15:25 PM, Error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/24/2012 2:13:52 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 9/24/2012 10:38:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.115 for the Network Card with network address 001FE2396E49 has been denied by the DHCP server 192.168.16.2 (The DHCP Server sent a DHCPNACK message). 9/24/2012 1:54:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/24/2012 1:54:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/24/2012 1:54:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 9/24/2012 1:54:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/24/2012 1:54:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/24/2012 1:51:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIF spldr Wanarpv6 9/24/2012 1:51:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 9/20/2012 2:39:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 9/20/2012 2:39:47 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== Here is the DDS.txt log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Madrid at 14:17:07 on 2012-09-24 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2560 [GMT -10:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio64.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\taskeng.exe C:\Windows\MHotKey.exe C:\Windows\ChiFuncExt.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\CNYHKey.exe C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe C:\Program Files (x86)\Gateway\EzTune\dthtml.exe C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Windows\SysWOW64\LVCOMSX.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\ModLedKey.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\wmi64.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\DllHost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File uRun: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE uRun: [EPSON Artisan 810 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S6622.tmp" /EF "HKCU" uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe mRun: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A mRun: [LchDrvKey] LchDrvKey.exe mRun: [LedKey] CNYHKey.exe mRun: [MBBalloon] "C:\Program Files (x86)\HOTALBUMMyBOX\MBBalloon.exe" mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" mRun: [DT GWY] "C:\Program Files (x86)\Gateway\EzTune\DTHtml.exe" -startup_folder mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [<NO NAME>] mRun: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [LTCM Client] "C:\Program Files (x86)\LTCM Client\ltcmClient.exe" /startup mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 24.25.227.15 209.18.47.61 TCP: Interfaces\{E770229F-6D3A-40F7-AD34-A2EA2292C5C4} : DhcpNameServer = 24.25.227.15 209.18.47.61 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB-X64: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File mRun-x64: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A mRun-x64: [LchDrvKey] LchDrvKey.exe mRun-x64: [LedKey] CNYHKey.exe mRun-x64: [MBBalloon] "C:\Program Files (x86)\HOTALBUMMyBOX\MBBalloon.exe" mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" mRun-x64: [DT GWY] "C:\Program Files (x86)\Gateway\EzTune\DTHtml.exe" -startup_folder mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [(Default)] mRun-x64: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun-x64: [LTCM Client] "C:\Program Files (x86)\LTCM Client\ltcmClient.exe" /startup mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -r [?] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-2 1262400] R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\system32\drivers\AVer88xHD64.sys --> C:\Windows\system32\drivers\AVer88xHD64.sys [?] R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-28 135664] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-15 250288] S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-28 135664] S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?] S3 OV550I;OVT Scanner;C:\Windows\system32\Drivers\ov550ivx.sys --> C:\Windows\system32\Drivers\ov550ivx.sys [?] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S4 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\PC MaticRT\PCPitstopRTService.exe [2012-7-22 3827896] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-09-24 20:42:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-24 20:42:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-22 01:49:06 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C40902EE-C35D-4FFE-A970-AB190BE72189}\mpengine.dll . ==================== Find3M ==================== . 2012-09-21 01:09:27 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 01:09:27 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-07-04 14:33:06 2769408 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 14:18:25.66 ===============
  2. Just sent a token of my appreciation. Thanks again for your help.
  3. Everything is running great now! Thanks, MrCharlie!!! Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.09.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 PhilR :: KIHEI [administrator] 8/9/2012 9:59:23 AM mbam-log-2012-08-09 (09-59-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 268152 Time elapsed: 1 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Here are the results of the ComboFix.txt: ComboFix 12-08-09.01 - PhilR 08/09/2012 9:46.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6435 [GMT -10:00] Running from: c:\users\PhilR\Desktop\ComboFix.exe AV: AVG Internet Security Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 ))))))))))))))))))))))))))))))) . . 2012-08-09 19:50 . 2012-08-09 19:50 -------- d-----w- c:\users\Tushar\AppData\Local\temp 2012-08-09 19:50 . 2012-08-09 19:50 -------- d-----w- c:\users\StevenY\AppData\Local\temp 2012-08-09 19:50 . 2012-08-09 19:50 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-08-09 19:50 . 2012-08-09 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-09 16:48 . 2012-08-09 16:49 -------- d-----w- C:\FRST 2012-08-07 20:03 . 2012-08-07 20:12 -------- d-----w- C:\ruu_log 2012-08-07 19:51 . 2012-08-08 02:49 -------- d-----w- c:\program files (x86)\Android 2012-08-07 19:36 . 2011-11-25 10:25 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys 2012-08-07 19:36 . 2009-11-08 11:41 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2012-08-07 19:36 . 2009-11-08 11:41 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2012-08-07 07:16 . 2012-08-07 07:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-04 01:35 . 2012-08-04 01:35 -------- d-----w- C:\pwrcmdr 2012-08-01 03:40 . 2012-08-01 03:40 -------- d-----w- c:\users\PhilR\AppData\Local\Apps 2012-08-01 03:40 . 2012-08-01 03:41 -------- d-----w- c:\users\PhilR\AppData\Local\Deployment 2012-07-27 02:50 . 2012-07-27 03:11 768 ----a-w- c:\users\PhilR\advanced_ip_scanner_MAC.bin 2012-07-27 02:48 . 2012-07-27 02:48 -------- d-----w- c:\program files (x86)\Advanced IP Scanner v2 2012-07-26 21:54 . 2012-07-26 21:54 -------- d-----w- c:\users\PhilR\AppData\Local\Microsoft_Corporation 2012-07-25 23:17 . 2012-07-25 23:17 -------- d-----w- c:\users\PhilR\AppData\Roaming\Malwarebytes 2012-07-25 23:15 . 2012-07-25 23:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-25 23:15 . 2012-07-25 23:15 -------- d-----w- c:\programdata\Malwarebytes 2012-07-25 23:15 . 2012-07-03 23:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-24 01:02 . 2012-07-24 01:02 -------- d-----w- c:\users\PhilR\AppData\Local\Broadcom 2012-07-24 01:01 . 2012-04-01 03:52 594472 ----a-w- c:\windows\system32\drivers\btwampfl.sys 2012-07-24 00:57 . 2012-03-05 12:29 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2012-07-24 00:57 . 2012-04-01 03:52 184872 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2012-07-24 00:57 . 2012-03-05 12:29 210984 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2012-07-24 00:57 . 2011-09-17 01:38 39976 ----a-w- c:\windows\system32\drivers\btwl2cap.sys 2012-07-24 00:56 . 2012-07-24 00:56 -------- d-----w- c:\program files\WIDCOMM 2012-07-18 19:44 . 2012-07-18 19:44 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2012-07-12 00:08 . 2012-07-25 02:16 -------- d-----w- c:\programdata\RingCentral 2012-07-11 13:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 05:24 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 02:32 . 2012-07-11 02:33 -------- d-----w- c:\users\PhilR\AppData\Roaming\Epson . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-03 06:14 . 2012-05-01 19:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-03 06:14 . 2012-05-01 19:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 13:01 . 2011-09-24 03:10 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-03 01:19 . 2012-06-18 22:31 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-03 01:15 . 2012-06-18 22:31 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:19 . 2012-06-18 22:31 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-18 22:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-18 22:32 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-18 22:32 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-18 22:31 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-18 22:32 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-18 22:31 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-05-22 22:04 . 2012-05-22 22:04 994912 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-22 22:03 . 2012-05-22 22:03 211552 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-22 22:03 . 2012-05-22 22:03 146528 ----a-w- c:\windows\system32\drivers\vsflt67.sys 2012-05-22 22:03 . 2012-05-22 22:03 320096 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-22 22:03 . 2012-05-22 22:03 137312 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2012-05-16 18:50 . 2012-05-16 18:50 133944 ----a-w- c:\windows\SysWow64\atashost.exe 2012-05-16 18:50 . 2012-05-16 18:50 215864 ----a-w- c:\windows\SysWow64\atsckernel.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-09_01.09.15 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-08-09 19:45 38214 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-09 19:45 32600 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-08-09 16:46 . 2012-08-09 18:34 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat + 2012-05-10 21:09 . 2012-08-09 19:45 5998 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1298376464-3862165235-4182315753-1008_UserData.bin - 2012-08-09 01:08 . 2012-08-09 01:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-09 19:43 . 2012-08-09 19:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-09 01:08 . 2012-08-09 01:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-09 19:43 . 2012-08-09 19:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-08-09 01:05 667518 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-09 19:49 667518 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-08-09 01:05 123902 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-08-09 19:49 123902 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-08-09 01:07 384992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-09 19:43 384992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-05-17 20:03 . 2012-08-09 19:43 55689404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1298376464-3862165235-4182315753-1008-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392] "RCUI"="c:\program files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe" [2010-11-24 500992] "RCHotKey"="c:\program files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-11-24 38144] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "KASHVRTT9946155233048276"="c:\program files (x86)\Kaseya\VRTT9946155233048276\KaUsrTsk.exe" [2011-08-24 409600] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-12-03 112152] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-09-24 129648] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1390368] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAVRTT9946155233048276] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-28 116648] R2 KAVRTT9946155233048276;Kaseya Agent;c:\program files (x86)\Kaseya\VRTT9946155233048276\AgentMon.exe [2011-08-24 851968] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-28 116648] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2011-09-29 921952] R4 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2011-09-29 308136] S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2011-09-29 56008] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-05-22 137312] S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-05-22 146528] S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [2011-09-29 269904] S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [2011-09-29 35664] S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [2011-09-29 317520] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-05-16 133944] S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992] S2 KaseyaAVService;Kaseya Security Service;c:\program files (x86)\Kaseya\VRTT9946155233048276\KasAVSrv.exe [2011-09-29 221184] S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-09-24 81008] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-09-24 539248] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-04-01 163368] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-04-01 594472] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-21 342704] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.SYS [2011-06-23 30792] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . Contents of the 'Scheduled Tasks' folder . 2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 06:14] . 2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-28 21:09] . 2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-28 21:09] . 2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1298376464-3862165235-4182315753-1008Core.job - c:\users\PhilR\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 03:41] . 2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1298376464-3862165235-4182315753-1008UA.job - c:\users\PhilR\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 03:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-05 2907240] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-13 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-13 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-13 419096] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-14 112512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\avgrssta.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 24.25.227.15 209.18.47.61 DPF: {B65B1DCC-D421-4F3C-8F8F-909BDD967120} - hxxp://helpdesk.malamatech.com/inc/PluginManager/PluginManager.cab . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{A50F643C-3C5B-4D99-B68C-21A13C81E50E}"=hex:51,66,7a,6c,4c,1d,38,12,52,67,1c, a1,69,72,f7,08,c9,9a,62,e1,39,df,a1,1a "{05F8C4F4-44DA-49D7-92EE-0944AB774D99}"=hex:51,66,7a,6c,4c,1d,38,12,9a,c7,eb, 01,e8,0a,b9,0c,ed,f8,4a,04,ae,29,09,8d "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:13,5d,59,40,b9,6a,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*] "v5Licence0"="15-FD6B-RNNU-PKT1-9WX6-J36V-FH63989" "Activated"="N" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-09 09:51:44 ComboFix-quarantined-files.txt 2012-08-09 19:51 ComboFix2.txt 2012-08-09 01:12 . Pre-Run: 243,625,955,328 bytes free Post-Run: 243,485,323,264 bytes free . - - End Of File - - 884C469161369B53A9768742F6BC7394
  5. Fixlog.txt results: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012 02 Ran by SYSTEM at 2012-08-09 09:18:39 Run:1 Running from F:\ ============================================== C:\Windows\Installer\{b84a1084-4e70-1310-1954-64390743a0ea} moved successfully. ==== End of Fixlog ====
  6. Here are the results of the FRST.txt and search.txt: FRST.txt Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02 Ran by SYSTEM at 09-08-2012 08:49:03 Running from F:\ Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-04-12] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391960 2011-04-12] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [419096 2011-04-12] (Intel Corporation) HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [KASHVRTT9946155233048276] "C:\Program Files (x86)\Kaseya\VRTT9946155233048276\KaUsrTsk.exe" [409600 2011-08-24] (Kaseya International Limited) HKLM-x32\...\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [112152 2010-12-03] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [129648 2011-09-23] (VMware, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG) HKU\PhilR\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17417392 2012-07-03] (Skype Technologies S.A.) HKU\PhilR\...\Run: [RCUI] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe" [500992 2010-11-23] (RingCentral, Inc.) HKU\PhilR\...\Run: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" [38144 2010-11-23] (RingCentral, Inc.) HKU\StevenY\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [153136 2007-05-16] (Nero AG) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 24.25.227.15 209.18.47.61 AppInit_DLLs: C:\Windows\System32\avgrssta.dll Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Services (Whitelisted) ====== 2 atashost; "C:\Windows\SysWOW64\atashost.exe" [133944 2012-05-16] (Cisco WebEx LLC) 2 avg9emc; "C:\Program Files (x86)\AVG\AVG9\avgemc.exe" [921952 2011-09-29] (AVG Technologies CZ, s.r.o.) 2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2011-09-29] (AVG Technologies CZ, s.r.o.) 2 HPMSSConnectorSvc; "C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe" [20992 2009-10-05] (HP) 2 KaseyaAVService; "C:\Program Files (x86)\Kaseya\VRTT9946155233048276\KasAVSrv.exe" -s [221184 2011-09-29] () 2 KAVRTT9946155233048276; "C:\Program Files (x86)\Kaseya\VRTT9946155233048276\AgentMon.exe" [851968 2011-08-24] (Kaseya International Limited) 2 MediaCollectorService; "C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe" [81920 2009-10-05] (Hewlett-Packard Company) 2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-03] (Intel Corporation) 2 WinVNC4; "C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe" -service [1492344 2009-07-25] (RealVNC Ltd.) 3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [x] 3 ufad-ws60; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files (x86)\VMware\VMware Workstation\\" -s ufad-p2v.xml [x] ========================== Drivers (Whitelisted) ============= 1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2011-09-29] (AVG Technologies CZ, s.r.o.) 1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35664 2011-09-29] (AVG Technologies CZ, s.r.o.) 0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2011-09-29] (AVG Technologies CZ, s.r.o.) 1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2011-09-29] (AVG Technologies CZ, s.r.o.) 3 bcbtums; C:\Windows\System32\Drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.) 0 fltsrv; C:\Windows\System32\Drivers\fltsrv.sys [137312 2012-05-22] (Acronis) 3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.) 3 ivusb; C:\Windows\System32\Drivers\ivusb.sys [29720 2010-07-29] (Initio Corporation) 3 KAPFA; C:\Windows\System32\Drivers\KAPFA.sys [30792 2011-06-23] (Kaseya) 0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [146528 2012-05-22] (Acronis) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-08 19:28 - 2012-08-08 19:28 - 00001676 ____A C:\Users\PhilR\Downloads\RKreport.txt 2012-08-08 19:22 - 2012-08-08 19:22 - 00000011 ____A C:\Users\PhilR\Downloads\reboot.bat 2012-08-08 18:25 - 2012-08-08 18:25 - 00022228 ____A C:\Users\PhilR\Downloads\DDS.txt 2012-08-08 18:25 - 2012-08-08 18:25 - 00007305 ____A C:\Users\PhilR\Downloads\Attach.txt 2012-08-08 17:15 - 2012-08-08 17:15 - 00607260 ____R (Swearware) C:\Users\PhilR\Downloads\dds.com 2012-08-08 17:15 - 2012-08-08 17:15 - 00607260 ____A (Swearware) C:\Users\PhilR\Downloads\dds.scr 2012-08-08 17:12 - 2012-08-08 17:12 - 00022359 ____A C:\ComboFix.txt 2012-08-08 17:01 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-08-08 17:01 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-08-08 17:01 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-08-08 17:01 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-08-08 17:01 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-08-08 17:01 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-08-08 17:01 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-08-08 17:01 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-08-08 16:46 - 2012-08-08 16:47 - 04727110 ____R (Swearware) C:\Users\PhilR\Desktop\ComboFix.exe 2012-08-08 16:37 - 2012-08-08 19:24 - 01552896 ____A C:\Users\PhilR\Downloads\RogueKiller.exe 2012-08-08 16:18 - 2012-08-08 16:19 - 00262144 ____A C:\Windows\Minidump\080812-29312-01.dmp 2012-08-08 16:18 - 2012-08-08 16:18 - 676143569 ____A C:\Windows\MEMORY.DMP 2012-08-08 16:18 - 2012-08-08 16:18 - 00000000 ____D C:\Windows\Minidump 2012-08-08 16:17 - 2012-08-08 17:12 - 00000000 ____D C:\Qoobox 2012-08-08 16:17 - 2012-08-08 17:11 - 00000000 ____D C:\Windows\erdnt 2012-08-08 16:11 - 2012-08-08 16:11 - 01439705 ____A (Farbar) C:\Users\PhilR\Downloads\FRST64.exe 2012-08-08 13:02 - 2012-08-08 13:02 - 00000000 ____D C:\Windows\pss 2012-08-07 18:29 - 2012-08-07 18:29 - 00000822 ____A C:\Users\PhilR\Downloads\stephanie Delmont.txt 2012-08-07 12:03 - 2012-08-07 12:12 - 00000000 ____D C:\ruu_log 2012-08-07 11:51 - 2012-08-07 18:49 - 00000000 ____D C:\Program Files (x86)\Android 2012-08-07 11:37 - 2012-08-07 11:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2012-08-07 11:36 - 2011-11-25 02:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys 2012-08-07 11:36 - 2009-11-08 03:41 - 01490656 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll 2012-08-07 11:36 - 2009-11-08 03:41 - 00708168 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll 2012-08-07 11:30 - 2012-08-07 11:30 - 00000000 ____D C:\Users\PhilR\Downloads\android-usb-driver 2012-08-07 11:24 - 2012-08-07 11:24 - 00000000 ____D C:\Users\PhilR\Downloads\HTC_Driver_64 2012-08-06 23:16 - 2012-08-06 23:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-03 17:35 - 2012-08-03 17:35 - 00000000 ____D C:\pwrcmdr 2012-08-02 11:08 - 2012-08-02 11:11 - 35807513 ____A C:\Users\PhilR\Downloads\Suzuki_GSF_1250_Bandit_2007_Service_Manual.zip 2012-07-31 19:41 - 2012-08-09 09:51 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1298376464-3862165235-4182315753-1008UA.job 2012-07-31 19:41 - 2012-08-08 19:51 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1298376464-3862165235-4182315753-1008Core.job 2012-07-31 19:40 - 2012-07-31 19:41 - 00000000 ____D C:\Users\PhilR\AppData\Local\Deployment 2012-07-31 19:40 - 2012-07-31 19:40 - 00000000 ____D C:\Users\PhilR\AppData\Local\Apps\2.0 2012-07-30 15:28 - 2012-07-30 15:30 - 33381416 ____A (Microsoft Corporation) C:\Users\PhilR\Downloads\setup.exe 2012-07-26 18:50 - 2012-07-26 19:11 - 00000768 ____A C:\Users\PhilR\advanced_ip_scanner_MAC.bin 2012-07-26 18:50 - 2012-07-26 18:50 - 06980992 ____A (Famatech Corp.) C:\Users\PhilR\Downloads\ipscan22.exe 2012-07-26 18:48 - 2012-07-26 18:48 - 00000000 ____D C:\Program Files (x86)\Advanced IP Scanner v2 2012-07-26 13:54 - 2012-07-26 13:54 - 00000000 ____D C:\Users\PhilR\AppData\Local\Microsoft_Corporation 2012-07-25 15:17 - 2012-07-25 15:17 - 00000000 ____D C:\Users\PhilR\AppData\Roaming\Malwarebytes 2012-07-25 15:15 - 2012-07-25 15:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-25 15:15 - 2012-07-25 15:15 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-25 15:15 - 2012-07-25 15:15 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-25 15:15 - 2012-07-03 15:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-23 17:02 - 2012-07-23 17:02 - 00000000 ____D C:\Users\PhilR\AppData\Local\Broadcom 2012-07-23 17:01 - 2012-03-31 19:52 - 00594472 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys 2012-07-23 16:57 - 2012-03-31 19:52 - 00184872 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys 2012-07-23 16:57 - 2012-03-05 04:29 - 00210984 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys 2012-07-23 16:57 - 2012-03-05 04:29 - 00021544 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys 2012-07-23 16:57 - 2011-09-16 17:38 - 00039976 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys 2012-07-23 16:56 - 2012-07-23 16:56 - 00000000 ____D C:\Program Files\WIDCOMM 2012-07-20 16:33 - 2012-07-20 16:33 - 02491489 ____A C:\Users\PhilR\Downloads\wrar_unplugged_3.9.1.1.exe 2012-07-19 11:38 - 2012-07-19 11:39 - 00021932 ____A C:\Users\PhilR\AppData\Roaming\Microsoft Excel 97-2003.ADR 2012-07-18 11:46 - 2012-07-18 11:46 - 00001254 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2012-07-18 11:44 - 2012-07-18 11:44 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2012-07-11 16:19 - 2012-07-11 16:19 - 00002112 ____A C:\Users\Public\Desktop\RingCentral Call Controller.lnk 2012-07-11 16:19 - 2012-07-11 16:19 - 00000000 ____D C:\Program Files (x86)\RingCentral 2012-07-11 16:19 - 2010-05-05 14:22 - 03400544 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltwvcx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 02636128 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltwvcax.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00613728 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltkrnx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00498016 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltimgcorx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00473952 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Lfcmpx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00348000 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltefxx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00339296 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltdisx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00332288 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltjp2x.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00329568 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Lfj2kx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00277344 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltimgclrx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00259424 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltimgefxx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00227168 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltfilx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00212320 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Lftifx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00193888 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Ltimgutlx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00149344 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Lfpngx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00090976 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Lffaxx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00080224 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Lfjbgx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00039776 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Lfgifx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00037216 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Lfbmpx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00030560 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Lfepsx.dll 2012-07-11 16:19 - 2010-05-05 14:22 - 00020832 ____A (LEAD Technologies, Inc.) C:\Windows\System32\Lfwpgx.dll 2012-07-11 16:08 - 2012-07-24 18:16 - 00000000 ____D C:\Users\All Users\RingCentral 2012-07-11 05:18 - 2012-07-11 05:18 - 00000000 ____A C:\Windows\EEventManager.INI 2012-07-11 05:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 05:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 05:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 05:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 05:00 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 05:00 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 05:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 05:00 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 05:00 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 05:00 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 05:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 05:00 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 05:00 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 05:00 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 05:00 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 05:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-11 05:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-11 05:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-11 05:00 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-11 05:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-11 05:00 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-11 05:00 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-11 05:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-11 05:00 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-11 05:00 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-11 05:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-11 05:00 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-11 05:00 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-11 05:00 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-10 21:24 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-10 21:24 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-10 21:24 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-10 21:24 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-10 21:24 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-10 21:24 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-10 21:24 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-10 21:24 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-10 21:24 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-10 21:24 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-10 21:24 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-10 21:24 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-10 21:24 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-10 21:24 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-10 21:24 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-10 21:24 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-10 21:24 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-10 21:24 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-10 21:24 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-10 18:33 - 2012-08-08 17:09 - 00006398 ____A C:\Users\PhilR\Sti_Trace.log 2012-07-10 18:32 - 2012-07-10 18:33 - 00000000 ____D C:\Users\PhilR\AppData\Roaming\Epson ============ 3 Months Modified Files ======================== 2012-08-09 10:34 - 2011-06-29 20:19 - 01825163 ____A C:\Windows\WindowsUpdate.log 2012-08-09 10:33 - 2009-07-13 21:13 - 00787328 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-09 10:19 - 2012-06-28 13:09 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-09 10:14 - 2012-05-01 11:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-09 09:51 - 2012-07-31 19:41 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1298376464-3862165235-4182315753-1008UA.job 2012-08-09 08:19 - 2012-06-28 13:09 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-08 22:09 - 2009-07-13 20:45 - 00020704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-08 22:09 - 2009-07-13 20:45 - 00020704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-08 19:51 - 2012-07-31 19:41 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1298376464-3862165235-4182315753-1008Core.job 2012-08-08 19:28 - 2012-08-08 19:28 - 00001676 ____A C:\Users\PhilR\Downloads\RKreport.txt 2012-08-08 19:24 - 2012-08-08 16:37 - 01552896 ____A C:\Users\PhilR\Downloads\RogueKiller.exe 2012-08-08 19:22 - 2012-08-08 19:22 - 00000011 ____A C:\Users\PhilR\Downloads\reboot.bat 2012-08-08 18:25 - 2012-08-08 18:25 - 00022228 ____A C:\Users\PhilR\Downloads\DDS.txt 2012-08-08 18:25 - 2012-08-08 18:25 - 00007305 ____A C:\Users\PhilR\Downloads\Attach.txt 2012-08-08 17:15 - 2012-08-08 17:15 - 00607260 ____R (Swearware) C:\Users\PhilR\Downloads\dds.com 2012-08-08 17:15 - 2012-08-08 17:15 - 00607260 ____A (Swearware) C:\Users\PhilR\Downloads\dds.scr 2012-08-08 17:12 - 2012-08-08 17:12 - 00022359 ____A C:\ComboFix.txt 2012-08-08 17:09 - 2012-07-10 18:33 - 00006398 ____A C:\Users\PhilR\Sti_Trace.log 2012-08-08 17:09 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-08-08 17:08 - 2010-11-20 19:47 - 00019114 ____A C:\Windows\PFRO.log 2012-08-08 17:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-08 17:08 - 2009-07-13 20:51 - 00040691 ____A C:\Windows\setupact.log 2012-08-08 17:08 - 2009-07-13 18:34 - 65798144 ____A C:\Windows\System32\config\SOFTWARE.bak 2012-08-08 17:08 - 2009-07-13 18:34 - 19136512 ____A C:\Windows\System32\config\SYSTEM.bak 2012-08-08 17:08 - 2009-07-13 18:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak 2012-08-08 17:08 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak 2012-08-08 17:08 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak 2012-08-08 16:47 - 2012-08-08 16:46 - 04727110 ____R (Swearware) C:\Users\PhilR\Desktop\ComboFix.exe 2012-08-08 16:19 - 2012-08-08 16:18 - 00262144 ____A C:\Windows\Minidump\080812-29312-01.dmp 2012-08-08 16:18 - 2012-08-08 16:18 - 676143569 ____A C:\Windows\MEMORY.DMP 2012-08-08 16:11 - 2012-08-08 16:11 - 01439705 ____A (Farbar) C:\Users\PhilR\Downloads\FRST64.exe 2012-08-07 18:29 - 2012-08-07 18:29 - 00000822 ____A C:\Users\PhilR\Downloads\stephanie Delmont.txt 2012-08-07 11:37 - 2012-08-07 11:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2012-08-02 22:14 - 2012-05-01 11:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-02 22:14 - 2012-05-01 11:54 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-02 11:11 - 2012-08-02 11:08 - 35807513 ____A C:\Users\PhilR\Downloads\Suzuki_GSF_1250_Bandit_2007_Service_Manual.zip 2012-07-30 15:30 - 2012-07-30 15:28 - 33381416 ____A (Microsoft Corporation) C:\Users\PhilR\Downloads\setup.exe 2012-07-26 19:11 - 2012-07-26 18:50 - 00000768 ____A C:\Users\PhilR\advanced_ip_scanner_MAC.bin 2012-07-26 18:50 - 2012-07-26 18:50 - 06980992 ____A (Famatech Corp.) C:\Users\PhilR\Downloads\ipscan22.exe 2012-07-25 15:15 - 2012-07-25 15:15 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-20 16:33 - 2012-07-20 16:33 - 02491489 ____A C:\Users\PhilR\Downloads\wrar_unplugged_3.9.1.1.exe 2012-07-19 15:10 - 2012-06-27 14:57 - 00032470 ____A C:\Users\PhilR\AppData\Roaming\Microsoft Access 97-2003.ADR 2012-07-19 15:10 - 2012-06-27 14:57 - 00000028 ____A C:\Windows\ODBC.INI 2012-07-19 11:39 - 2012-07-19 11:38 - 00021932 ____A C:\Users\PhilR\AppData\Roaming\Microsoft Excel 97-2003.ADR 2012-07-18 11:46 - 2012-07-18 11:46 - 00001254 ____A C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2012-07-12 12:27 - 2009-07-13 20:45 - 00408456 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 18:09 - 2012-05-08 11:12 - 00108824 ____A C:\Users\PhilR\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-11 16:20 - 2009-07-13 18:34 - 00000923 ____A C:\Windows\win.ini 2012-07-11 16:19 - 2012-07-11 16:19 - 00002112 ____A C:\Users\Public\Desktop\RingCentral Call Controller.lnk 2012-07-11 05:18 - 2012-07-11 05:18 - 00000000 ____A C:\Windows\EEventManager.INI 2012-07-11 05:01 - 2011-09-23 19:10 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-09 13:59 - 2012-07-09 13:53 - 00003735 ____A C:\Users\PhilR\Downloads\Windows product keys.nfo 2012-07-06 15:22 - 2012-07-06 15:22 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-07-05 14:47 - 2012-06-27 16:55 - 00000469 ____A C:\Users\PhilR\Downloads\DQ's Buffalo server.txt 2012-07-03 15:46 - 2012-07-25 15:15 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-03 10:59 - 2012-07-03 10:59 - 00000064 ____A C:\Users\PhilR\Downloads\Dophin Quest info.txt 2012-07-02 17:01 - 2012-07-02 17:01 - 00479382 ____A C:\Users\PhilR\Downloads\bootcd.zip 2012-07-02 16:45 - 2012-07-02 16:45 - 00657495 ____A C:\Users\PhilR\Downloads\I600mA17.exe 2012-06-28 13:10 - 2012-06-28 13:10 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk 2012-06-27 12:54 - 2012-06-27 12:54 - 00047224 ____A C:\Users\PhilR\Downloads\Bios.exe 2012-06-27 11:59 - 2012-06-27 11:50 - 12282037 ____A C:\Users\PhilR\Downloads\cqpsetup.zip 2012-06-22 13:28 - 2012-06-22 13:13 - 407010384 ____A (Microsoft Corporation) C:\Users\PhilR\Downloads\X12-30196.exe 2012-06-15 11:42 - 2012-06-15 11:24 - 613999272 ____A (Microsoft Corporation) C:\Users\PhilR\Downloads\X16-32007.exe 2012-06-14 16:29 - 2011-11-14 19:13 - 329908224 ____A C:\Users\PhilR\Downloads\ABR_AUR11.0.17318.iso 2012-06-11 19:08 - 2012-07-11 05:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-10 21:24 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-10 21:24 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-10 21:24 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-10 21:24 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-10 21:24 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-10 21:24 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-10 21:24 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-10 21:24 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-04 12:27 - 2011-06-29 23:59 - 00108824 ____A C:\Users\StevenY\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-04 12:26 - 2012-06-04 12:26 - 00002601 ____A C:\Users\Public\Desktop\ConnectWise PSA.lnk 2012-06-02 17:19 - 2012-06-18 14:31 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 17:15 - 2012-06-18 14:31 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 14:19 - 2012-06-18 14:32 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-18 14:32 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-18 14:32 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-18 14:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-18 14:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-18 14:32 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-18 14:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 04:49 - 2012-07-11 05:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-11 05:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-11 05:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-11 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-11 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-11 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-11 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-11 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-11 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-11 05:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-11 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-11 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-11 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-11 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-11 05:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-11 05:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-11 05:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-11 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-11 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-11 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-11 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-11 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-11 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-11 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-11 05:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-11 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-11 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-11 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-10 21:24 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-10 21:24 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-10 21:24 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-10 21:24 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-10 21:24 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-10 21:24 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-10 21:24 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-10 21:24 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-10 21:24 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-25 13:20 - 2012-05-25 13:20 - 00003132 ____A C:\Windows\Kaseya.html 2012-05-25 13:20 - 2012-05-25 13:19 - 00003186 ____A C:\Windows\Kaseya-KES-201250525-11-19-59.html 2012-05-22 14:35 - 2012-05-22 14:34 - 03541224 ____A C:\Windows\System32\AcronisTrueImage.msi.txt 2012-05-22 14:35 - 2012-05-22 14:34 - 00243066 ____A C:\Windows\SysWOW64\AcronisTrueImage.msi.txt 2012-05-22 14:04 - 2012-05-22 14:04 - 00994912 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys 2012-05-22 14:03 - 2012-05-22 14:03 - 00320096 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys 2012-05-22 14:03 - 2012-05-22 14:03 - 00211552 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys 2012-05-22 14:03 - 2012-05-22 14:03 - 00146528 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys 2012-05-22 14:03 - 2012-05-22 14:03 - 00137312 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys 2012-05-18 12:25 - 2012-05-18 12:25 - 00026112 ____H C:\Users\PhilR\Downloads\~WRL0001.tmp 2012-05-16 10:50 - 2012-05-16 10:50 - 00215864 ____A (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe 2012-05-16 10:50 - 2012-05-16 10:50 - 00133944 ____A (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe 2012-05-15 16:45 - 2012-05-15 16:45 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-05-15 16:45 - 2012-05-15 16:45 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-05-15 16:37 - 2012-05-08 11:11 - 00000438 _RASH C:\Users\PhilR\ntuser.pol ZeroAccess: C:\Windows\Installer\{b84a1084-4e70-1310-1954-64390743a0ea} C:\Windows\Installer\{b84a1084-4e70-1310-1954-64390743a0ea}\L C:\Windows\Installer\{b84a1084-4e70-1310-1954-64390743a0ea}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 8072.9 MB Available physical RAM: 7232.35 MB Total Pagefile: 8071.1 MB Available Pagefile: 7224.39 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:465.62 GB) (Free:226.93 GB) NTFS 2 Drive e: (Windows7_x86) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF 3 Drive f: (NEW VOLUME) (Removable) (Total:29.82 GB) (Free:22.02 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 29 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 100 MB 40 MB Partition 3 Primary 465 GB 140 MB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 465 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 29 GB 1024 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F NEW VOLUME FAT32 Removable 29 GB Healthy ================================================================================== ========================================================== Last Boot: 2012-08-07 02:26 ======================= End Of Log ========================== Search.txt Farbar Recovery Scan Tool Version: 08-08-2012 02 Ran by SYSTEM at 2012-08-09 08:54:16 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\erdnt\cache64\services.exe [2012-08-08 17:11] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  7. Thanks for the quick response, MrCharlie. Here are the results: RogueKiller V7.6.5 [08/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: PhilR [Admin rights] Mode: Scan -- Date: 08/08/2012 17:27:42 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 5 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : c:\windows\installer\{b84a1084-4e70-1310-1954-64390743a0ea}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{b84a1084-4e70-1310-1954-64390743a0ea}\L --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3500413AS +++++ --- User --- [MBR] 698d6f1494f7993727c831a9c9ee8267 [bSP] 04fe2b74ef0b5592f68416a62db34c98 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 286720 | Size: 476799 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport.txt >> RKreport.txt
  8. I just read that I should have posted the contents of the logs instead of attaching then... so sorry and here they are: Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/29/2011 9:20:35 PM System Uptime: 8/8/2012 3:08:25 PM (1 hours ago) . Motherboard: Dell Inc. | | 06D7TR Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 228.815 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP140: 8/6/2012 1:03:26 PM - Scheduled Checkpoint RP141: 8/7/2012 9:35:10 AM - Device Driver Package Install: Google, Inc. RP142: 8/7/2012 9:36:26 AM - Device Driver Package Install: Google, Inc. RP143: 8/7/2012 9:37:25 AM - Device Driver Package Install: June Fabrics Technology Inc. Network adapters RP144: 8/8/2012 2:11:09 PM - Before removal . ==== Installed Programs ====================== . 7-Zip 9.20 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 Advanced IP Scanner AVG 9.0 Cisco ASDM-IDM Launcher ConnectWise Internet Client ConnectWise Outlook 2010 Add-in Epson Event Manager Epson Print CD EPSON Scan EpsonNet Print EpsonNet Setup Google Chrome Google Earth Google Update Helper Intel® Management Engine Components Intel® Processor Graphics Java Auto Updater Java 7 Update 4 JavaFX 2.1.0 Kaseya Agent (kihei.home.malamatech - helpdesk.malamatech.com) KONICA MINOLTA magicolor 4690MF Scanner KONICA MINOLTA mc4690MF (FAX) KONICA MINOLTA PageScope Net Care Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Silverlight Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) neroxml Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver RingCentral Call Controller SeaTools for Windows Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype Click to Call Skype™ 5.10 SUNIX Multi-IO Controller swMSM SyncToy 2.1 (x86) tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VirtualCloneDrive Visual C++ 8.0 Runtime Setup Package (x64) VMware Workstation VNC Enterprise Edition E4.5.1 WebEx . ==== Event Viewer Messages From Past Week ======== . 8/8/2012 9:59:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 8/8/2012 9:59:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx64 AvgMfx64 discache ElbyCDIO spldr vpcvmm Wanarpv6 8/8/2012 3:09:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/8/2012 3:09:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/8/2012 3:08:56 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 8/8/2012 3:07:44 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/8/2012 3:07:01 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 8/8/2012 3:00:53 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). 8/8/2012 2:59:48 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 8/8/2012 2:20:28 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 8/8/2012 2:19:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030c57ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080812-29312-01. 8/8/2012 12:42:05 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 8/7/2012 12:37:19 PM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it. 8/3/2012 3:09:04 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by PhilR at 16:24:42 on 2012-08-08 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5558 [GMT -10:00] . AV: AVG Internet Security Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\atashost.exe C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe C:\Program Files (x86)\AVG\AVG9\avgam.exe C:\Program Files (x86)\Kaseya\VRTT9946155233048276\KasAVSrv.exe C:\Program Files (x86)\Kaseya\VRTT9946155233048276\AgentMon.exe C:\Windows\system32\taskhost.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SysWOW64\vmnat.exe C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe C:\Program Files (x86)\AVG\AVG9\avgemc.exe C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Kaseya\VRTT9946155233048276\KaUsrTsk.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\System32\mobsync.exe C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\ConnectWise\Psa.Net\Psa.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: RCIEBrowserToolbar Class: {05f8c4f4-44da-49d7-92ee-0944ab774d99} - C:\PROGRA~2\RINGCE~1\RINGCE~1\IEBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: RingCentral For Internet Explorer: {a50f643c-3c5b-4d99-b68c-21a13c81e50e} - C:\PROGRA~2\RINGCE~1\RINGCE~1\IEBHO.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [RCUI] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe" uRun: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" mRun: [KASHVRTT9946155233048276] "C:\Program Files (x86)\Kaseya\VRTT9946155233048276\KaUsrTsk.exe" mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://helpdesk.malamatech.com/inc/kaxRemote.dll DPF: {B65B1DCC-D421-4F3C-8F8F-909BDD967120} - hxxp://helpdesk.malamatech.com/inc/PluginManager/PluginManager.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ciscosupport.webex.com/client/WBXclient-T27L10NSP25EP3-11662/support/ieatgpc1.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928 TCP: DhcpNameServer = 24.25.227.15 209.18.47.61 TCP: Interfaces\{DAF80D73-D07D-48C1-988D-152B6C9BC7A4} : DhcpNameServer = 24.25.227.15 209.18.47.61 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll BHO-X64: RCIEBrowserToolbar Class: {05F8C4F4-44DA-49D7-92EE-0944AB774D99} - C:\PROGRA~2\RINGCE~1\RINGCE~1\IEBHO.dll BHO-X64: RingCentral For Internet Explorer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: RingCentral For Internet Explorer: {A50F643C-3C5B-4D99-B68C-21A13C81E50E} - C:\PROGRA~2\RINGCE~1\RINGCE~1\IEBHO.dll mRun-x64: [KASHVRTT9946155233048276] "C:\Program Files (x86)\Kaseya\VRTT9946155233048276\KaUsrTsk.exe" mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?] R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?] R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\system32\DRIVERS\vsflt67.sys --> C:\Windows\system32\DRIVERS\vsflt67.sys [?] R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?] R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?] R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928] R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-5-16 133944] R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2011-9-29 921952] R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-9-29 308136] R2 HPMSSConnectorSvc;HPMSSConnectorService;C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-5 20992] R2 KaseyaAVService;Kaseya Security Service;C:\Program Files (x86)\Kaseya\VRTT9946155233048276\KasAVSrv.exe [2011-9-29 221184] R2 KAVRTT9946155233048276;Kaseya Agent;C:\Program Files (x86)\Kaseya\VRTT9946155233048276\AgentMon.exe [2011-6-29 851968] R2 MediaCollectorService;MediaCollectorService;C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-5 81920] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-29 2656280] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-9-23 539248] R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys --> C:\Windows\system32\drivers\bcbtums.sys [?] R3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 KAPFA;KAPFA;\??\C:\Windows\system32\drivers\KAPFA.SYS --> C:\Windows\system32\drivers\KAPFA.SYS [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-28 116648] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-1 250056] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-28 116648] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?] . =============== Created Last 30 ================ . 2012-08-09 01:09:16 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-09 01:01:38 98816 ----a-w- C:\Windows\sed.exe 2012-08-09 01:01:38 518144 ----a-w- C:\Windows\SWREG.exe 2012-08-09 01:01:38 256000 ----a-w- C:\Windows\PEV.exe 2012-08-09 01:01:38 208896 ----a-w- C:\Windows\MBR.exe 2012-08-08 21:02:04 -------- d-----w- C:\Windows\pss 2012-08-07 20:03:39 -------- d-----w- C:\ruu_log 2012-08-07 19:51:36 -------- d-----w- C:\Program Files (x86)\Android 2012-08-07 19:36:17 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll 2012-08-07 19:36:17 15360 ----a-w- C:\Windows\System32\drivers\pneteth.sys 2012-08-07 19:36:17 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll 2012-08-07 07:16:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-08-04 01:35:30 -------- d-----w- C:\pwrcmdr 2012-08-01 03:40:54 -------- d-----w- C:\Users\PhilR\AppData\Local\Apps 2012-08-01 03:40:53 -------- d-----w- C:\Users\PhilR\AppData\Local\Deployment 2012-07-27 02:50:43 768 ----a-w- C:\Users\PhilR\advanced_ip_scanner_MAC.bin 2012-07-27 02:48:38 -------- d-----w- C:\Program Files (x86)\Advanced IP Scanner v2 2012-07-26 21:54:10 -------- d-----w- C:\Users\PhilR\AppData\Local\Microsoft_Corporation 2012-07-25 23:17:31 -------- d-----w- C:\Users\PhilR\AppData\Roaming\Malwarebytes 2012-07-25 23:15:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-25 23:15:59 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-25 23:15:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-24 01:02:00 -------- d-----w- C:\Users\PhilR\AppData\Local\Broadcom 2012-07-24 01:01:48 594472 ----a-w- C:\Windows\System32\drivers\btwampfl.sys 2012-07-24 00:57:03 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys 2012-07-24 00:57:02 210984 ----a-w- C:\Windows\System32\drivers\btwavdt.sys 2012-07-24 00:57:02 184872 ----a-w- C:\Windows\System32\drivers\btwaudio.sys 2012-07-24 00:57:01 39976 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys 2012-07-24 00:56:25 -------- d-----w- C:\Program Files\WIDCOMM 2012-07-18 19:44:54 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes 2012-07-12 00:08:57 -------- d-----w- C:\ProgramData\RingCentral 2012-07-11 13:03:20 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 05:24:46 2004480 ----a-w- C:\Windows\System32\msxml6.dll . ==================== Find3M ==================== . 2012-08-03 06:14:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-03 06:14:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-03 01:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-03 01:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-22 22:04:03 994912 ----a-w- C:\Windows\System32\drivers\timntr.sys 2012-05-22 22:03:55 211552 ----a-w- C:\Windows\System32\drivers\vididr.sys 2012-05-22 22:03:54 146528 ----a-w- C:\Windows\System32\drivers\vsflt67.sys 2012-05-22 22:03:50 320096 ----a-w- C:\Windows\System32\drivers\snapman.sys 2012-05-22 22:03:49 137312 ----a-w- C:\Windows\System32\drivers\fltsrv.sys 2012-05-16 18:50:50 133944 ----a-w- C:\Windows\SysWow64\atashost.exe 2012-05-16 18:50:46 215864 ----a-w- C:\Windows\SysWow64\atsckernel.exe . ============= FINISH: 16:25:07.46 =============== mbam-log-2012-08-08 (16-23-20).txt Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.07.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 PhilR :: KIHEI [administrator] 8/8/2012 3:13:45 PM mbam-log-2012-08-08 (16-23-20).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 405217 Time elapsed: 31 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Qoobox\Quarantine\C\Windows\Installer\{b84a1084-4e70-1310-1954-64390743a0ea}\n.vir (Rootkit.0Access) -> No action taken. C:\Qoobox\Quarantine\C\Windows\Installer\{b84a1084-4e70-1310-1954-64390743a0ea}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> No action taken. C:\Qoobox\Quarantine\C\Windows\Installer\{b84a1084-4e70-1310-1954-64390743a0ea}\U\000000cb.@.vir (Rootkit.0Access) -> No action taken. C:\Qoobox\Quarantine\C\Windows\Installer\{b84a1084-4e70-1310-1954-64390743a0ea}\U\80000032.@.vir (Rootkit.0Access) -> No action taken. (end)
  9. I have been infected with the Trojan.Dropper.BCMiner virus on my work computer. It happened a couple of weeks ago and I have noticed IE redirecting after the infection. I ran MalwareBytes from safe mode but the virus was not successfully cleaned. I have been reading about this virus and it seems that it may not be an easy one to get rid of yet. I have attached the DDS, Attach and mbam logs and would really appreciate any help with this issue. Thanks in advance. Attach.txt DDS.txt mbam-log-2012-08-08 (16-23-20).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.