forensicg33k
Members-
Posts
8 -
Joined
-
Last visited
Reputation
0 Neutral-
Am I cleared of the ZeroAccess infection?
forensicg33k replied to forensicg33k's topic in Resolved Malware Removal Logs
No worries. Many, many thanks. Have a good rest of your day. -
Am I cleared of the ZeroAccess infection?
forensicg33k replied to forensicg33k's topic in Resolved Malware Removal Logs
You've definitely been a huge help. Thank you so, so much. I was thinking I was going to have to reinstall windows. Is there anyway to tell from the logs how long I was infected for? The computer only began to have symptoms on Friday (7/20). If not, no worries. Thanks again. -
Am I cleared of the ZeroAccess infection?
forensicg33k replied to forensicg33k's topic in Resolved Malware Removal Logs
The computer seems to be running great. No notifications from Mcafee, no redirects, etc. MBAM log Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.24.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jenny :: JENNYLAPTOP [administrator] 7/24/2012 4:54:32 PM mbam-log-2012-07-24 (16-54-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218969 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -
Am I cleared of the ZeroAccess infection?
forensicg33k replied to forensicg33k's topic in Resolved Malware Removal Logs
I appreciate all your help with this. ComboFix Log File ComboFix 12-07-25.04 - Jenny 07/24/2012 16:33:24.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5876.4062 [GMT -4:00] Running from: c:\users\Jenny\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 ))))))))))))))))))))))))))))))) . . 2012-07-24 20:41 . 2012-07-24 20:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-24 20:41 . 2012-07-24 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-24 04:13 . 2012-07-24 04:13 -------- d-----w- C:\FRST 2012-07-23 23:58 . 2012-07-23 23:58 -------- d-----w- c:\users\Jenny\AppData\Local\Apps 2012-07-23 23:58 . 2012-07-23 23:59 -------- d-----w- c:\users\Jenny\AppData\Local\Deployment 2012-07-23 22:46 . 2012-07-23 22:46 -------- d-----w- c:\users\Jenny\AppData\Local\Broadcom 2012-07-23 22:07 . 2012-07-23 22:07 -------- d-----w- c:\users\Jenny\AppData\Roaming\GetRightToGo 2012-07-23 22:01 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-07-23 21:54 . 2012-07-23 21:58 -------- d-----w- c:\program files (x86)\stinger 2012-07-23 20:51 . 2012-07-23 22:54 -------- d-----w- C:\sh4ldr 2012-07-23 20:51 . 2012-07-23 20:51 -------- d-----w- c:\program files\Enigma Software Group 2012-07-23 20:49 . 2012-07-23 22:54 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-07-23 19:04 . 2012-07-23 19:04 -------- d-----w- c:\users\Jenny\AppData\Local\Apple 2012-07-23 19:04 . 2012-07-23 19:04 -------- d-----w- c:\users\Jenny\AppData\Local\Apple Computer 2012-07-23 18:16 . 2012-07-23 18:16 -------- d-----w- c:\users\Jenny\AppData\Local\Macromedia 2012-07-23 18:13 . 2012-07-24 00:06 -------- d-----w- c:\users\Jenny\AppData\Local\Google 2012-07-23 14:09 . 2012-07-23 18:15 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer 2012-07-23 13:49 . 2012-07-23 13:49 -------- d-----w- c:\program files (x86)\PC Tools 2012-07-23 13:49 . 2012-07-23 13:49 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-23 13:46 . 2012-07-23 18:10 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-07-23 13:46 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-07-23 13:46 . 2012-07-23 18:09 -------- d-----w- c:\programdata\PC Tools 2012-07-23 13:46 . 2012-07-23 13:46 -------- d-----w- c:\users\Jenny\AppData\Roaming\TestApp 2012-07-23 13:13 . 2012-07-23 13:13 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-22 20:21 . 2012-07-23 22:44 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2012-07-22 00:51 . 2012-07-22 01:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-07-22 00:51 . 2012-07-22 01:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-19 15:52 . 2012-07-19 15:52 -------- d-----w- c:\program files (x86)\Lavasoft 2012-07-19 15:47 . 2012-07-19 15:47 -------- d-----w- c:\users\Jenny\AppData\Roaming\Ad-Aware Antivirus 2012-07-15 23:22 . 2012-07-15 23:23 -------- d-----w- c:\users\Jenny\AppData\Roaming\HP 2012-07-15 23:22 . 2012-07-15 23:22 -------- d-----w- c:\programdata\WEBREG 2012-07-15 23:16 . 2009-04-16 16:47 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70w.dll 2012-07-15 23:12 . 2012-07-15 23:13 -------- d-----w- c:\program files (x86)\Coupons 2012-07-15 23:04 . 2012-07-15 23:04 -------- d-----w- c:\program files\HP 2012-07-15 23:03 . 2012-07-15 23:21 -------- d-----w- c:\programdata\HP 2012-07-12 23:13 . 2012-07-12 23:13 -------- d-----r- c:\users\Jenny\AppData\Roaming\Brother 2012-07-12 03:01 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 13:45 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-10 22:06 . 2012-07-10 22:11 -------- d-----w- c:\programdata\Brother . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 02:57 . 2011-01-29 04:44 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-12 02:26 . 2012-03-29 12:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 02:26 . 2011-05-15 11:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-03 17:46 . 2012-05-28 22:28 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 22:19 . 2012-06-19 13:17 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 13:17 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 13:17 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 13:17 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 13:17 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 13:17 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 13:17 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-19 13:17 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-19 13:17 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-04 11:06 . 2012-06-13 13:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 13:48 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 13:48 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 13:48 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 13:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 13:48 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 13:48 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 13:48 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-07-24_18.11.31 ))))))))))))))))))))))))))))))))))))))))) . + 2011-01-22 11:17 . 2012-07-24 18:12 59388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-24 20:28 37436 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-01-29 14:11 . 2012-07-24 20:28 17900 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2759911898-4256714258-1271858132-1002_UserData.bin - 2011-01-28 02:29 . 2012-07-24 17:18 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-01-28 02:29 . 2012-07-24 20:27 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-01-28 02:29 . 2012-07-24 17:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-01-28 02:29 . 2012-07-24 20:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-24 17:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-24 20:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-01-22 13:03 . 2012-07-24 18:09 1665 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2011-01-22 13:03 . 2012-07-24 20:25 1665 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2012-07-24 18:10 . 2012-07-24 18:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-24 20:26 . 2012-07-24 20:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-24 20:26 . 2012-07-24 20:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-24 18:10 . 2012-07-24 18:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-07-24 18:09 500192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-24 20:25 500192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-01-31 05:03 . 2012-07-24 20:25 5773596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759911898-4256714258-1271858132-1002-8192.dat - 2011-01-31 05:03 . 2012-07-24 18:09 5773596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759911898-4256714258-1271858132-1002-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\users\Jenny\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-02 522736] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-05-26 826896] "NI Background Service"="c:\program files (x86)\National Instruments\Shared\Update Service\niupdate.exe" [2010-05-28 77824] "niDevMon"="c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Boingo Wi-Finder"="c:\program files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk" [2012-05-16 2429] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-1 110592] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-6-24 1207312] UVA ITC Network Setup Tool Cert Checker.lnk - c:\windows\Installer\{A4766C69-E64B-47D4-984C-BE9E91FDDBF3}\_93C62315C0D5B38E0A1810.exe [2012-1-12 3262] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 BazisPortableCDBus;Portable WinCDEmu driver;c:\windows\system32\drivers\BazisPortableCDBus.sys [2011-09-01 268896] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 344616] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-17 1431888] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-10 172632] R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240] R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2010-06-21 30800] R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2010-06-21 11856] R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2010-06-21 26704] R3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2009-12-15 18504] R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2009-07-17 11864] R3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2010-06-15 11952] R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2010-06-15 11920] R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2010-02-25 11848] R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2010-02-06 11856] R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2010-06-15 11920] R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2010-06-15 11920] R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2010-02-02 11864] R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2010-02-02 12416] R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2010-02-02 12392] R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-02-05 11872] R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-06-02 12992] R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-06-02 12992] R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 22680] R3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2010-06-15 11912] R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2009-07-14 11888] R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-02-10 11864] R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-02-05 11856] R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2009-07-14 11888] R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2010-06-15 11920] R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-05 11824] R3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2010-05-03 11912] R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-08-31 11872] R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2009-09-01 11848] R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2010-02-06 11872] R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2010-06-15 11944] R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-06-23 11944] R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2010-06-15 11920] R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2010-06-15 11920] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-22 131688] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-29 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-06-22 63648] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984] S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2010-06-21 82568] S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2010-06-21 54424] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-08-26 24680] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696] S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-06-22 47776] S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696] S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-06-23 131776] S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-06-23 193712] S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-06-14 11928] S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-06-23 11944] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-25 1620584] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-25 235624] S2 T3Srv;FLIR Systems Camera Monitor;c:\program files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Srv.exe [2011-03-22 786744] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-05-26 826896] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-06-30 2533400] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-19 27760] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-16 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-20 287232] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216] S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944] S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-08-24 11872] S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2010-02-02 12384] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-12 29288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [2008-07-04 252928] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 02:26] . 2012-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-07-24 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-11-09 6539880] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-25 283240] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-02 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-02 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-02 415256] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "FS Camera Monitor"="c:\program files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Mon.exe" [2011-03-22 336184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 128.143.2.7 128.143.3.7 128.143.22.119 FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\4v6ldt4u.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 2 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-24 16:43:59 ComboFix-quarantined-files.txt 2012-07-24 20:43 ComboFix2.txt 2012-07-24 18:41 . Pre-Run: 513,345,781,760 bytes free Post-Run: 513,034,088,448 bytes free . - - End Of File - - BB185A8D6EE11F2DCDA32AF588CF9D3F -
Am I cleared of the ZeroAccess infection?
forensicg33k replied to forensicg33k's topic in Resolved Malware Removal Logs
Sorry for the delay. I'm at work and this is the first chance I've had. fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01 Ran by SYSTEM at 2012-07-24 12:54:33 Run:1 Running from F:\ ============================================== C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450} moved successfully. C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450} moved successfully. ==== End of Fixlog ==== -
Am I cleared of the ZeroAccess infection?
forensicg33k replied to forensicg33k's topic in Resolved Malware Removal Logs
I would like to continue cleaning this PC. Thanks. FRST.txt Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01 Ran by SYSTEM at 23-07-2012 23:13:07 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-14] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6539880 2010-11-09] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2181224 2010-11-03] (Realtek Semiconductor) HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [283240 2010-08-25] (NVIDIA Corporation) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-09-02] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-09-02] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-09-02] (Intel Corporation) HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation) HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] () HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation) HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] () HKLM\...\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent [x] HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x] HKLM\...\Run: [FS Camera Monitor] C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Mon.exe [336184 2011-03-22] (FLIR) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd) HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-04] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [522736 2010-11-01] () HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [826896 2011-05-26] (GlavSoft LLC.) HKLM-x32\...\Run: [NI Background Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe [77824 2010-05-27] (National Instruments) HKLM-x32\...\Run: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [109712 2010-04-20] (National Instruments Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446248 2011-12-15] (Garmin) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [boingo Wi-Finder] "C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk" [2429 2012-05-16] () HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard) HKU\Jenny\...\Run: [googletalk] C:\Users\Jenny\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google) HKU\Jenny\...\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033 [846520 2010-06-21] () HKU\Jenny\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-08] (Dell) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2 AppInit_DLLs: C:\Windows\system32\nvinitx.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\UVA ITC Network Setup Tool Cert Checker.lnk ShortcutTarget: UVA ITC Network Setup Tool Cert Checker.lnk -> C:\Windows\Installer\{A4766C69-E64B-47D4-984C-BE9E91FDDBF3}\_93C62315C0D5B38E0A1810.exe () ==================== Services (Whitelisted) ====== 2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-03-05] (National Instruments, Inc.) 2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [45168 2010-06-16] (National Instruments Corporation) 2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [55416 2010-06-16] (National Instruments Corporation) 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 mxssvr; "C:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [12696 2010-06-18] (National Instruments Corporation) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () 2 ni488enumsvc; C:\Windows\SysWOW64\nipalsm.exe [12696 2010-03-24] (National Instruments Corporation) 2 NIApplicationWebServer; "C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [47776 2010-06-22] (National Instruments Corporation) 4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [63648 2010-06-22] (National Instruments Corporation) 2 nidevldu; C:\Windows\SysWOW64\nipalsm.exe [12696 2010-03-24] (National Instruments Corporation) 2 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [360568 2010-06-16] (National Instruments Corporation) 4 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2010-05-17] (Macrovision Corporation) 2 niLXIDiscovery; "C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe" [131776 2010-06-23] (National Instruments Corporation) 2 nimDNSResponder; "C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe" [193712 2010-06-23] (National Instruments Corporation) 2 nipxirmu; C:\Windows\SysWOW64\nipxism.exe [18584 2010-06-14] (National Instruments Corporation) 2 niSvcLoc; "C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system [47768 2010-06-22] (National Instruments Corporation) 2 NITaggerService; "C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [752304 2010-06-17] (National Instruments Corporation) 3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [98304 2009-06-03] (OPC Foundation) 2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-09-04] (Sonic Solutions) 3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-08-26] (MicroVision Development, Inc.) 2 T3Srv; "C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Srv.exe" [786744 2011-03-22] (FLIR) 2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [826896 2011-05-26] (GlavSoft LLC.) 2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-06-30] (Intel Corporation) ========================== Drivers (Whitelisted) ============= 3 BazisPortableCDBus; C:\Windows\System32\Drivers\BazisPortableCDBus.sys [268896 2011-09-01] (SysProgs.org) 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.) 3 lvalarmk; C:\Windows\System32\Drivers\lvalarmk.sys [25224 2008-12-05] (National Instruments Corporation) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.) 3 ni1006k; C:\Windows\System32\Drivers\ni1006k.sys [30800 2010-06-21] (National Instruments Corporation) 3 ni1045k; \??\C:\Windows\system32\drivers\ni1045kl.sys [11856 2010-06-21] (National Instruments Corporation) 3 ni1065k; C:\Windows\System32\Drivers\ni1065k.sys [26704 2010-06-21] (National Instruments Corporation) 3 ni488lock; C:\Windows\System32\Drivers\ni488lock.sys [18504 2009-12-15] (National Instruments Corporation) 3 nicdrk; \??\C:\Windows\system32\drivers\nicdrkl.sys [11864 2009-07-17] (National Instruments Corporation) 3 nicmrk; \??\C:\Windows\system32\drivers\nicmrkl.sys [11952 2010-06-15] (National Instruments Corporation) 3 nicsrk; \??\C:\Windows\system32\drivers\nicsrkl.sys [11920 2010-06-15] (National Instruments Corporation) 3 nidimk; \??\C:\Windows\system32\drivers\nidimkl.sys [11944 2010-06-11] (National Instruments Corporation) 3 nidmxfk; \??\C:\Windows\system32\drivers\nidmxfkl.sys [11848 2010-02-25] (National Instruments Corporation) 3 nidsark; \??\C:\Windows\system32\drivers\nidsarkl.sys [11856 2010-02-06] (National Instruments Corporation) 3 niemrk; \??\C:\Windows\system32\drivers\niemrkl.sys [11920 2010-06-15] (National Instruments Corporation) 3 niesrk; \??\C:\Windows\system32\drivers\niesrkl.sys [11920 2010-06-15] (National Instruments Corporation) 3 nifslk; \??\C:\Windows\system32\drivers\nifslkl.sys [11864 2010-02-02] (National Instruments Corporation) 3 nimdbgk; \??\C:\Windows\system32\drivers\nimdbgkl.sys [11936 2010-06-11] (National Instruments Corporation) 3 nimru2k; \??\C:\Windows\system32\drivers\nimru2kl.sys [11872 2009-08-24] (National Instruments Corporation) 3 nimsdrk; \??\C:\Windows\system32\drivers\nimsdrkl.sys [12416 2010-02-02] (National Instruments Corporation) 3 nimstsk; \??\C:\Windows\system32\drivers\nimstskl.sys [12384 2010-02-01] (National Instruments Corporation) 3 nimxdfk; \??\C:\Windows\system32\drivers\nimxdfkl.sys [11928 2010-06-18] (National Instruments Corporation) 3 nimxpk; \??\C:\Windows\system32\drivers\nimxpkl.sys [12392 2010-02-01] (National Instruments Corporation) 3 ninshsdk; \??\C:\Windows\system32\drivers\ninshsdkl.sys [11872 2010-02-05] (National Instruments Corporation) 3 niorbk; \??\C:\Windows\system32\drivers\niorbkl.sys [11856 2009-06-14] (National Instruments Corporation) 3 nipalfwedl; C:\Windows\System32\Drivers\nipalfwedl.sys [12992 2010-06-02] (National Instruments Corporation) 0 NIPALK; C:\Windows\System32\Drivers\NIPALK.sys [892056 2010-06-02] (National Instruments Corporation) 3 nipalusbedl; C:\Windows\System32\Drivers\nipalusbedl.sys [12992 2010-06-02] (National Instruments Corporation) 0 nipbcfk; C:\Windows\System32\Drivers\nipbcfk.sys [16984 2010-03-24] (National Instruments Corporation) 0 nipxibaf; C:\Windows\System32\Drivers\nipxibaf.sys [82568 2010-06-21] (National Instruments Corporation) 0 nipxibrc; C:\Windows\System32\Drivers\nipxibrc.sys [54424 2010-06-21] (National Instruments Corporation) 3 nipxigpk; C:\Windows\System32\Drivers\nipxigpk.sys [22680 2010-06-14] (National Instruments Corporation) 2 nipxirmk; \??\C:\Windows\system32\drivers\nipxirmkl.sys [11928 2010-06-14] (National Instruments Corporation) 3 niraptrk; \??\C:\Windows\system32\drivers\niraptrkl.sys [11912 2010-06-15] (National Instruments Corporation) 3 niscdk; \??\C:\Windows\system32\drivers\niscdkl.sys [11888 2009-07-14] (National Instruments Corporation) 3 nisdigk; \??\C:\Windows\system32\drivers\nisdigkl.sys [11864 2010-02-10] (National Instruments Corporation) 3 nisftk; \??\C:\Windows\system32\drivers\nisftkl.sys [11856 2010-02-05] (National Instruments Corporation) 3 nispdk; \??\C:\Windows\system32\drivers\nispdkl.sys [11888 2009-07-14] (National Instruments Corporation) 3 nissrk; \??\C:\Windows\system32\drivers\nissrkl.sys [11920 2010-06-15] (National Instruments Corporation) 3 nistc2k; \??\C:\Windows\system32\drivers\nistc2kl.sys [11824 2009-01-05] (National Instruments Corporation) 3 nistc3rk; \??\C:\Windows\system32\drivers\nistc3rkl.sys [11912 2010-05-02] (National Instruments Corporation) 3 nistcrk; \??\C:\Windows\system32\drivers\nistcrkl.sys [11872 2009-08-31] (National Instruments Corporation) 3 niswdk; \??\C:\Windows\system32\drivers\niswdkl.sys [11848 2009-09-01] (National Instruments Corporation) 3 nitiork; \??\C:\Windows\system32\drivers\nitiorkl.sys [11872 2010-02-06] (National Instruments Corporation) 3 niufurk; \??\C:\Windows\system32\drivers\niufurkl.sys [11944 2010-06-15] (National Instruments Corporation) 3 NiViPciK; C:\Windows\System32\Drivers\NiViPciK.sys [91816 2010-06-23] (National Instruments Corporation) 2 NiViPxiK; C:\Windows\System32\Drivers\NiViPxiK.sys [44712 2010-06-23] (National Instruments Corporation) 3 niwfrk; \??\C:\Windows\system32\drivers\niwfrkl.sys [11920 2010-06-15] (National Instruments Corporation) 3 nixsrk; \??\C:\Windows\system32\drivers\nixsrkl.sys [11920 2010-06-15] (National Instruments Corporation) 2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] () 3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo) 3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] 3 mfeavfk01; [x] 3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-23 20:55 - 2012-07-23 20:55 - 01552384 ____A C:\Users\Jenny\Desktop\RogueKiller.exe 2012-07-23 20:55 - 2012-07-23 20:55 - 00002026 ____A C:\Users\Jenny\Desktop\RKreport[1].txt 2012-07-23 20:55 - 2012-07-23 20:55 - 00000000 ____D C:\Users\Jenny\Desktop\RK_Quarantine 2012-07-23 19:56 - 2012-07-23 19:56 - 00043309 ____A C:\Users\Jenny\Desktop\DDS.txt 2012-07-23 19:56 - 2012-07-23 19:56 - 00022720 ____A C:\Users\Jenny\Desktop\Attach.txt 2012-07-23 19:43 - 2012-07-23 19:43 - 00607260 ____R (Swearware) C:\Users\Jenny\Desktop\dds.com 2012-07-23 19:42 - 2012-07-23 19:42 - 00607260 ____A (Swearware) C:\Users\Jenny\My Documents\dds.scr 2012-07-23 19:42 - 2012-07-23 19:42 - 00607260 ____A (Swearware) C:\Users\Jenny\Documents\dds.scr 2012-07-23 19:19 - 2012-07-23 19:25 - 00077716 ____A C:\Users\Jenny\My Documents\yorkyt.exe.log 2012-07-23 19:19 - 2012-07-23 19:25 - 00077716 ____A C:\Users\Jenny\Documents\yorkyt.exe.log 2012-07-23 19:17 - 2012-07-23 19:17 - 01415784 ____A C:\Users\Jenny\My Documents\yorkyt.exe 2012-07-23 19:17 - 2012-07-23 19:17 - 01415784 ____A C:\Users\Jenny\Documents\yorkyt.exe 2012-07-23 18:58 - 2012-07-23 18:59 - 00000000 ____D C:\Users\Jenny\Local Settings\Deployment 2012-07-23 18:58 - 2012-07-23 18:59 - 00000000 ____D C:\Users\Jenny\AppData\Local\Deployment 2012-07-23 18:58 - 2012-07-23 18:58 - 00000000 ____D C:\Users\Jenny\AppData\Local\Apps\2.0 2012-07-23 17:46 - 2012-07-23 17:46 - 00000000 ____D C:\Users\Jenny\Local Settings\Broadcom 2012-07-23 17:46 - 2012-07-23 17:46 - 00000000 ____D C:\Users\Jenny\AppData\Local\Broadcom 2012-07-23 17:07 - 2012-07-23 17:07 - 00000000 ____D C:\Users\Jenny\Application Data\GetRightToGo 2012-07-23 17:07 - 2012-07-23 17:07 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\GetRightToGo 2012-07-23 17:01 - 2012-01-12 08:28 - 00057976 ___RA (GFI Software) C:\Windows\System32\Drivers\SBREDrv.sys 2012-07-23 16:58 - 2012-07-23 16:58 - 00000039 ___RH C:\Users\Jenny\Desktop\stinger.opt 2012-07-23 16:54 - 2012-07-23 16:58 - 00000000 ____D C:\Program Files (x86)\stinger 2012-07-23 15:51 - 2012-07-23 17:54 - 00000000 ____D C:\sh4ldr 2012-07-23 15:51 - 2012-07-23 15:51 - 00000000 ____D C:\Program Files\Enigma Software Group 2012-07-23 15:49 - 2012-07-23 17:54 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-07-23 15:41 - 2012-07-23 15:41 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Jenny\My Documents\SpyHunter-Installer.exe 2012-07-23 15:41 - 2012-07-23 15:41 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Jenny\Documents\SpyHunter-Installer.exe 2012-07-23 15:23 - 2012-07-23 19:04 - 00739824 ____A (Google Inc.) C:\Users\Jenny\My Documents\ChromeSetup.exe 2012-07-23 15:23 - 2012-07-23 19:04 - 00739824 ____A (Google Inc.) C:\Users\Jenny\Documents\ChromeSetup.exe 2012-07-23 14:04 - 2012-07-23 14:04 - 00000000 ____D C:\Users\Jenny\Local Settings\Apple Computer 2012-07-23 14:04 - 2012-07-23 14:04 - 00000000 ____D C:\Users\Jenny\Local Settings\Apple 2012-07-23 14:04 - 2012-07-23 14:04 - 00000000 ____D C:\Users\Jenny\AppData\Local\Apple Computer 2012-07-23 14:04 - 2012-07-23 14:04 - 00000000 ____D C:\Users\Jenny\AppData\Local\Apple 2012-07-23 14:01 - 2012-07-23 14:01 - 00163528 ____A C:\Users\Jenny\Local Settings\GDIPFONTCACHEV1.DAT 2012-07-23 14:01 - 2012-07-23 14:01 - 00163528 ____A C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-23 13:16 - 2012-07-23 13:16 - 00000000 ____D C:\Users\Jenny\Local Settings\Macromedia 2012-07-23 13:16 - 2012-07-23 13:16 - 00000000 ____D C:\Users\Jenny\AppData\Local\Macromedia 2012-07-23 13:13 - 2012-07-23 19:06 - 00000000 ____D C:\Users\Jenny\Local Settings\Google 2012-07-23 13:13 - 2012-07-23 19:06 - 00000000 ____D C:\Users\Jenny\AppData\Local\Google 2012-07-23 09:09 - 2012-07-23 13:15 - 00000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer 2012-07-23 08:49 - 2012-07-23 08:49 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-23 08:49 - 2012-07-23 08:49 - 00000000 ____D C:\Program Files (x86)\PC Tools 2012-07-23 08:46 - 2012-07-23 13:09 - 00000000 ____D C:\Users\All Users\PC Tools 2012-07-23 08:46 - 2012-07-23 13:09 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools 2012-07-23 08:46 - 2012-07-23 08:46 - 00000000 ____D C:\Users\Jenny\Application Data\TestApp 2012-07-23 08:46 - 2012-07-23 08:46 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\TestApp 2012-07-23 08:46 - 2012-05-11 10:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys 2012-07-23 08:13 - 2012-07-23 08:13 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-07-22 15:21 - 2012-07-23 17:44 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-07-21 19:51 - 2012-07-21 20:18 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-07-21 19:51 - 2012-07-21 20:18 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy 2012-07-21 19:51 - 2012-07-21 20:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-07-19 10:52 - 2012-07-19 10:52 - 00001072 ____A C:\Users\UpdatusUser\Desktop\Ad-aware 6.0.lnk 2012-07-19 10:52 - 2012-07-19 10:52 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2012-07-19 10:50 - 2012-07-19 10:51 - 01760378 ____A C:\Users\Jenny\My Documents\aaw61.exe 2012-07-19 10:50 - 2012-07-19 10:51 - 01760378 ____A C:\Users\Jenny\Documents\aaw61.exe 2012-07-19 10:47 - 2012-07-19 10:47 - 00000000 ____D C:\Users\Jenny\Application Data\Ad-Aware Antivirus 2012-07-19 10:47 - 2012-07-19 10:47 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Ad-Aware Antivirus 2012-07-19 10:46 - 2012-07-19 10:47 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\My Documents\Adaware_Installer.exe 2012-07-19 10:46 - 2012-07-19 10:47 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\Documents\Adaware_Installer.exe 2012-07-19 10:21 - 2012-07-19 10:21 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\Downloads\download.asp 2012-07-17 17:20 - 2012-07-17 17:21 - 00000000 ____D C:\Users\Jenny\Desktop\Micromixers 2012-07-15 18:22 - 2012-07-15 18:23 - 00000000 ____D C:\Users\Jenny\Application Data\HP 2012-07-15 18:22 - 2012-07-15 18:23 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\HP 2012-07-15 18:22 - 2012-07-15 18:22 - 00000000 ____D C:\Users\All Users\WEBREG 2012-07-15 18:22 - 2012-07-15 18:22 - 00000000 ____D C:\Users\All Users\Application Data\WEBREG 2012-07-15 18:12 - 2012-07-22 18:28 - 00000000 ____D C:\Users\Jenny\Application Data\HpUpdate 2012-07-15 18:12 - 2012-07-22 18:28 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\HpUpdate 2012-07-15 18:12 - 2012-07-15 18:13 - 00000000 ____D C:\Program Files (x86)\Coupons 2012-07-15 18:12 - 2012-07-15 18:12 - 00000000 ____D C:\Users\All Users\HP Photo Creations 2012-07-15 18:12 - 2012-07-15 18:12 - 00000000 ____D C:\Users\All Users\Application Data\HP Photo Creations 2012-07-15 18:12 - 2012-07-15 18:12 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2012-07-15 18:11 - 2012-07-15 18:11 - 00000000 ____D C:\Users\All Users\HP Product Assistant 2012-07-15 18:11 - 2012-07-15 18:11 - 00000000 ____D C:\Users\All Users\Application Data\HP Product Assistant 2012-07-15 18:07 - 2009-04-16 11:47 - 00136704 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l70w.dll 2012-07-15 18:07 - 2009-04-15 15:53 - 00642360 ____A (Hewlett-Packard) C:\Windows\System32\hpzids40.dll 2012-07-15 18:07 - 2009-03-31 10:21 - 00881664 ____A (Hewlett-Packard) C:\Windows\System32\hposwia_d02d.dll 2012-07-15 18:07 - 2009-03-31 10:21 - 00749056 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpost_d02d.dll 2012-07-15 18:07 - 2009-03-31 10:21 - 00516096 ____A (Hewlett-Packard Co.) C:\Windows\System32\hposc_d02a.dll 2012-07-15 18:07 - 2008-10-28 04:27 - 00551424 ____A (Hewlett-Packard) C:\Windows\System32\hppldcoi.dll 2012-07-15 18:05 - 2012-07-15 18:12 - 00000000 ____D C:\Program Files (x86)\HP 2012-07-15 18:04 - 2012-07-15 18:04 - 00000000 ____D C:\Program Files\HP 2012-07-15 18:03 - 2012-07-15 18:21 - 00206007 ____A C:\Windows\hpoins46.dat 2012-07-15 18:03 - 2012-07-15 18:21 - 00001188 ____A C:\Users\All Users\hpzinstall.log 2012-07-15 18:03 - 2012-07-15 18:21 - 00001188 ____A C:\Users\All Users\Application Data\hpzinstall.log 2012-07-15 18:03 - 2012-07-15 18:21 - 00000000 ____D C:\Users\All Users\HP 2012-07-15 18:03 - 2012-07-15 18:21 - 00000000 ____D C:\Users\All Users\Application Data\HP 2012-07-12 18:13 - 2012-07-12 18:13 - 00000000 ___RD C:\Users\Jenny\Application Data\Brother 2012-07-12 18:13 - 2012-07-12 18:13 - 00000000 ___RD C:\Users\Jenny\AppData\Roaming\Brother 2012-07-11 22:01 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 21:56 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 21:56 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 21:56 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 21:56 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 21:56 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 21:56 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 21:56 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 21:56 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 21:56 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 21:56 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 21:56 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 21:56 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 21:56 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 21:56 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 21:56 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-11 21:56 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-11 21:56 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-11 21:56 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-11 21:56 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-11 21:56 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-11 21:56 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-11 21:56 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-11 21:56 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-11 21:56 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-11 21:56 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-11 21:56 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-11 21:56 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-11 21:56 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 08:45 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 08:45 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 08:45 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 08:45 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 08:45 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 08:45 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 08:45 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 08:45 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 08:45 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 08:45 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 08:45 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 08:45 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 08:45 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 08:45 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 08:45 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 08:45 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 08:45 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 08:45 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 08:45 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-10 17:11 - 2012-07-19 10:08 - 00000334 ____A C:\Windows\BRCALIB.INI 2012-07-10 17:06 - 2012-07-10 17:11 - 00000000 ____D C:\Users\All Users\Brother 2012-07-10 17:06 - 2012-07-10 17:11 - 00000000 ____D C:\Users\All Users\Application Data\Brother ============ 3 Months Modified Files ======================== 2012-07-23 20:55 - 2012-07-23 20:55 - 01552384 ____A C:\Users\Jenny\Desktop\RogueKiller.exe 2012-07-23 20:55 - 2012-07-23 20:55 - 00002026 ____A C:\Users\Jenny\Desktop\RKreport[1].txt 2012-07-23 20:26 - 2012-03-29 07:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-23 20:22 - 2009-07-14 00:13 - 00779092 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-23 19:56 - 2012-07-23 19:56 - 00043309 ____A C:\Users\Jenny\Desktop\DDS.txt 2012-07-23 19:56 - 2012-07-23 19:56 - 00022720 ____A C:\Users\Jenny\Desktop\Attach.txt 2012-07-23 19:43 - 2012-07-23 19:43 - 00607260 ____R (Swearware) C:\Users\Jenny\Desktop\dds.com 2012-07-23 19:42 - 2012-07-23 19:42 - 00607260 ____A (Swearware) C:\Users\Jenny\My Documents\dds.scr 2012-07-23 19:42 - 2012-07-23 19:42 - 00607260 ____A (Swearware) C:\Users\Jenny\Documents\dds.scr 2012-07-23 19:30 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-23 19:30 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-23 19:25 - 2012-07-23 19:19 - 00077716 ____A C:\Users\Jenny\My Documents\yorkyt.exe.log 2012-07-23 19:25 - 2012-07-23 19:19 - 00077716 ____A C:\Users\Jenny\Documents\yorkyt.exe.log 2012-07-23 19:23 - 2011-01-22 07:57 - 00055374 ____A C:\Windows\PFRO.log 2012-07-23 19:23 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-23 19:23 - 2009-07-13 23:51 - 00081935 ____A C:\Windows\setupact.log 2012-07-23 19:17 - 2012-07-23 19:17 - 01415784 ____A C:\Users\Jenny\My Documents\yorkyt.exe 2012-07-23 19:17 - 2012-07-23 19:17 - 01415784 ____A C:\Users\Jenny\Documents\yorkyt.exe 2012-07-23 19:04 - 2012-07-23 15:23 - 00739824 ____A (Google Inc.) C:\Users\Jenny\My Documents\ChromeSetup.exe 2012-07-23 19:04 - 2012-07-23 15:23 - 00739824 ____A (Google Inc.) C:\Users\Jenny\Documents\ChromeSetup.exe 2012-07-23 17:45 - 2012-04-18 09:21 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job 2012-07-23 17:44 - 2012-07-22 15:21 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-07-23 16:58 - 2012-07-23 16:58 - 00000039 ___RH C:\Users\Jenny\Desktop\stinger.opt 2012-07-23 15:41 - 2012-07-23 15:41 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Jenny\My Documents\SpyHunter-Installer.exe 2012-07-23 15:41 - 2012-07-23 15:41 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Jenny\Documents\SpyHunter-Installer.exe 2012-07-23 14:01 - 2012-07-23 14:01 - 00163528 ____A C:\Users\Jenny\Local Settings\GDIPFONTCACHEV1.DAT 2012-07-23 14:01 - 2012-07-23 14:01 - 00163528 ____A C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-23 08:19 - 2009-07-14 00:10 - 01867864 ____A C:\Windows\WindowsUpdate.log 2012-07-19 10:52 - 2012-07-19 10:52 - 00001072 ____A C:\Users\UpdatusUser\Desktop\Ad-aware 6.0.lnk 2012-07-19 10:51 - 2012-07-19 10:50 - 01760378 ____A C:\Users\Jenny\My Documents\aaw61.exe 2012-07-19 10:51 - 2012-07-19 10:50 - 01760378 ____A C:\Users\Jenny\Documents\aaw61.exe 2012-07-19 10:47 - 2012-07-19 10:46 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\My Documents\Adaware_Installer.exe 2012-07-19 10:47 - 2012-07-19 10:46 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\Documents\Adaware_Installer.exe 2012-07-19 10:21 - 2012-07-19 10:21 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\Downloads\download.asp 2012-07-19 10:08 - 2012-07-10 17:11 - 00000334 ____A C:\Windows\BRCALIB.INI 2012-07-16 07:59 - 2009-07-13 23:45 - 00556272 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-15 18:21 - 2012-07-15 18:03 - 00206007 ____A C:\Windows\hpoins46.dat 2012-07-15 18:21 - 2012-07-15 18:03 - 00001188 ____A C:\Users\All Users\hpzinstall.log 2012-07-15 18:21 - 2012-07-15 18:03 - 00001188 ____A C:\Users\All Users\Application Data\hpzinstall.log 2012-07-15 18:21 - 2009-07-13 21:34 - 00000545 ____A C:\Windows\win.ini 2012-07-11 21:57 - 2011-01-28 23:44 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 21:26 - 2012-03-29 07:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-11 21:26 - 2011-05-15 06:10 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-11 08:35 - 2012-04-18 09:21 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2012-07-03 12:46 - 2012-05-28 17:28 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-17 17:32 - 2012-06-17 17:32 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-06-17 17:32 - 2012-06-17 17:32 - 00002515 ____A C:\Users\All Users\Desktop\Skype.lnk 2012-06-11 22:08 - 2012-07-11 22:01 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-09 00:43 - 2012-07-11 08:45 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 23:41 - 2012-07-11 08:45 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-06 01:06 - 2012-07-11 08:45 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-06 01:06 - 2012-07-11 08:45 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-06 01:02 - 2012-07-11 08:45 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-06 00:05 - 2012-07-11 08:45 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-06 00:05 - 2012-07-11 08:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-06 00:03 - 2012-07-11 08:45 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-05 17:33 - 2012-06-05 17:30 - 76225536 ____A (The GIMP Team ) C:\Users\Jenny\My Documents\gimp-2.8.0-setup.exe 2012-06-05 17:33 - 2012-06-05 17:30 - 76225536 ____A (The GIMP Team ) C:\Users\Jenny\Documents\gimp-2.8.0-setup.exe 2012-06-04 12:16 - 2012-06-04 12:11 - 926761328 ____A (Wolfram Research, Inc. ) C:\Users\Jenny\My Documents\UVa-Mathematica800-Win.exe 2012-06-04 12:16 - 2012-06-04 12:11 - 926761328 ____A (Wolfram Research, Inc. ) C:\Users\Jenny\Documents\UVa-Mathematica800-Win.exe 2012-06-02 17:19 - 2012-06-19 08:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 17:19 - 2012-06-19 08:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 17:19 - 2012-06-19 08:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 17:19 - 2012-06-19 08:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 17:19 - 2012-06-19 08:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 17:15 - 2012-06-19 08:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 17:15 - 2012-06-19 08:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:19 - 2012-06-19 08:17 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:15 - 2012-06-19 08:17 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 07:49 - 2012-07-11 21:56 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 07:17 - 2012-07-11 21:56 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 07:12 - 2012-07-11 21:56 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 07:05 - 2012-07-11 21:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 07:05 - 2012-07-11 21:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 07:04 - 2012-07-11 21:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 07:04 - 2012-07-11 21:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 07:03 - 2012-07-11 21:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 07:01 - 2012-07-11 21:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 07:00 - 2012-07-11 21:56 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 06:59 - 2012-07-11 21:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 06:57 - 2012-07-11 21:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 06:57 - 2012-07-11 21:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 06:54 - 2012-07-11 21:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 04:07 - 2012-07-11 21:56 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 03:43 - 2012-07-11 21:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 03:33 - 2012-07-11 21:56 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 03:26 - 2012-07-11 21:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 03:25 - 2012-07-11 21:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 03:25 - 2012-07-11 21:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 03:23 - 2012-07-11 21:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 03:21 - 2012-07-11 21:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 03:20 - 2012-07-11 21:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 03:19 - 2012-07-11 21:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 03:19 - 2012-07-11 21:56 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 03:17 - 2012-07-11 21:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 03:16 - 2012-07-11 21:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 03:14 - 2012-07-11 21:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-02 00:50 - 2012-07-11 08:45 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-02 00:48 - 2012-07-11 08:45 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-02 00:48 - 2012-07-11 08:45 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 00:45 - 2012-07-11 08:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-02 00:44 - 2012-07-11 08:45 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 23:40 - 2012-07-11 08:45 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 23:40 - 2012-07-11 08:45 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 23:39 - 2012-07-11 08:45 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 23:34 - 2012-07-11 08:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-28 17:27 - 2012-05-28 17:27 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Jenny\Downloads\mbam-setup-1.61.0.1400.exe 2012-05-18 08:03 - 2012-05-18 08:03 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-05-18 08:03 - 2012-05-18 08:03 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-05-16 13:41 - 2012-05-16 13:41 - 01394056 ____A (Boingo Wireless) C:\Users\Jenny\Downloads\GoBoingo_awBpAHQAdABrAGEAdABqAGwA_YwBoAGUAbQBnAGsAMAA=_GoBoingo.exe 2012-05-11 10:14 - 2012-07-23 08:46 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys 2012-05-07 13:21 - 2012-02-18 11:04 - 00011343 ____A C:\Users\Jenny\My Documents\soccer_roster_spring2012.xlsx 2012-05-07 13:21 - 2012-02-18 11:04 - 00011343 ____A C:\Users\Jenny\Documents\soccer_roster_spring2012.xlsx 2012-05-04 06:06 - 2012-06-13 08:48 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 05:03 - 2012-06-13 08:48 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 05:03 - 2012-06-13 08:48 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-01 00:40 - 2012-06-13 08:48 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-27 22:55 - 2012-06-13 08:48 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-26 00:41 - 2012-06-13 08:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-26 00:41 - 2012-06-13 08:48 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-26 00:34 - 2012-06-13 08:48 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe ZeroAccess: C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450} C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\@ C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L\00000004.@ C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L\201d3dde C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U\80000000.@ C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U\80000064.@ ZeroAccess: C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450} C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\@ C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 5876.3 MB Available physical RAM: 5145.15 MB Total Pagefile: 5874.45 MB Available Pagefile: 5127.23 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:480.35 GB) NTFS 3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.33 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive f: (USB MEMORY) (Removable) (Total:0.48 GB) (Free:0.2 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 489 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 39 MB Partition 3 Primary 581 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 E RECOVERY NTFS Partition 14 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 581 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 489 MB 0 B ================================================================================== Disk: 1 There is no partition selected. There is no partition selected. Please select a partition and try again. ================================================================================== ========================================================== Last Boot: 2012-07-18 09:06 ======================= End Of Log ========================== search.txt Farbar Recovery Scan Tool Version: 20-07-2012 01 Ran by SYSTEM at 2012-07-23 23:16:22 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ====== -
Am I cleared of the ZeroAccess infection?
forensicg33k replied to forensicg33k's topic in Resolved Malware Removal Logs
Sorry about uTorrent. I haven't used it in so long I forgot it was there. It has been uninstalled. Here is the report from Rogue Killer: RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Jenny [Admin rights] Mode: Scan -- Date: 07/23/2012 21:55:44 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\jenny\appdata\local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\jenny\appdata\local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\jenny\appdata\local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6461GSY +++++ --- User --- [MBR] 223f6300047a2b384b618d4df24997a0 [bSP] 9e7c0f6e4e3706dae0ca782c9fd118b2 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 595440 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Thanks for your help. -
Hello - I recently aquired the ZeroAccess virus on my computer. I ran MBAM in safe mode which found 3 trojan files and removed them, but I want to make sure I am cleared of any residual infection. I also ran the Symantec FixZeroAccess tool and the Mcafee Rootkit Tool, which found no infected files. I have attached the two DDS files as requested. Thanks in advance! Attach.txt DDS.txt