Jump to content

forensicg33k

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. No worries. Many, many thanks. Have a good rest of your day.
  2. You are awesome. Thank you so much!

  3. You've definitely been a huge help. Thank you so, so much. I was thinking I was going to have to reinstall windows. Is there anyway to tell from the logs how long I was infected for? The computer only began to have symptoms on Friday (7/20). If not, no worries. Thanks again.
  4. The computer seems to be running great. No notifications from Mcafee, no redirects, etc. MBAM log Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.24.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jenny :: JENNYLAPTOP [administrator] 7/24/2012 4:54:32 PM mbam-log-2012-07-24 (16-54-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218969 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. I appreciate all your help with this. ComboFix Log File ComboFix 12-07-25.04 - Jenny 07/24/2012 16:33:24.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5876.4062 [GMT -4:00] Running from: c:\users\Jenny\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 ))))))))))))))))))))))))))))))) . . 2012-07-24 20:41 . 2012-07-24 20:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-24 20:41 . 2012-07-24 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-24 04:13 . 2012-07-24 04:13 -------- d-----w- C:\FRST 2012-07-23 23:58 . 2012-07-23 23:58 -------- d-----w- c:\users\Jenny\AppData\Local\Apps 2012-07-23 23:58 . 2012-07-23 23:59 -------- d-----w- c:\users\Jenny\AppData\Local\Deployment 2012-07-23 22:46 . 2012-07-23 22:46 -------- d-----w- c:\users\Jenny\AppData\Local\Broadcom 2012-07-23 22:07 . 2012-07-23 22:07 -------- d-----w- c:\users\Jenny\AppData\Roaming\GetRightToGo 2012-07-23 22:01 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-07-23 21:54 . 2012-07-23 21:58 -------- d-----w- c:\program files (x86)\stinger 2012-07-23 20:51 . 2012-07-23 22:54 -------- d-----w- C:\sh4ldr 2012-07-23 20:51 . 2012-07-23 20:51 -------- d-----w- c:\program files\Enigma Software Group 2012-07-23 20:49 . 2012-07-23 22:54 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-07-23 19:04 . 2012-07-23 19:04 -------- d-----w- c:\users\Jenny\AppData\Local\Apple 2012-07-23 19:04 . 2012-07-23 19:04 -------- d-----w- c:\users\Jenny\AppData\Local\Apple Computer 2012-07-23 18:16 . 2012-07-23 18:16 -------- d-----w- c:\users\Jenny\AppData\Local\Macromedia 2012-07-23 18:13 . 2012-07-24 00:06 -------- d-----w- c:\users\Jenny\AppData\Local\Google 2012-07-23 14:09 . 2012-07-23 18:15 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer 2012-07-23 13:49 . 2012-07-23 13:49 -------- d-----w- c:\program files (x86)\PC Tools 2012-07-23 13:49 . 2012-07-23 13:49 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-23 13:46 . 2012-07-23 18:10 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-07-23 13:46 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-07-23 13:46 . 2012-07-23 18:09 -------- d-----w- c:\programdata\PC Tools 2012-07-23 13:46 . 2012-07-23 13:46 -------- d-----w- c:\users\Jenny\AppData\Roaming\TestApp 2012-07-23 13:13 . 2012-07-23 13:13 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-22 20:21 . 2012-07-23 22:44 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2012-07-22 00:51 . 2012-07-22 01:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-07-22 00:51 . 2012-07-22 01:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-19 15:52 . 2012-07-19 15:52 -------- d-----w- c:\program files (x86)\Lavasoft 2012-07-19 15:47 . 2012-07-19 15:47 -------- d-----w- c:\users\Jenny\AppData\Roaming\Ad-Aware Antivirus 2012-07-15 23:22 . 2012-07-15 23:23 -------- d-----w- c:\users\Jenny\AppData\Roaming\HP 2012-07-15 23:22 . 2012-07-15 23:22 -------- d-----w- c:\programdata\WEBREG 2012-07-15 23:16 . 2009-04-16 16:47 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70w.dll 2012-07-15 23:12 . 2012-07-15 23:13 -------- d-----w- c:\program files (x86)\Coupons 2012-07-15 23:04 . 2012-07-15 23:04 -------- d-----w- c:\program files\HP 2012-07-15 23:03 . 2012-07-15 23:21 -------- d-----w- c:\programdata\HP 2012-07-12 23:13 . 2012-07-12 23:13 -------- d-----r- c:\users\Jenny\AppData\Roaming\Brother 2012-07-12 03:01 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 13:45 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-10 22:06 . 2012-07-10 22:11 -------- d-----w- c:\programdata\Brother . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 02:57 . 2011-01-29 04:44 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-12 02:26 . 2012-03-29 12:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 02:26 . 2011-05-15 11:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-03 17:46 . 2012-05-28 22:28 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 22:19 . 2012-06-19 13:17 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 13:17 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 13:17 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 13:17 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 13:17 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 13:17 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 13:17 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-19 13:17 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-19 13:17 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-04 11:06 . 2012-06-13 13:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 13:48 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 13:48 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 13:48 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 13:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 13:48 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 13:48 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 13:48 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-07-24_18.11.31 ))))))))))))))))))))))))))))))))))))))))) . + 2011-01-22 11:17 . 2012-07-24 18:12 59388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-24 20:28 37436 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-01-29 14:11 . 2012-07-24 20:28 17900 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2759911898-4256714258-1271858132-1002_UserData.bin - 2011-01-28 02:29 . 2012-07-24 17:18 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-01-28 02:29 . 2012-07-24 20:27 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-01-28 02:29 . 2012-07-24 17:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-01-28 02:29 . 2012-07-24 20:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-24 17:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-24 20:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-01-22 13:03 . 2012-07-24 18:09 1665 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2011-01-22 13:03 . 2012-07-24 20:25 1665 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2012-07-24 18:10 . 2012-07-24 18:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-24 20:26 . 2012-07-24 20:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-24 20:26 . 2012-07-24 20:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-24 18:10 . 2012-07-24 18:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-07-24 18:09 500192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-24 20:25 500192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-01-31 05:03 . 2012-07-24 20:25 5773596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759911898-4256714258-1271858132-1002-8192.dat - 2011-01-31 05:03 . 2012-07-24 18:09 5773596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759911898-4256714258-1271858132-1002-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\users\Jenny\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-02 522736] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-05-26 826896] "NI Background Service"="c:\program files (x86)\National Instruments\Shared\Update Service\niupdate.exe" [2010-05-28 77824] "niDevMon"="c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Boingo Wi-Finder"="c:\program files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk" [2012-05-16 2429] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-1 110592] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-6-24 1207312] UVA ITC Network Setup Tool Cert Checker.lnk - c:\windows\Installer\{A4766C69-E64B-47D4-984C-BE9E91FDDBF3}\_93C62315C0D5B38E0A1810.exe [2012-1-12 3262] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 BazisPortableCDBus;Portable WinCDEmu driver;c:\windows\system32\drivers\BazisPortableCDBus.sys [2011-09-01 268896] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 344616] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-17 1431888] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-10 172632] R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240] R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2010-06-21 30800] R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2010-06-21 11856] R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2010-06-21 26704] R3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2009-12-15 18504] R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2009-07-17 11864] R3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2010-06-15 11952] R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2010-06-15 11920] R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2010-02-25 11848] R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2010-02-06 11856] R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2010-06-15 11920] R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2010-06-15 11920] R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2010-02-02 11864] R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2010-02-02 12416] R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2010-02-02 12392] R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-02-05 11872] R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-06-02 12992] R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-06-02 12992] R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 22680] R3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2010-06-15 11912] R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2009-07-14 11888] R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-02-10 11864] R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-02-05 11856] R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2009-07-14 11888] R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2010-06-15 11920] R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-05 11824] R3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2010-05-03 11912] R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-08-31 11872] R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2009-09-01 11848] R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2010-02-06 11872] R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2010-06-15 11944] R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-06-23 11944] R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2010-06-15 11920] R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2010-06-15 11920] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-22 131688] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-29 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-06-22 63648] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984] S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2010-06-21 82568] S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2010-06-21 54424] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-08-26 24680] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696] S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-06-22 47776] S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696] S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-06-23 131776] S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-06-23 193712] S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-06-14 11928] S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-06-23 11944] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-25 1620584] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-25 235624] S2 T3Srv;FLIR Systems Camera Monitor;c:\program files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Srv.exe [2011-03-22 786744] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-05-26 826896] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-06-30 2533400] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-19 27760] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-16 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-20 287232] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216] S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944] S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-08-24 11872] S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2010-02-02 12384] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-12 29288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [2008-07-04 252928] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 02:26] . 2012-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-07-24 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-11-09 6539880] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-25 283240] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-02 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-02 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-02 415256] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "FS Camera Monitor"="c:\program files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Mon.exe" [2011-03-22 336184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 128.143.2.7 128.143.3.7 128.143.22.119 FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\4v6ldt4u.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 2 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-24 16:43:59 ComboFix-quarantined-files.txt 2012-07-24 20:43 ComboFix2.txt 2012-07-24 18:41 . Pre-Run: 513,345,781,760 bytes free Post-Run: 513,034,088,448 bytes free . - - End Of File - - BB185A8D6EE11F2DCDA32AF588CF9D3F
  6. Sorry for the delay. I'm at work and this is the first chance I've had. fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01 Ran by SYSTEM at 2012-07-24 12:54:33 Run:1 Running from F:\ ============================================== C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450} moved successfully. C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450} moved successfully. ==== End of Fixlog ====
  7. I would like to continue cleaning this PC. Thanks. FRST.txt Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01 Ran by SYSTEM at 23-07-2012 23:13:07 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-14] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6539880 2010-11-09] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2181224 2010-11-03] (Realtek Semiconductor) HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [283240 2010-08-25] (NVIDIA Corporation) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-09-02] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-09-02] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-09-02] (Intel Corporation) HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation) HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] () HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation) HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] () HKLM\...\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent [x] HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x] HKLM\...\Run: [FS Camera Monitor] C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Mon.exe [336184 2011-03-22] (FLIR) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd) HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-04] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [522736 2010-11-01] () HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [826896 2011-05-26] (GlavSoft LLC.) HKLM-x32\...\Run: [NI Background Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe [77824 2010-05-27] (National Instruments) HKLM-x32\...\Run: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [109712 2010-04-20] (National Instruments Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446248 2011-12-15] (Garmin) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [boingo Wi-Finder] "C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk" [2429 2012-05-16] () HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard) HKU\Jenny\...\Run: [googletalk] C:\Users\Jenny\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google) HKU\Jenny\...\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033 [846520 2010-06-21] () HKU\Jenny\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-08] (Dell) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2 AppInit_DLLs: C:\Windows\system32\nvinitx.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\UVA ITC Network Setup Tool Cert Checker.lnk ShortcutTarget: UVA ITC Network Setup Tool Cert Checker.lnk -> C:\Windows\Installer\{A4766C69-E64B-47D4-984C-BE9E91FDDBF3}\_93C62315C0D5B38E0A1810.exe () ==================== Services (Whitelisted) ====== 2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-03-05] (National Instruments, Inc.) 2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [45168 2010-06-16] (National Instruments Corporation) 2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [55416 2010-06-16] (National Instruments Corporation) 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 mxssvr; "C:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [12696 2010-06-18] (National Instruments Corporation) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () 2 ni488enumsvc; C:\Windows\SysWOW64\nipalsm.exe [12696 2010-03-24] (National Instruments Corporation) 2 NIApplicationWebServer; "C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [47776 2010-06-22] (National Instruments Corporation) 4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [63648 2010-06-22] (National Instruments Corporation) 2 nidevldu; C:\Windows\SysWOW64\nipalsm.exe [12696 2010-03-24] (National Instruments Corporation) 2 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [360568 2010-06-16] (National Instruments Corporation) 4 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2010-05-17] (Macrovision Corporation) 2 niLXIDiscovery; "C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe" [131776 2010-06-23] (National Instruments Corporation) 2 nimDNSResponder; "C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe" [193712 2010-06-23] (National Instruments Corporation) 2 nipxirmu; C:\Windows\SysWOW64\nipxism.exe [18584 2010-06-14] (National Instruments Corporation) 2 niSvcLoc; "C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system [47768 2010-06-22] (National Instruments Corporation) 2 NITaggerService; "C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [752304 2010-06-17] (National Instruments Corporation) 3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [98304 2009-06-03] (OPC Foundation) 2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-09-04] (Sonic Solutions) 3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-08-26] (MicroVision Development, Inc.) 2 T3Srv; "C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx64\T3Srv.exe" [786744 2011-03-22] (FLIR) 2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [826896 2011-05-26] (GlavSoft LLC.) 2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-06-30] (Intel Corporation) ========================== Drivers (Whitelisted) ============= 3 BazisPortableCDBus; C:\Windows\System32\Drivers\BazisPortableCDBus.sys [268896 2011-09-01] (SysProgs.org) 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.) 3 lvalarmk; C:\Windows\System32\Drivers\lvalarmk.sys [25224 2008-12-05] (National Instruments Corporation) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.) 3 ni1006k; C:\Windows\System32\Drivers\ni1006k.sys [30800 2010-06-21] (National Instruments Corporation) 3 ni1045k; \??\C:\Windows\system32\drivers\ni1045kl.sys [11856 2010-06-21] (National Instruments Corporation) 3 ni1065k; C:\Windows\System32\Drivers\ni1065k.sys [26704 2010-06-21] (National Instruments Corporation) 3 ni488lock; C:\Windows\System32\Drivers\ni488lock.sys [18504 2009-12-15] (National Instruments Corporation) 3 nicdrk; \??\C:\Windows\system32\drivers\nicdrkl.sys [11864 2009-07-17] (National Instruments Corporation) 3 nicmrk; \??\C:\Windows\system32\drivers\nicmrkl.sys [11952 2010-06-15] (National Instruments Corporation) 3 nicsrk; \??\C:\Windows\system32\drivers\nicsrkl.sys [11920 2010-06-15] (National Instruments Corporation) 3 nidimk; \??\C:\Windows\system32\drivers\nidimkl.sys [11944 2010-06-11] (National Instruments Corporation) 3 nidmxfk; \??\C:\Windows\system32\drivers\nidmxfkl.sys [11848 2010-02-25] (National Instruments Corporation) 3 nidsark; \??\C:\Windows\system32\drivers\nidsarkl.sys [11856 2010-02-06] (National Instruments Corporation) 3 niemrk; \??\C:\Windows\system32\drivers\niemrkl.sys [11920 2010-06-15] (National Instruments Corporation) 3 niesrk; \??\C:\Windows\system32\drivers\niesrkl.sys [11920 2010-06-15] (National Instruments Corporation) 3 nifslk; \??\C:\Windows\system32\drivers\nifslkl.sys [11864 2010-02-02] (National Instruments Corporation) 3 nimdbgk; \??\C:\Windows\system32\drivers\nimdbgkl.sys [11936 2010-06-11] (National Instruments Corporation) 3 nimru2k; \??\C:\Windows\system32\drivers\nimru2kl.sys [11872 2009-08-24] (National Instruments Corporation) 3 nimsdrk; \??\C:\Windows\system32\drivers\nimsdrkl.sys [12416 2010-02-02] (National Instruments Corporation) 3 nimstsk; \??\C:\Windows\system32\drivers\nimstskl.sys [12384 2010-02-01] (National Instruments Corporation) 3 nimxdfk; \??\C:\Windows\system32\drivers\nimxdfkl.sys [11928 2010-06-18] (National Instruments Corporation) 3 nimxpk; \??\C:\Windows\system32\drivers\nimxpkl.sys [12392 2010-02-01] (National Instruments Corporation) 3 ninshsdk; \??\C:\Windows\system32\drivers\ninshsdkl.sys [11872 2010-02-05] (National Instruments Corporation) 3 niorbk; \??\C:\Windows\system32\drivers\niorbkl.sys [11856 2009-06-14] (National Instruments Corporation) 3 nipalfwedl; C:\Windows\System32\Drivers\nipalfwedl.sys [12992 2010-06-02] (National Instruments Corporation) 0 NIPALK; C:\Windows\System32\Drivers\NIPALK.sys [892056 2010-06-02] (National Instruments Corporation) 3 nipalusbedl; C:\Windows\System32\Drivers\nipalusbedl.sys [12992 2010-06-02] (National Instruments Corporation) 0 nipbcfk; C:\Windows\System32\Drivers\nipbcfk.sys [16984 2010-03-24] (National Instruments Corporation) 0 nipxibaf; C:\Windows\System32\Drivers\nipxibaf.sys [82568 2010-06-21] (National Instruments Corporation) 0 nipxibrc; C:\Windows\System32\Drivers\nipxibrc.sys [54424 2010-06-21] (National Instruments Corporation) 3 nipxigpk; C:\Windows\System32\Drivers\nipxigpk.sys [22680 2010-06-14] (National Instruments Corporation) 2 nipxirmk; \??\C:\Windows\system32\drivers\nipxirmkl.sys [11928 2010-06-14] (National Instruments Corporation) 3 niraptrk; \??\C:\Windows\system32\drivers\niraptrkl.sys [11912 2010-06-15] (National Instruments Corporation) 3 niscdk; \??\C:\Windows\system32\drivers\niscdkl.sys [11888 2009-07-14] (National Instruments Corporation) 3 nisdigk; \??\C:\Windows\system32\drivers\nisdigkl.sys [11864 2010-02-10] (National Instruments Corporation) 3 nisftk; \??\C:\Windows\system32\drivers\nisftkl.sys [11856 2010-02-05] (National Instruments Corporation) 3 nispdk; \??\C:\Windows\system32\drivers\nispdkl.sys [11888 2009-07-14] (National Instruments Corporation) 3 nissrk; \??\C:\Windows\system32\drivers\nissrkl.sys [11920 2010-06-15] (National Instruments Corporation) 3 nistc2k; \??\C:\Windows\system32\drivers\nistc2kl.sys [11824 2009-01-05] (National Instruments Corporation) 3 nistc3rk; \??\C:\Windows\system32\drivers\nistc3rkl.sys [11912 2010-05-02] (National Instruments Corporation) 3 nistcrk; \??\C:\Windows\system32\drivers\nistcrkl.sys [11872 2009-08-31] (National Instruments Corporation) 3 niswdk; \??\C:\Windows\system32\drivers\niswdkl.sys [11848 2009-09-01] (National Instruments Corporation) 3 nitiork; \??\C:\Windows\system32\drivers\nitiorkl.sys [11872 2010-02-06] (National Instruments Corporation) 3 niufurk; \??\C:\Windows\system32\drivers\niufurkl.sys [11944 2010-06-15] (National Instruments Corporation) 3 NiViPciK; C:\Windows\System32\Drivers\NiViPciK.sys [91816 2010-06-23] (National Instruments Corporation) 2 NiViPxiK; C:\Windows\System32\Drivers\NiViPxiK.sys [44712 2010-06-23] (National Instruments Corporation) 3 niwfrk; \??\C:\Windows\system32\drivers\niwfrkl.sys [11920 2010-06-15] (National Instruments Corporation) 3 nixsrk; \??\C:\Windows\system32\drivers\nixsrkl.sys [11920 2010-06-15] (National Instruments Corporation) 2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] () 3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo) 3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] 3 mfeavfk01; [x] 3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-23 20:55 - 2012-07-23 20:55 - 01552384 ____A C:\Users\Jenny\Desktop\RogueKiller.exe 2012-07-23 20:55 - 2012-07-23 20:55 - 00002026 ____A C:\Users\Jenny\Desktop\RKreport[1].txt 2012-07-23 20:55 - 2012-07-23 20:55 - 00000000 ____D C:\Users\Jenny\Desktop\RK_Quarantine 2012-07-23 19:56 - 2012-07-23 19:56 - 00043309 ____A C:\Users\Jenny\Desktop\DDS.txt 2012-07-23 19:56 - 2012-07-23 19:56 - 00022720 ____A C:\Users\Jenny\Desktop\Attach.txt 2012-07-23 19:43 - 2012-07-23 19:43 - 00607260 ____R (Swearware) C:\Users\Jenny\Desktop\dds.com 2012-07-23 19:42 - 2012-07-23 19:42 - 00607260 ____A (Swearware) C:\Users\Jenny\My Documents\dds.scr 2012-07-23 19:42 - 2012-07-23 19:42 - 00607260 ____A (Swearware) C:\Users\Jenny\Documents\dds.scr 2012-07-23 19:19 - 2012-07-23 19:25 - 00077716 ____A C:\Users\Jenny\My Documents\yorkyt.exe.log 2012-07-23 19:19 - 2012-07-23 19:25 - 00077716 ____A C:\Users\Jenny\Documents\yorkyt.exe.log 2012-07-23 19:17 - 2012-07-23 19:17 - 01415784 ____A C:\Users\Jenny\My Documents\yorkyt.exe 2012-07-23 19:17 - 2012-07-23 19:17 - 01415784 ____A C:\Users\Jenny\Documents\yorkyt.exe 2012-07-23 18:58 - 2012-07-23 18:59 - 00000000 ____D C:\Users\Jenny\Local Settings\Deployment 2012-07-23 18:58 - 2012-07-23 18:59 - 00000000 ____D C:\Users\Jenny\AppData\Local\Deployment 2012-07-23 18:58 - 2012-07-23 18:58 - 00000000 ____D C:\Users\Jenny\AppData\Local\Apps\2.0 2012-07-23 17:46 - 2012-07-23 17:46 - 00000000 ____D C:\Users\Jenny\Local Settings\Broadcom 2012-07-23 17:46 - 2012-07-23 17:46 - 00000000 ____D C:\Users\Jenny\AppData\Local\Broadcom 2012-07-23 17:07 - 2012-07-23 17:07 - 00000000 ____D C:\Users\Jenny\Application Data\GetRightToGo 2012-07-23 17:07 - 2012-07-23 17:07 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\GetRightToGo 2012-07-23 17:01 - 2012-01-12 08:28 - 00057976 ___RA (GFI Software) C:\Windows\System32\Drivers\SBREDrv.sys 2012-07-23 16:58 - 2012-07-23 16:58 - 00000039 ___RH C:\Users\Jenny\Desktop\stinger.opt 2012-07-23 16:54 - 2012-07-23 16:58 - 00000000 ____D C:\Program Files (x86)\stinger 2012-07-23 15:51 - 2012-07-23 17:54 - 00000000 ____D C:\sh4ldr 2012-07-23 15:51 - 2012-07-23 15:51 - 00000000 ____D C:\Program Files\Enigma Software Group 2012-07-23 15:49 - 2012-07-23 17:54 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-07-23 15:41 - 2012-07-23 15:41 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Jenny\My Documents\SpyHunter-Installer.exe 2012-07-23 15:41 - 2012-07-23 15:41 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Jenny\Documents\SpyHunter-Installer.exe 2012-07-23 15:23 - 2012-07-23 19:04 - 00739824 ____A (Google Inc.) C:\Users\Jenny\My Documents\ChromeSetup.exe 2012-07-23 15:23 - 2012-07-23 19:04 - 00739824 ____A (Google Inc.) C:\Users\Jenny\Documents\ChromeSetup.exe 2012-07-23 14:04 - 2012-07-23 14:04 - 00000000 ____D C:\Users\Jenny\Local Settings\Apple Computer 2012-07-23 14:04 - 2012-07-23 14:04 - 00000000 ____D C:\Users\Jenny\Local Settings\Apple 2012-07-23 14:04 - 2012-07-23 14:04 - 00000000 ____D C:\Users\Jenny\AppData\Local\Apple Computer 2012-07-23 14:04 - 2012-07-23 14:04 - 00000000 ____D C:\Users\Jenny\AppData\Local\Apple 2012-07-23 14:01 - 2012-07-23 14:01 - 00163528 ____A C:\Users\Jenny\Local Settings\GDIPFONTCACHEV1.DAT 2012-07-23 14:01 - 2012-07-23 14:01 - 00163528 ____A C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-23 13:16 - 2012-07-23 13:16 - 00000000 ____D C:\Users\Jenny\Local Settings\Macromedia 2012-07-23 13:16 - 2012-07-23 13:16 - 00000000 ____D C:\Users\Jenny\AppData\Local\Macromedia 2012-07-23 13:13 - 2012-07-23 19:06 - 00000000 ____D C:\Users\Jenny\Local Settings\Google 2012-07-23 13:13 - 2012-07-23 19:06 - 00000000 ____D C:\Users\Jenny\AppData\Local\Google 2012-07-23 09:09 - 2012-07-23 13:15 - 00000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer 2012-07-23 08:49 - 2012-07-23 08:49 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-23 08:49 - 2012-07-23 08:49 - 00000000 ____D C:\Program Files (x86)\PC Tools 2012-07-23 08:46 - 2012-07-23 13:09 - 00000000 ____D C:\Users\All Users\PC Tools 2012-07-23 08:46 - 2012-07-23 13:09 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools 2012-07-23 08:46 - 2012-07-23 08:46 - 00000000 ____D C:\Users\Jenny\Application Data\TestApp 2012-07-23 08:46 - 2012-07-23 08:46 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\TestApp 2012-07-23 08:46 - 2012-05-11 10:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys 2012-07-23 08:13 - 2012-07-23 08:13 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-07-22 15:21 - 2012-07-23 17:44 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-07-21 19:51 - 2012-07-21 20:18 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-07-21 19:51 - 2012-07-21 20:18 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy 2012-07-21 19:51 - 2012-07-21 20:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-07-19 10:52 - 2012-07-19 10:52 - 00001072 ____A C:\Users\UpdatusUser\Desktop\Ad-aware 6.0.lnk 2012-07-19 10:52 - 2012-07-19 10:52 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2012-07-19 10:50 - 2012-07-19 10:51 - 01760378 ____A C:\Users\Jenny\My Documents\aaw61.exe 2012-07-19 10:50 - 2012-07-19 10:51 - 01760378 ____A C:\Users\Jenny\Documents\aaw61.exe 2012-07-19 10:47 - 2012-07-19 10:47 - 00000000 ____D C:\Users\Jenny\Application Data\Ad-Aware Antivirus 2012-07-19 10:47 - 2012-07-19 10:47 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Ad-Aware Antivirus 2012-07-19 10:46 - 2012-07-19 10:47 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\My Documents\Adaware_Installer.exe 2012-07-19 10:46 - 2012-07-19 10:47 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\Documents\Adaware_Installer.exe 2012-07-19 10:21 - 2012-07-19 10:21 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\Downloads\download.asp 2012-07-17 17:20 - 2012-07-17 17:21 - 00000000 ____D C:\Users\Jenny\Desktop\Micromixers 2012-07-15 18:22 - 2012-07-15 18:23 - 00000000 ____D C:\Users\Jenny\Application Data\HP 2012-07-15 18:22 - 2012-07-15 18:23 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\HP 2012-07-15 18:22 - 2012-07-15 18:22 - 00000000 ____D C:\Users\All Users\WEBREG 2012-07-15 18:22 - 2012-07-15 18:22 - 00000000 ____D C:\Users\All Users\Application Data\WEBREG 2012-07-15 18:12 - 2012-07-22 18:28 - 00000000 ____D C:\Users\Jenny\Application Data\HpUpdate 2012-07-15 18:12 - 2012-07-22 18:28 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\HpUpdate 2012-07-15 18:12 - 2012-07-15 18:13 - 00000000 ____D C:\Program Files (x86)\Coupons 2012-07-15 18:12 - 2012-07-15 18:12 - 00000000 ____D C:\Users\All Users\HP Photo Creations 2012-07-15 18:12 - 2012-07-15 18:12 - 00000000 ____D C:\Users\All Users\Application Data\HP Photo Creations 2012-07-15 18:12 - 2012-07-15 18:12 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2012-07-15 18:11 - 2012-07-15 18:11 - 00000000 ____D C:\Users\All Users\HP Product Assistant 2012-07-15 18:11 - 2012-07-15 18:11 - 00000000 ____D C:\Users\All Users\Application Data\HP Product Assistant 2012-07-15 18:07 - 2009-04-16 11:47 - 00136704 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l70w.dll 2012-07-15 18:07 - 2009-04-15 15:53 - 00642360 ____A (Hewlett-Packard) C:\Windows\System32\hpzids40.dll 2012-07-15 18:07 - 2009-03-31 10:21 - 00881664 ____A (Hewlett-Packard) C:\Windows\System32\hposwia_d02d.dll 2012-07-15 18:07 - 2009-03-31 10:21 - 00749056 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpost_d02d.dll 2012-07-15 18:07 - 2009-03-31 10:21 - 00516096 ____A (Hewlett-Packard Co.) C:\Windows\System32\hposc_d02a.dll 2012-07-15 18:07 - 2008-10-28 04:27 - 00551424 ____A (Hewlett-Packard) C:\Windows\System32\hppldcoi.dll 2012-07-15 18:05 - 2012-07-15 18:12 - 00000000 ____D C:\Program Files (x86)\HP 2012-07-15 18:04 - 2012-07-15 18:04 - 00000000 ____D C:\Program Files\HP 2012-07-15 18:03 - 2012-07-15 18:21 - 00206007 ____A C:\Windows\hpoins46.dat 2012-07-15 18:03 - 2012-07-15 18:21 - 00001188 ____A C:\Users\All Users\hpzinstall.log 2012-07-15 18:03 - 2012-07-15 18:21 - 00001188 ____A C:\Users\All Users\Application Data\hpzinstall.log 2012-07-15 18:03 - 2012-07-15 18:21 - 00000000 ____D C:\Users\All Users\HP 2012-07-15 18:03 - 2012-07-15 18:21 - 00000000 ____D C:\Users\All Users\Application Data\HP 2012-07-12 18:13 - 2012-07-12 18:13 - 00000000 ___RD C:\Users\Jenny\Application Data\Brother 2012-07-12 18:13 - 2012-07-12 18:13 - 00000000 ___RD C:\Users\Jenny\AppData\Roaming\Brother 2012-07-11 22:01 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 21:56 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 21:56 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 21:56 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 21:56 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 21:56 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 21:56 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 21:56 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 21:56 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 21:56 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 21:56 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 21:56 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 21:56 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 21:56 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 21:56 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 21:56 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-11 21:56 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-11 21:56 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-11 21:56 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-11 21:56 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-11 21:56 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-11 21:56 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-11 21:56 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-11 21:56 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-11 21:56 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-11 21:56 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-11 21:56 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-11 21:56 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-11 21:56 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 08:45 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 08:45 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 08:45 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 08:45 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 08:45 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 08:45 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 08:45 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 08:45 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 08:45 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 08:45 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 08:45 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 08:45 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 08:45 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 08:45 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 08:45 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 08:45 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 08:45 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 08:45 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 08:45 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-10 17:11 - 2012-07-19 10:08 - 00000334 ____A C:\Windows\BRCALIB.INI 2012-07-10 17:06 - 2012-07-10 17:11 - 00000000 ____D C:\Users\All Users\Brother 2012-07-10 17:06 - 2012-07-10 17:11 - 00000000 ____D C:\Users\All Users\Application Data\Brother ============ 3 Months Modified Files ======================== 2012-07-23 20:55 - 2012-07-23 20:55 - 01552384 ____A C:\Users\Jenny\Desktop\RogueKiller.exe 2012-07-23 20:55 - 2012-07-23 20:55 - 00002026 ____A C:\Users\Jenny\Desktop\RKreport[1].txt 2012-07-23 20:26 - 2012-03-29 07:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-23 20:22 - 2009-07-14 00:13 - 00779092 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-23 19:56 - 2012-07-23 19:56 - 00043309 ____A C:\Users\Jenny\Desktop\DDS.txt 2012-07-23 19:56 - 2012-07-23 19:56 - 00022720 ____A C:\Users\Jenny\Desktop\Attach.txt 2012-07-23 19:43 - 2012-07-23 19:43 - 00607260 ____R (Swearware) C:\Users\Jenny\Desktop\dds.com 2012-07-23 19:42 - 2012-07-23 19:42 - 00607260 ____A (Swearware) C:\Users\Jenny\My Documents\dds.scr 2012-07-23 19:42 - 2012-07-23 19:42 - 00607260 ____A (Swearware) C:\Users\Jenny\Documents\dds.scr 2012-07-23 19:30 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-23 19:30 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-23 19:25 - 2012-07-23 19:19 - 00077716 ____A C:\Users\Jenny\My Documents\yorkyt.exe.log 2012-07-23 19:25 - 2012-07-23 19:19 - 00077716 ____A C:\Users\Jenny\Documents\yorkyt.exe.log 2012-07-23 19:23 - 2011-01-22 07:57 - 00055374 ____A C:\Windows\PFRO.log 2012-07-23 19:23 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-23 19:23 - 2009-07-13 23:51 - 00081935 ____A C:\Windows\setupact.log 2012-07-23 19:17 - 2012-07-23 19:17 - 01415784 ____A C:\Users\Jenny\My Documents\yorkyt.exe 2012-07-23 19:17 - 2012-07-23 19:17 - 01415784 ____A C:\Users\Jenny\Documents\yorkyt.exe 2012-07-23 19:04 - 2012-07-23 15:23 - 00739824 ____A (Google Inc.) C:\Users\Jenny\My Documents\ChromeSetup.exe 2012-07-23 19:04 - 2012-07-23 15:23 - 00739824 ____A (Google Inc.) C:\Users\Jenny\Documents\ChromeSetup.exe 2012-07-23 17:45 - 2012-04-18 09:21 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job 2012-07-23 17:44 - 2012-07-22 15:21 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-07-23 16:58 - 2012-07-23 16:58 - 00000039 ___RH C:\Users\Jenny\Desktop\stinger.opt 2012-07-23 15:41 - 2012-07-23 15:41 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Jenny\My Documents\SpyHunter-Installer.exe 2012-07-23 15:41 - 2012-07-23 15:41 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Jenny\Documents\SpyHunter-Installer.exe 2012-07-23 14:01 - 2012-07-23 14:01 - 00163528 ____A C:\Users\Jenny\Local Settings\GDIPFONTCACHEV1.DAT 2012-07-23 14:01 - 2012-07-23 14:01 - 00163528 ____A C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-23 08:19 - 2009-07-14 00:10 - 01867864 ____A C:\Windows\WindowsUpdate.log 2012-07-19 10:52 - 2012-07-19 10:52 - 00001072 ____A C:\Users\UpdatusUser\Desktop\Ad-aware 6.0.lnk 2012-07-19 10:51 - 2012-07-19 10:50 - 01760378 ____A C:\Users\Jenny\My Documents\aaw61.exe 2012-07-19 10:51 - 2012-07-19 10:50 - 01760378 ____A C:\Users\Jenny\Documents\aaw61.exe 2012-07-19 10:47 - 2012-07-19 10:46 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\My Documents\Adaware_Installer.exe 2012-07-19 10:47 - 2012-07-19 10:46 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\Documents\Adaware_Installer.exe 2012-07-19 10:21 - 2012-07-19 10:21 - 04587128 ____A (Lavasoft Limited) C:\Users\Jenny\Downloads\download.asp 2012-07-19 10:08 - 2012-07-10 17:11 - 00000334 ____A C:\Windows\BRCALIB.INI 2012-07-16 07:59 - 2009-07-13 23:45 - 00556272 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-15 18:21 - 2012-07-15 18:03 - 00206007 ____A C:\Windows\hpoins46.dat 2012-07-15 18:21 - 2012-07-15 18:03 - 00001188 ____A C:\Users\All Users\hpzinstall.log 2012-07-15 18:21 - 2012-07-15 18:03 - 00001188 ____A C:\Users\All Users\Application Data\hpzinstall.log 2012-07-15 18:21 - 2009-07-13 21:34 - 00000545 ____A C:\Windows\win.ini 2012-07-11 21:57 - 2011-01-28 23:44 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 21:26 - 2012-03-29 07:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-11 21:26 - 2011-05-15 06:10 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-11 08:35 - 2012-04-18 09:21 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2012-07-03 12:46 - 2012-05-28 17:28 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-17 17:32 - 2012-06-17 17:32 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-06-17 17:32 - 2012-06-17 17:32 - 00002515 ____A C:\Users\All Users\Desktop\Skype.lnk 2012-06-11 22:08 - 2012-07-11 22:01 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-09 00:43 - 2012-07-11 08:45 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 23:41 - 2012-07-11 08:45 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-06 01:06 - 2012-07-11 08:45 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-06 01:06 - 2012-07-11 08:45 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-06 01:02 - 2012-07-11 08:45 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-06 00:05 - 2012-07-11 08:45 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-06 00:05 - 2012-07-11 08:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-06 00:03 - 2012-07-11 08:45 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-05 17:33 - 2012-06-05 17:30 - 76225536 ____A (The GIMP Team ) C:\Users\Jenny\My Documents\gimp-2.8.0-setup.exe 2012-06-05 17:33 - 2012-06-05 17:30 - 76225536 ____A (The GIMP Team ) C:\Users\Jenny\Documents\gimp-2.8.0-setup.exe 2012-06-04 12:16 - 2012-06-04 12:11 - 926761328 ____A (Wolfram Research, Inc. ) C:\Users\Jenny\My Documents\UVa-Mathematica800-Win.exe 2012-06-04 12:16 - 2012-06-04 12:11 - 926761328 ____A (Wolfram Research, Inc. ) C:\Users\Jenny\Documents\UVa-Mathematica800-Win.exe 2012-06-02 17:19 - 2012-06-19 08:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 17:19 - 2012-06-19 08:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 17:19 - 2012-06-19 08:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 17:19 - 2012-06-19 08:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 17:19 - 2012-06-19 08:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 17:15 - 2012-06-19 08:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 17:15 - 2012-06-19 08:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:19 - 2012-06-19 08:17 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:15 - 2012-06-19 08:17 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 07:49 - 2012-07-11 21:56 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 07:17 - 2012-07-11 21:56 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 07:12 - 2012-07-11 21:56 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 07:05 - 2012-07-11 21:56 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 07:05 - 2012-07-11 21:56 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 07:04 - 2012-07-11 21:56 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 07:04 - 2012-07-11 21:56 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 07:03 - 2012-07-11 21:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 07:01 - 2012-07-11 21:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 07:00 - 2012-07-11 21:56 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 06:59 - 2012-07-11 21:56 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 06:57 - 2012-07-11 21:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 06:57 - 2012-07-11 21:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 06:54 - 2012-07-11 21:56 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 04:07 - 2012-07-11 21:56 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 03:43 - 2012-07-11 21:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 03:33 - 2012-07-11 21:56 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 03:26 - 2012-07-11 21:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 03:25 - 2012-07-11 21:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 03:25 - 2012-07-11 21:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 03:23 - 2012-07-11 21:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 03:21 - 2012-07-11 21:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 03:20 - 2012-07-11 21:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 03:19 - 2012-07-11 21:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 03:19 - 2012-07-11 21:56 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 03:17 - 2012-07-11 21:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 03:16 - 2012-07-11 21:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 03:14 - 2012-07-11 21:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-02 00:50 - 2012-07-11 08:45 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-02 00:48 - 2012-07-11 08:45 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-02 00:48 - 2012-07-11 08:45 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 00:45 - 2012-07-11 08:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-02 00:44 - 2012-07-11 08:45 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 23:40 - 2012-07-11 08:45 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 23:40 - 2012-07-11 08:45 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 23:39 - 2012-07-11 08:45 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 23:34 - 2012-07-11 08:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-28 17:27 - 2012-05-28 17:27 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Jenny\Downloads\mbam-setup-1.61.0.1400.exe 2012-05-18 08:03 - 2012-05-18 08:03 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-05-18 08:03 - 2012-05-18 08:03 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-05-16 13:41 - 2012-05-16 13:41 - 01394056 ____A (Boingo Wireless) C:\Users\Jenny\Downloads\GoBoingo_awBpAHQAdABrAGEAdABqAGwA_YwBoAGUAbQBnAGsAMAA=_GoBoingo.exe 2012-05-11 10:14 - 2012-07-23 08:46 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys 2012-05-07 13:21 - 2012-02-18 11:04 - 00011343 ____A C:\Users\Jenny\My Documents\soccer_roster_spring2012.xlsx 2012-05-07 13:21 - 2012-02-18 11:04 - 00011343 ____A C:\Users\Jenny\Documents\soccer_roster_spring2012.xlsx 2012-05-04 06:06 - 2012-06-13 08:48 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 05:03 - 2012-06-13 08:48 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 05:03 - 2012-06-13 08:48 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-01 00:40 - 2012-06-13 08:48 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-27 22:55 - 2012-06-13 08:48 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-26 00:41 - 2012-06-13 08:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-26 00:41 - 2012-06-13 08:48 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-26 00:34 - 2012-06-13 08:48 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe ZeroAccess: C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450} C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\@ C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L\00000004.@ C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L\201d3dde C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U\80000000.@ C:\Windows\Installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U\80000064.@ ZeroAccess: C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450} C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\@ C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 5876.3 MB Available physical RAM: 5145.15 MB Total Pagefile: 5874.45 MB Available Pagefile: 5127.23 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:480.35 GB) NTFS 3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.33 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive f: (USB MEMORY) (Removable) (Total:0.48 GB) (Free:0.2 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 489 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 39 MB Partition 3 Primary 581 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 E RECOVERY NTFS Partition 14 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 581 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 489 MB 0 B ================================================================================== Disk: 1 There is no partition selected. There is no partition selected. Please select a partition and try again. ================================================================================== ========================================================== Last Boot: 2012-07-18 09:06 ======================= End Of Log ========================== search.txt Farbar Recovery Scan Tool Version: 20-07-2012 01 Ran by SYSTEM at 2012-07-23 23:16:22 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  8. Sorry about uTorrent. I haven't used it in so long I forgot it was there. It has been uninstalled. Here is the report from Rogue Killer: RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Jenny [Admin rights] Mode: Scan -- Date: 07/23/2012 21:55:44 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jenny\AppData\Local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\jenny\appdata\local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\jenny\appdata\local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\jenny\appdata\local\{3b6bb3e2-8bfd-365d-8e0d-af5ae9e90450}\L --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6461GSY +++++ --- User --- [MBR] 223f6300047a2b384b618d4df24997a0 [bSP] 9e7c0f6e4e3706dae0ca782c9fd118b2 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 595440 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Thanks for your help.
  9. Hello - I recently aquired the ZeroAccess virus on my computer. I ran MBAM in safe mode which found 3 trojan files and removed them, but I want to make sure I am cleared of any residual infection. I also ran the Symantec FixZeroAccess tool and the Mcafee Rootkit Tool, which found no infected files. I have attached the two DDS files as requested. Thanks in advance! Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.