Jump to content

memorymom

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. MrC - Thank you for all your help - everything seems fine so far and I am hopeful that it won't repeat. Haven't had any random music playing since yesterday. Looks like this one is done (knock on wood) and I will visit your page when I can use a safer computer. You're the best!
  2. Yay! - RogueKiller is happy too... RogueKiller V8.0.0 [08/26/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Susan [Admin rights] Mode : Scan -- Date : 08/30/2012 14:50:16 ¤¤¤ Bad processes : 3 ¤¤¤ [RESIDUE] TiVoServer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe -> KILLED [TermProc] [RESIDUE] TiVoTransfer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe -> KILLED [TermProc] [RESIDUE] TiVoNotify.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 14 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Best Buy pc app (C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TivoServer ("C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TivoTransfer ("C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe") -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TivoNotify ("C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TranscodingService ("C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578430810-3624963796-3763101815-1001[...]\Run : Best Buy pc app (C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578430810-3624963796-3763101815-1001[...]\Run : TivoServer ("C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578430810-3624963796-3763101815-1001[...]\Run : TivoTransfer ("C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578430810-3624963796-3763101815-1001[...]\Run : TivoNotify ("C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578430810-3624963796-3763101815-1001[...]\Run : TranscodingService ("C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe") -> FOUND [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3265GSX ATA Device +++++ --- User --- [MBR] 4df490d3091673b0a7b27ea2bcb84998 [bSP] 1d2d0a7d94f462bbd182eb7df44c25b4 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293443 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 604045312 | Size: 10301 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
  3. Looks good - said it didn't detect anything (it didn't before either though) - This time was much faster though... Here is the log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.30.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Susan :: SUSAN-PC2 [administrator] 8/30/2012 2:15:08 PM mbam-log-2012-08-30 (14-15-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 288672 Time elapsed: 16 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I will keep it connected and use it tonight and let you know tomorrow if the random audio stays away. I never had a sure way to check it as I couldn't see anything unless the sounds started... Thank you so much!
  4. Two more steps done! RogueKiller seemed to work - it made two logs. Not sure if you need these... RKreport3.txt RKreport4.txt Here's the TDSSKiller log... TDSSKiller.2.8.8.0_30.08.2012_13.48.37_log.txt memorymom
  5. Ran RogueKiller again - here's the log: RogueKiller V8.0.0 [08/26/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Susan [Admin rights] Mode : Scan -- Date : 08/30/2012 11:34:37 ¤¤¤ Bad processes : 3 ¤¤¤ [RESIDUE] TiVoServer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe -> KILLED [TermProc] [RESIDUE] TiVoTransfer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe -> KILLED [TermProc] [RESIDUE] TiVoNotify.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 15 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Best Buy pc app (C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TivoServer ("C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TivoTransfer ("C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe") -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TivoNotify ("C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TranscodingService ("C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578430810-3624963796-3763101815-1001[...]\Run : Best Buy pc app (C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578430810-3624963796-3763101815-1001[...]\Run : TivoServer ("C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578430810-3624963796-3763101815-1001[...]\Run : TivoTransfer ("C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578430810-3624963796-3763101815-1001[...]\Run : TivoNotify ("C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3578430810-3624963796-3763101815-1001[...]\Run : TranscodingService ("C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe") -> FOUND [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Susan\AppData\Local\{c511400a-11dd-1999-2ea4-ca67a51ea267}\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3265GSX ATA Device +++++ --- User --- [MBR] 4df490d3091673b0a7b27ea2bcb84998 [bSP] 1d2d0a7d94f462bbd182eb7df44c25b4 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293443 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 604045312 | Size: 10301 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
  6. The system restore worked - I used the most recent restore point which was from right before I ran FRST64 the first time - did I not put back things I didn't want to have back? But the internet connection is restored!
  7. It worked that time - thanks for the help! I can't connect to the internet, but have only tried the basic Windows repair and restarting/rebooting everything so far. Anyway, here is the ComboFix log... ComboFix.txt
  8. Not sure what to do - ComboFix has been running for about an hour and a half, the last thing it said was over 30 minutes ago... Deleting Files C:\Install.exe It is still running the disk, seems like a pattern of reading, then blinking, then reading, and so on. I will let it run, but am not sure what will happen when the computer sleeps - I'm afraid to click anything to try to change settings. Not feeling too hopeful at this point...
  9. So far, so good - this one found 3 suspicious objects but no malicious so I skipped and continued... Here's the log Thank you for all this time, by the way! TDSSKiller.2.8.8.0_29.08.2012_20.24.32_log.txt
  10. Okay I ran the Fix - here's the fix log... Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 29-08-2012 02 Ran by SYSTEM at 2012-08-29 18:47:21 Run:1 Running from C:\ ============================================== C:\Users\Susan\AppData\Local\{c511400a-11dd-1999-2ea4-ca67a51ea267} moved successfully. ==== End of Fixlog ====
  11. Ok - Did some backup and restore point, and now here are the logs: FRST.txt Scan result of Farbar Recovery Scan Tool Version: 29-08-2012 02 Ran by SYSTEM at 29-08-2012 13:53:29 Running from C:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [] [x] HKLM\...\Run: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [520760 2010-03-10] (Conexant Systems, Inc.) HKLM\...\Run: [smartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t [307768 2010-04-28] () HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1483776 2010-02-25] (TOSHIBA Corporation) HKLM\...\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [EEventManager] "C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe" [673616 2009-04-07] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EfficientToDoListFree] [x] HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.) HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [710504 2012-08-26] (Webroot) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKU\Susan\...\Run: [best Buy pc app] C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x] HKU\Susan\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-18] (Google Inc.) HKU\Susan\...\Run: [EPSOND9ED65] "C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE" /FU "C:\windows\TEMP\E_S9168.tmp" /EF "HKCU" [223232 2009-01-26] (SEIKO EPSON CORPORATION) HKU\Susan\...\Run: [WorkForce 610(Network)] "C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE" /FU "C:\windows\TEMP\E_S560D.tmp" /EF "HKCU" [223232 2009-01-26] (SEIKO EPSON CORPORATION) HKU\Susan\...\Run: [TivoServer] "C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer [2264336 2010-08-24] (TiVo Inc.) HKU\Susan\...\Run: [TivoTransfer] "C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe" [608528 2010-08-24] (TiVo Inc.) HKU\Susan\...\Run: [TivoNotify] "C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify [437520 2010-08-24] (TiVo Inc.) HKU\Susan\...\Run: [TranscodingService] "C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [856336 2010-08-24] (TiVo Inc.) HKU\Susan\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-08-26] (SUPERAntiSpyware.com) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Susan\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Susan\Start Menu\Programs\Startup\Efficient To-Do List Free.lnk ShortcutTarget: Efficient To-Do List Free.lnk -> C:\Program Files (x86)\Efficient To-Do List Free\EfficientToDoListFree.exe (Efficient Software) Startup: C:\Users\Susan\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Services (Whitelisted) ====== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com) 2 NitroReaderDriverReadSpool; "C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe" [341296 2010-12-03] (Nitro PDF Software) 4 TivoBeacon2; "C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe" /service [1104656 2010-08-24] (TiVo Inc.) 2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [710504 2012-08-26] (Webroot) ==================== Drivers (Whitelisted) =================== 1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-07-14] (Citrix Systems, Inc.) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [110096 2012-08-26] (Webroot) ==================== NetSvcs (Whitelisted) ================= ==================== One Month Created Files and Folders ====================== 2012-08-29 13:53 - 2012-08-29 13:53 - 00000000 ____D C:\FRST 2012-08-29 05:34 - 2012-08-29 05:35 - 00000000 ____D C:\Users\Susan\Documents\New folder 2012-08-28 07:21 - 2012-08-28 07:21 - 00007244 ____A C:\Users\Susan\Desktop\Attach.txt 2012-08-28 07:20 - 2012-08-28 07:20 - 00026401 ____A C:\Users\Susan\Desktop\DDS.txt 2012-08-28 07:16 - 2012-08-28 07:16 - 00607260 ____R (Swearware) C:\Users\Susan\Desktop\dds.com 2012-08-28 06:49 - 2012-08-28 06:49 - 00004083 ____A C:\Users\Susan\Desktop\RKreport[1].txt 2012-08-28 06:48 - 2012-08-28 06:49 - 00000000 ____D C:\Users\Susan\Desktop\RK_Quarantine 2012-08-28 06:46 - 2012-08-28 06:46 - 01320960 ____A C:\Users\Susan\Desktop\RogueKiller.exe 2012-08-27 18:53 - 2012-08-27 18:53 - 00016292 ____A C:\Users\Susan\Desktop\hs_err_pid3500.log 2012-08-27 18:52 - 2012-08-27 18:52 - 00000000 ____D C:\Users\Susan\Pearson 2012-08-27 18:43 - 2012-08-27 18:43 - 00045827 ____A C:\Users\Susan\Documents\SvcsAfterSound.txt 2012-08-27 18:41 - 2012-08-27 18:41 - 00045827 ____A C:\Users\Susan\Documents\SvcsDuringSound.txt 2012-08-27 12:47 - 2012-08-27 12:47 - 00045848 ____A C:\Users\Susan\Documents\ServAfterRebootNoSound.txt 2012-08-27 12:38 - 2012-08-27 13:11 - 00000327 ____A C:\Users\Susan\Documents\servListSoundDiff.txt 2012-08-27 06:50 - 2012-08-27 06:50 - 00045827 ____A C:\Users\Susan\Documents\servlistnosound2.txt 2012-08-27 06:43 - 2012-08-27 06:43 - 00045820 ____A C:\Users\Susan\Documents\servListSound.txt 2012-08-27 05:26 - 2012-08-27 05:26 - 00045834 ____A C:\Users\Susan\Documents\ServListNoSound.txt 2012-08-26 17:17 - 2012-08-26 17:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-08-26 17:17 - 2012-08-26 17:17 - 00001819 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-08-26 17:17 - 2012-08-26 17:17 - 00000000 ____D C:\Users\Susan\AppData\Roaming\SUPERAntiSpyware.com 2012-08-26 17:17 - 2012-08-26 17:17 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-08-26 17:16 - 2012-08-26 17:16 - 17246464 ____A (SUPERAntiSpyware.com) C:\Users\Susan\Downloads\SUPERAntiSpyware.exe 2012-08-26 11:05 - 2012-08-26 11:05 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-26 11:05 - 2012-08-26 11:05 - 00000000 ____D C:\Users\Susan\AppData\Roaming\Malwarebytes 2012-08-26 11:05 - 2012-08-26 11:05 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-08-26 11:05 - 2012-08-26 11:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-26 11:05 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-26 11:04 - 2012-08-26 11:04 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Susan\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-26 10:53 - 2012-08-26 10:53 - 00007610 ____A C:\Users\Susan\AppData\Local\Resmon.ResmonCfg 2012-08-26 10:27 - 2012-08-26 10:27 - 00000000 ____D C:\Users\Susan\Downloads\tdsskiller (1) 2012-08-26 10:26 - 2012-08-26 10:26 - 02193184 ____A C:\Users\Susan\Downloads\tdsskiller (1).zip 2012-08-26 10:26 - 2012-08-26 10:26 - 00000000 ____D C:\Users\Susan\Downloads\tdsskiller 2012-08-26 10:25 - 2012-08-26 10:25 - 02193345 ____A C:\Users\Susan\Downloads\tdsskiller.zip 2012-08-26 09:16 - 2012-08-26 09:17 - 01131094 ____A C:\Users\Susan\Downloads\ClassroomManagementsession2.pptx 2012-08-25 13:03 - 2012-08-25 13:04 - 00000000 ____D C:\Program Files\iTunes 2012-08-25 13:03 - 2012-08-25 13:04 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-08-25 13:03 - 2012-08-25 13:03 - 00000000 ____D C:\Program Files\iPod 2012-08-25 13:01 - 2012-08-25 13:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2012-08-25 13:00 - 2012-08-25 13:00 - 00000000 ____D C:\Program Files\Bonjour 2012-08-25 13:00 - 2012-08-25 13:00 - 00000000 ____D C:\Program Files (x86)\Bonjour 2012-08-25 12:57 - 2012-08-25 12:58 - 79225752 ____A (Apple Inc.) C:\Users\Susan\Downloads\iTunes64Setup.exe 2012-08-22 16:42 - 2012-08-26 09:21 - 00000000 ____D C:\Users\Susan\Documents\CS 2012-08-22 16:33 - 2012-08-26 09:20 - 00013826 ____A C:\Users\Susan\Downloads\CS Leesburg Session II 2012FA with Instructors rev 03Aug12.xlsx 2012-08-17 04:49 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-17 04:49 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-17 04:49 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-17 04:49 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-17 04:49 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-17 04:49 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-17 04:49 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-17 04:49 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-17 04:49 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-17 04:49 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-17 04:49 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-17 04:49 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-17 04:49 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-17 04:49 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-17 04:49 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-17 04:49 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-17 04:49 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-17 04:49 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-17 04:49 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-17 04:49 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-17 04:49 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-17 04:49 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-17 04:49 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-17 04:49 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-17 04:49 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-17 04:49 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-17 04:49 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-17 04:49 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-15 15:48 - 2012-02-10 22:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2012-08-15 15:48 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe 2012-08-15 15:48 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe 2012-08-15 15:48 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2012-08-15 06:13 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll 2012-08-15 06:13 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2012-08-15 05:51 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-15 05:51 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-08-15 05:51 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-08-15 05:51 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-08-15 05:51 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-08-15 05:50 - 2012-07-18 09:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-15 05:48 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-08-14 18:41 - 2012-08-18 18:54 - 00038600 ____A C:\Users\Susan\Documents\OuterBanks2012.odt 2012-08-12 12:40 - 2012-08-15 06:32 - 00030817 ____A C:\Users\Susan\Documents\Minnesota2012.odt ==================== 3 Months Modified Files ================================ 2012-08-29 09:48 - 2012-01-12 13:21 - 00000758 ____A C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk 2012-08-29 09:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-29 09:48 - 2009-07-13 20:51 - 00042865 ____A C:\Windows\setupact.log 2012-08-29 09:41 - 2010-09-20 00:42 - 01164498 ____A C:\Windows\WindowsUpdate.log 2012-08-29 09:41 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-29 09:41 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-29 09:26 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-29 08:55 - 2010-07-18 17:28 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-28 18:54 - 2010-07-18 17:28 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-28 09:44 - 2010-12-08 20:33 - 00708608 ____A C:\Users\Susan\Documents\MyToDoList.etd 2012-08-28 07:21 - 2012-08-28 07:21 - 00007244 ____A C:\Users\Susan\Desktop\Attach.txt 2012-08-28 07:20 - 2012-08-28 07:20 - 00026401 ____A C:\Users\Susan\Desktop\DDS.txt 2012-08-28 07:16 - 2012-08-28 07:16 - 00607260 ____R (Swearware) C:\Users\Susan\Desktop\dds.com 2012-08-28 06:49 - 2012-08-28 06:49 - 00004083 ____A C:\Users\Susan\Desktop\RKreport[1].txt 2012-08-28 06:46 - 2012-08-28 06:46 - 01320960 ____A C:\Users\Susan\Desktop\RogueKiller.exe 2012-08-27 18:53 - 2012-08-27 18:53 - 00016292 ____A C:\Users\Susan\Desktop\hs_err_pid3500.log 2012-08-27 18:43 - 2012-08-27 18:43 - 00045827 ____A C:\Users\Susan\Documents\SvcsAfterSound.txt 2012-08-27 18:41 - 2012-08-27 18:41 - 00045827 ____A C:\Users\Susan\Documents\SvcsDuringSound.txt 2012-08-27 13:11 - 2012-08-27 12:38 - 00000327 ____A C:\Users\Susan\Documents\servListSoundDiff.txt 2012-08-27 12:47 - 2012-08-27 12:47 - 00045848 ____A C:\Users\Susan\Documents\ServAfterRebootNoSound.txt 2012-08-27 06:50 - 2012-08-27 06:50 - 00045827 ____A C:\Users\Susan\Documents\servlistnosound2.txt 2012-08-27 06:43 - 2012-08-27 06:43 - 00045820 ____A C:\Users\Susan\Documents\servListSound.txt 2012-08-27 05:26 - 2012-08-27 05:26 - 00045834 ____A C:\Users\Susan\Documents\ServListNoSound.txt 2012-08-26 17:17 - 2012-08-26 17:17 - 00001819 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-08-26 17:16 - 2012-08-26 17:16 - 17246464 ____A (SUPERAntiSpyware.com) C:\Users\Susan\Downloads\SUPERAntiSpyware.exe 2012-08-26 12:52 - 2010-07-18 17:36 - 00202174 ____A C:\Windows\PFRO.log 2012-08-26 11:05 - 2012-08-26 11:05 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-26 11:04 - 2012-08-26 11:04 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Susan\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-26 10:53 - 2012-08-26 10:53 - 00007610 ____A C:\Users\Susan\AppData\Local\Resmon.ResmonCfg 2012-08-26 10:26 - 2012-08-26 10:26 - 02193184 ____A C:\Users\Susan\Downloads\tdsskiller (1).zip 2012-08-26 10:25 - 2012-08-26 10:25 - 02193345 ____A C:\Users\Susan\Downloads\tdsskiller.zip 2012-08-26 09:20 - 2012-08-22 16:33 - 00013826 ____A C:\Users\Susan\Downloads\CS Leesburg Session II 2012FA with Instructors rev 03Aug12.xlsx 2012-08-26 09:17 - 2012-08-26 09:16 - 01131094 ____A C:\Users\Susan\Downloads\ClassroomManagementsession2.pptx 2012-08-26 04:09 - 2012-01-12 13:21 - 00149688 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll 2012-08-26 04:09 - 2012-01-12 13:21 - 00110096 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys 2012-08-26 04:09 - 2012-01-12 13:21 - 00102832 ____A (Webroot) C:\Windows\System32\WRusr.dll 2012-08-25 12:58 - 2012-08-25 12:57 - 79225752 ____A (Apple Inc.) C:\Users\Susan\Downloads\iTunes64Setup.exe 2012-08-18 18:54 - 2012-08-14 18:41 - 00038600 ____A C:\Users\Susan\Documents\OuterBanks2012.odt 2012-08-18 04:31 - 2009-07-13 20:45 - 00482760 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-16 16:06 - 2010-12-13 20:01 - 00015360 ____A C:\Users\Susan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-08-15 06:32 - 2012-08-12 12:40 - 00030817 ____A C:\Users\Susan\Documents\Minnesota2012.odt 2012-07-26 12:17 - 2012-07-26 12:17 - 00002263 ____A C:\Users\Public\Desktop\Mahjong Escape Collection.lnk 2012-07-26 11:49 - 2012-07-26 11:49 - 00001452 ____A C:\Users\Public\Desktop\Wheel of Fortune Deluxe.lnk 2012-07-18 09:31 - 2012-08-15 05:50 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-13 18:11 - 2011-12-06 18:23 - 00005616 ____A C:\Users\Susan\Documents\Creative Memories StoryBook Creator 4.0 Upgrade content activation codes.txt 2012-07-13 11:40 - 2011-10-08 11:30 - 00002130 ____A C:\Users\Public\Desktop\Storybook Creator 4.lnk 2012-07-04 14:04 - 2012-08-15 05:51 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:01 - 2012-08-15 05:51 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:01 - 2012-08-15 05:51 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:26 - 2012-08-15 05:51 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:23 - 2012-08-15 05:51 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-07-03 09:46 - 2012-08-26 11:05 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-28 20:55 - 2012-08-17 04:49 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 20:09 - 2012-08-17 04:49 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 19:56 - 2012-08-17 04:49 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 19:49 - 2012-08-17 04:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 19:49 - 2012-08-17 04:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 19:48 - 2012-08-17 04:49 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 19:47 - 2012-08-17 04:49 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 19:45 - 2012-08-17 04:49 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 19:44 - 2012-08-17 04:49 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 19:43 - 2012-08-17 04:49 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 19:42 - 2012-08-17 04:49 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 19:40 - 2012-08-17 04:49 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 19:39 - 2012-08-17 04:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 19:35 - 2012-08-17 04:49 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-28 16:52 - 2012-08-17 04:49 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-28 16:27 - 2012-08-17 04:49 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-28 16:16 - 2012-08-17 04:49 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-28 16:09 - 2012-08-17 04:49 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-28 16:09 - 2012-08-17 04:49 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-28 16:08 - 2012-08-17 04:49 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-28 16:07 - 2012-08-17 04:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-28 16:06 - 2012-08-17 04:49 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-28 16:04 - 2012-08-17 04:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-28 16:04 - 2012-08-17 04:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-28 16:01 - 2012-08-17 04:49 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-28 16:01 - 2012-08-17 04:49 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-28 16:00 - 2012-08-17 04:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-28 15:57 - 2012-08-17 04:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-23 15:47 - 2012-06-23 15:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-06-23 15:47 - 2011-11-22 13:11 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-06-23 15:42 - 2012-06-23 15:41 - 00990448 ____A (Solid State Networks) C:\Users\Susan\Downloads\install_flashplayer11x32ax_gtbp_chrd_aih (1).exe 2012-06-23 15:41 - 2012-06-23 15:41 - 00990448 ____A (Solid State Networks) C:\Users\Susan\Downloads\install_flashplayer11x32ax_gtbp_chrd_aih.exe 2012-06-08 21:30 - 2012-07-11 10:06 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:46 - 2012-07-11 10:06 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 21:50 - 2012-07-11 10:06 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 21:50 - 2012-07-11 10:06 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 21:09 - 2012-07-11 10:06 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:09 - 2012-07-11 10:06 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-02 14:19 - 2012-06-21 04:45 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 04:45 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 04:45 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 04:45 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 04:45 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-21 04:45 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 04:45 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-21 04:44 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-21 04:44 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 07:56 - 2012-06-02 07:56 - 00001052 ____A C:\Users\Susan\Desktop\Dropbox.lnk 2012-06-01 21:38 - 2012-07-11 10:06 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:38 - 2012-07-11 10:06 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:37 - 2012-07-11 10:06 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:27 - 2012-07-11 10:06 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:27 - 2012-07-11 10:06 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:48 - 2012-07-11 10:06 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:48 - 2012-07-11 10:06 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:47 - 2012-07-11 10:06 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:42 - 2012-07-11 10:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll ZeroAccess: C:\Users\Susan\AppData\Local\{c511400a-11dd-1999-2ea4-ca67a51ea267} C:\Users\Susan\AppData\Local\{c511400a-11dd-1999-2ea4-ca67a51ea267}\@ C:\Users\Susan\AppData\Local\{c511400a-11dd-1999-2ea4-ca67a51ea267}\L C:\Users\Susan\AppData\Local\{c511400a-11dd-1999-2ea4-ca67a51ea267}\n C:\Users\Susan\AppData\Local\{c511400a-11dd-1999-2ea4-ca67a51ea267}\U C:\Users\Susan\AppData\Local\{c511400a-11dd-1999-2ea4-ca67a51ea267}\U\00000001.@ C:\Users\Susan\AppData\Local\{c511400a-11dd-1999-2ea4-ca67a51ea267}\U\80000000.@ C:\Users\Susan\AppData\Local\{c511400a-11dd-1999-2ea4-ca67a51ea267}\U\800000cb.@ ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-08-11 05:59:30 Restore point made on: 2012-08-15 06:33:30 Restore point made on: 2012-08-17 04:48:52 Restore point made on: 2012-08-21 05:05:36 Restore point made on: 2012-08-24 07:01:47 Restore point made on: 2012-08-25 13:01:19 Restore point made on: 2012-08-28 06:36:27 Restore point made on: 2012-08-29 09:34:26 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3834.9 MB Available physical RAM: 3271 MB Total Pagefile: 3833.05 MB Available Pagefile: 3256.92 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================ 1 Drive c: (TI105949W0C) (Fixed) (Total:286.57 GB) (Free:75.72 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (LEXAR MEDIA) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 123 MB 0 B Disk 2 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 286 GB 1501 MB Partition 3 Primary 10 GB 288 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E System NTFS Partition 1500 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI105949W0C NTFS Partition 286 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 122 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 Y LEXAR MEDIA FAT Removable 122 MB Healthy ================================================================================== Last Boot: 2012-08-27 12:13 ==================== End Of Log ============================= Search.txt Farbar Recovery Scan Tool Version: 29-08-2012 02 Ran by SYSTEM at 2012-08-29 13:55:45 Running from C:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  12. I ran RogueKiller - here is the report (thank you for your help!) RKreport1.txt
  13. Hello, This problem has been bothering me a couple weeks and I'm just realizing how serious it is. My computer plays music at random times - after doing investigations I have found it has ZeroAccess Max++ (RogueKiller found it) but I can't figure out how to get rid of it. I had run Malwarebytes AntiMalware yesterday, and after reading about another user that had the same symptoms I was hoping you could help me. I had already run RogueKiller when I found the post, but did not tell it to do anything to solve the problem - here are my files as requested from the dds script. I appreciate any time and help you can give me - now that I know what this is, it is really bothering me to have it! Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.