Solved Terrible worm infecting alot of computers

Jeremie · 2013/06/28

[Resolved] Terrible worm infecting alot of computers

As requested here are logs from MBAM and DDS

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.27.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Terry :: LATLAW13-PC [administrator]

Protection: Enabled

6/28/2013 9:13:39 AM
mbam-log-2013-06-28 (09-13-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313957
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Uszoah (IPH.Trojan.Zbot.Rke) -> Data: C:\Users\Terry\AppData\Roaming\Jojui\uszoah.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|98BD68CBEE80285D000098BCD0142D6C (Trojan.FakeAlert.SSGen) -> Data: C:\ProgramData\98BD68CBEE80285D000098BCD0142D6C\98BD68CBEE80285D000098BCD0142D6C.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$ef2be7e41c4ddfc96bd2a9583011175d\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Terry\AppData\Roaming\Jojui\uszoah.exe (IPH.Trojan.Zbot.Rke) -> Quarantined and deleted successfully.
C:\ProgramData\98BD68CBEE80285D000098BCD0142D6C\98BD68CBEE80285D000098BCD0142D6C.exe (Trojan.FakeAlert.SSGen) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.17.2
Run by Terry at 9:41:22 on 2013-06-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3479.2179 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\winipbin\sgvrfy32.exe
C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe
C:\Users\Terry\soalui.exe
C:\Users\Terry\24931.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Osaq] c:\users\terry\appdata\roaming\yfwy\osaq.exe
uRun: [soalui] c:\users\terry\soalui.exe /q
uRunOnce: [98BD68CBEE80285D000098BCD0142D6C] c:\programdata\98bd68cbee80285d000098bcd0142d6c\98BD68CBEE80285D000098BCD0142D6C.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/setup.exe
DPF: {9D28AF62-62C1-4553-ACB9-9A148E3C35AF} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/PmReqChecker.CAB
TCP: Interfaces\{038680A3-921F-4D56-BA16-D2BAE5F2F879} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{808A8A0D-C20A-4E71-BCC6-608836B55606} : NameServer = 192.168.1.4,167.206.7.4
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\terry\appdata\roaming\mozilla\firefox\profiles\gp3fb5ep.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\system32\drivers\SMR322.SYS [2013-6-28 98392]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-3-19 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-4-10 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-27 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-27 701512]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2013-5-7 770432]
R2 System Event Dispatcher;System Event Dispatcher;c:\windows\winipbin\sgvrfy32.exe [2009-7-13 685936]
R2 Update Agent;Practice Manager Update Agent;c:\program files\common files\pmgsoftware\esd\PM.Deployment.EsdService.exe [2007-11-23 61440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-27 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-28 40776]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-4-9 414824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-6-27 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-6-10 530944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-4-16 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-4-16 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-4-16 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-4-16 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-4-11 1343400]
.
=============== Created Last 30 ================
.
2013-06-28 13:36:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-28 13:33:40 471040 ----a-w- c:\users\terry\24931.exe
2013-06-28 13:33:38 84480 --sh--r- c:\users\terry\soalui.exe
2013-06-28 13:33:23 33792 ----a-w- c:\users\terry\cucuc.exe
2013-06-28 13:31:22 20 ----a-w- c:\windows\system32\drivers\SMR322.dat
2013-06-28 13:31:20 98392 ----a-w- c:\windows\system32\drivers\SMR322.SYS
2013-06-28 13:26:06 471040 ----a-w- c:\users\terry\24865.exe
2013-06-28 13:25:43 33792 ----a-w- c:\users\terry\xexex.exe
2013-06-28 00:54:43 -------- d-----w- c:\users\terry\appdata\local\NPE
2013-06-28 00:54:43 -------- d-----w- c:\programdata\Norton
2013-06-28 00:42:12 -------- d-----w- c:\program files\CCleaner
2013-06-28 00:13:37 -------- d-----w- c:\programdata\98BD68CBEE80285D000098BCD0142D6C
2013-06-27 23:59:17 -------- d-----w- c:\users\terry\appdata\roaming\Malwarebytes
2013-06-27 23:59:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-27 23:59:15 -------- d-----w- c:\programdata\Malwarebytes
2013-06-27 23:59:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-27 23:59:04 -------- d-----w- c:\users\terry\appdata\local\Programs
2013-06-27 23:28:54 110080 ----a-r- c:\users\terry\appdata\roaming\microsoft\installer\{4941bfeb-62c0-47a2-801e-998fc469cc2c}\IconF7A21AF7.exe
2013-06-27 23:28:54 110080 ----a-r- c:\users\terry\appdata\roaming\microsoft\installer\{4941bfeb-62c0-47a2-801e-998fc469cc2c}\IconD7F16134.exe
2013-06-27 23:28:54 110080 ----a-r- c:\users\terry\appdata\roaming\microsoft\installer\{4941bfeb-62c0-47a2-801e-998fc469cc2c}\IconCF33A0CE.exe
2013-06-27 23:28:54 -------- d-----w- C:\sh4ldr
2013-06-27 23:28:54 -------- d-----w- c:\program files\Enigma Software Group
2013-06-27 23:28:43 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-06-27 23:12:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-27 23:12:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-06-27 13:49:22 -------- d-----w- c:\programdata\98C33ACBF452285D000098C2A214333E
.
==================== Find3M ====================
.
2013-06-12 15:59:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:59:04 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:15:30 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-12 14:15:30 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-12 14:15:30 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-06-12 14:15:30 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-05-31 13:18:50 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-12 00:22:48 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-12 00:22:48 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-12 00:22:48 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-11 07:02:26 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-05 05:28:24 1767424 ----a-w- c:\windows\system32\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-05 04:29:45 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-05 03:38:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-11-23 19:03:02 15299992 ----a-w- c:\program files\PMWIN.exe
.
============= FINISH: 9:41:34.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/9/2013 9:47:36 PM
System Uptime: 6/28/2013 9:29:13 AM (0 hours ago)
.
Motherboard: ECS | | H61H2-WM
Processor: Intel(R) Pentium(R) CPU G645 @ 2.90GHz | SOCKET 0 | 2900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 903.87 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 802.11n Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&5BF6660&0&00E0
Manufacturer: Ralink Technology, Corp.
Name: 802.11n Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&5BF6660&0&00E0
Service: netr28
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421019&REV_00\4&13594F3C&0&00E2
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421019&REV_00\4&13594F3C&0&00E2
Service:
.
==== System Restore Points ===================
.
RP39: 4/23/2013 11:37:48 AM - Windows Update
RP40: 4/24/2013 5:19:08 PM - Windows Update
RP41: 4/30/2013 8:57:51 AM - Windows Update
RP42: 5/7/2013 8:59:20 AM - Windows Update
RP43: 5/14/2013 8:59:58 AM - Windows Update
RP44: 5/15/2013 3:59:55 PM - Windows Update
RP45: 5/30/2013 1:55:57 PM - Scheduled Checkpoint
RP46: 6/12/2013 5:23:25 PM - Windows Update
RP47: 6/20/2013 6:04:50 PM - Windows Update
RP48: 6/27/2013 12:33:57 PM - Restore Operation
RP49: 6/28/2013 9:25:33 AM - Norton_Power_Eraser_20130628092529607
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
CCleaner
Intel(R) Processor Graphics
Java 7 Update 17
Java Auto Updater
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft XML Parser
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
Practice Manager 10 Workstation
Practice Manager 8
Practice Manager n-tier Framework Client
Practice Manager PM Purger Client Adapter
Practice Manager Update Agent
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Spybot - Search & Destroy
SpyHunter
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/28/2013 9:35:49 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
6/28/2013 9:33:32 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
6/28/2013 9:29:44 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain LATRONICA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
6/28/2013 9:29:27 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
6/28/2013 9:29:26 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/28/2013 9:29:26 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/27/2013 8:37:07 PM, Error: Service Control Manager [7034] - The SpyHunter 4 Service service terminated unexpectedly. It has done this 1 time(s).
6/27/2013 8:11:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/27/2013 12:42:52 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1066] - Terminal Server was unable to process session arbitration request. Error Server execution failed
6/27/2013 12:28:13 PM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\Latronica.com\sysvol\Latronica.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
6/27/2013 12:27:53 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/27/2013 12:27:50 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/27/2013 11:32:48 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
6/27/2013 10:23:19 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
6/27/2013 10:16:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/27/2013 10:16:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/27/2013 10:16:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/27/2013 10:16:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/27/2013 10:12:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
6/27/2013 10:12:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments " " in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
6/27/2013 1:16:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/27/2013 1:16:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service LMIGuardianSvc with arguments " " in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}
6/26/2013 8:52:56 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
.
==== End Of File ===========================

Jeremie · 2013/06/28

more info

the virus keeps turning files on my shared drive to .exe ****.exe, sex.exe and keeps running system care.

broni · 2013/06/28

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

You abandoned this topic in the past: http://www.windowsbbs.com/malware-virus-removal/97215-inactive-no-option-system-restore.html
If it happens again you won't be eligible to receive any more help in malware removal forum.

First step in our preliminaries asks for installing some AV program if you don't have any.
I don't see any running.
Why?

Jeremie · 2013/07/01

Thought I posted. Not sure what went wrong. I must have read the older post differently since I responded "thanks for all your help" As for the AV I didnt have it installed at the time due to the spector 360 software. AV is installed please see new logs. This computer will not let me download anything.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.30.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Mike :: LLF8-PC [administrator]

Protection: Enabled

6/30/2013 11:47:10 PM
mbam-log-2013-06-30 (23-47-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 534388
Time elapsed: 44 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/5/2009 1:20:06 PM
System Uptime: 6/30/2013 11:36:16 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0JJW8N
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 1581/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 139.31 GiB free.
D: is CDROM ()
Z: is NetworkDisk (NTFS) - 40 GiB total, 2.832 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP397: 6/20/2013 9:04:52 AM - Removed Apple Mobile Device Support
RP398: 6/20/2013 9:05:35 AM - Removed Apple Software Update
RP399: 6/20/2013 9:08:11 AM - Installed iTunes
RP400: 6/21/2013 9:22:53 AM - Windows Update
RP401: 6/26/2013 8:38:37 AM - Windows Update
RP402: 6/27/2013 5:32:17 PM - Windows Update
RP403: 6/27/2013 9:00:49 PM - Windows Update
RP404: 6/27/2013 10:17:29 PM - Windows Update
RP405: 6/27/2013 10:29:26 PM - Norton_Power_Eraser_20130627222925521
RP406: 6/27/2013 11:39:09 PM - Norton_Power_Eraser_20130627233905414
RP407: 6/27/2013 11:47:38 PM - Windows Update
RP408: 6/28/2013 11:21:56 AM - Installed SpyHunter
RP409: 6/28/2013 1:14:48 PM - Windows Update
RP410: 6/28/2013 1:36:36 PM - Removed SpyHunter
RP411: 6/28/2013 1:38:38 PM - Removed SpyHunter
RP412: 6/30/2013 11:28:49 PM - Installed Symantec Endpoint Protection.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe Acrobat 9 Pro - English, FranÃ§ais, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Web Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.7)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bing Rewards Client Installer
Bonjour
CCleaner
Connect
D3DX10
Dell Backup and Recovery Manager
Dell Edoc Viewer
FreeOCR 3.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
iCloud
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
kuler
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Management Studio Express
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
Nitro PDF Reader
OGA Notifier 2.0.0048.0
OpenOffice.org 3.3
PDF Settings CS4
Photoshop Camera Raw
PowerDVD DX
Practice Manager 10 Workstation
Practice Manager 8
Practice Manager n-tier Framework Client
Practice Manager PM Purger Client Adapter
Practice Manager Update Agent
PrimoPDF -- by Nitro PDF Software
QuickTime
Realtek High Definition Audio Driver
Saga Practice Manager and Plugins
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Suite Shared Configuration CS4
Symantec Endpoint Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
6/30/2013 11:43:18 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
6/30/2013 11:42:26 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
6/30/2013 11:39:09 PM, Error: NetBT [4321] - The name "LATRONICA :1d" could not be registered on the interface with IP address 192.168.1.22. The computer with the IP address 192.168.1.64 did not allow the name to be claimed by this computer.
6/30/2013 11:37:34 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain LATRONICA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
6/30/2013 11:37:32 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
6/30/2013 11:37:28 PM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.
6/30/2013 11:21:30 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
6/28/2013 9:59:49 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 28 time(s).
6/28/2013 9:57:21 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 27 time(s).
6/28/2013 9:56:35 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 26 time(s).
6/28/2013 9:56:08 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 25 time(s).
6/28/2013 9:55:57 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 24 time(s).
6/28/2013 9:55:07 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 23 time(s).
6/28/2013 9:52:31 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 6 time(s).
6/28/2013 9:52:31 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 22 time(s).
6/28/2013 9:52:31 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 21 time(s).
6/28/2013 9:50:39 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 20 time(s).
6/28/2013 9:48:31 AM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 4 time(s).
6/28/2013 9:48:30 AM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 3 time(s).
6/28/2013 9:48:30 AM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 2 time(s).
6/28/2013 9:47:56 AM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 9:47:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
6/28/2013 9:47:55 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2013 9:47:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments " " in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/28/2013 9:47:25 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 19 time(s).
6/28/2013 9:46:08 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 18 time(s).
6/28/2013 9:45:50 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 17 time(s).
6/28/2013 9:44:13 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 16 time(s).
6/28/2013 9:42:30 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 15 time(s).
6/28/2013 9:31:48 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 5 time(s).
6/28/2013 9:31:46 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 14 time(s).
6/28/2013 9:31:46 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 13 time(s).
6/28/2013 9:31:46 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The pipe has been ended.
6/28/2013 9:28:47 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 12 time(s).
6/28/2013 9:27:21 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 11 time(s).
6/28/2013 9:26:46 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 10 time(s).
6/28/2013 9:25:51 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 9 time(s).
6/28/2013 9:25:05 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 8 time(s).
6/28/2013 9:21:43 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 7 time(s).
6/28/2013 9:20:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.
6/28/2013 9:19:31 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 6 time(s).
6/28/2013 9:15:46 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 5 time(s).
6/28/2013 9:12:04 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 4 time(s).
6/28/2013 9:10:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
6/28/2013 9:10:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.
6/28/2013 9:10:30 AM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2013 9:10:30 AM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2013 9:10:30 AM, Error: Service Control Manager [7000] - The Net.Pipe Listener Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2013 9:10:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
6/28/2013 9:10:29 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2013 9:10:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/28/2013 9:08:49 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 4 time(s).
6/28/2013 9:08:28 AM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2013 12:45:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/28/2013 12:45:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/28/2013 12:45:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/28/2013 12:45:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments " " in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
6/28/2013 12:45:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/28/2013 12:45:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service LMIGuardianSvc with arguments " " in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}
6/28/2013 12:45:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
6/28/2013 12:45:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/28/2013 11:30:12 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The RPC server is unavailable. .
6/28/2013 10:50:51 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 2 time(s).
6/28/2013 10:50:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
6/28/2013 10:50:51 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2013 10:50:49 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
6/28/2013 10:50:49 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.
6/28/2013 10:50:49 AM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2013 10:50:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BBUpdate with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
6/28/2013 10:50:38 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/28/2013 10:50:29 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:28 AM, Error: Service Control Manager [7034] - The Practice Manager Update Agent service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:28 AM, Error: Service Control Manager [7034] - The NitroPDFReaderDriverCreatorReadSpool service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:28 AM, Error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:28 AM, Error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:28 AM, Error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:28 AM, Error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:28 AM, Error: Service Control Manager [7034] - The BingBar Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:28 AM, Error: Service Control Manager [7034] - The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:28 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 10:50:28 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/28/2013 10:50:28 AM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2013 10:50:28 AM, Error: Service Control Manager [7031] - The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2013 10:50:28 AM, Error: Service Control Manager [7031] - The Net.Pipe Listener Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2013 10:50:28 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2013 10:50:26 AM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The operation completed successfully.
6/28/2013 10:50:26 AM, Error: Microsoft-Windows-WAS [5175] - The listener adapter serving the 'net.pipe' protocol disconnected unexpectedly.
6/28/2013 10:40:22 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 3 time(s).
6/28/2013 10:40:05 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2013 10:39:05 AM, Error: Service Control Manager [7031] - The Net.Tcp Listener Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2013 10:39:05 AM, Error: Microsoft-Windows-WAS [5175] - The listener adapter serving the 'net.tcp' protocol disconnected unexpectedly.
6/28/2013 10:38:43 AM, Error: Service Control Manager [7023] - The WinDefend service terminated with the following error: Access is denied.
6/28/2013 10:07:15 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/28/2013 10:07:15 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/28/2013 10:03:12 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 32 time(s).
6/28/2013 10:02:29 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 31 time(s).
6/28/2013 10:01:00 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 30 time(s).
6/28/2013 10:00:11 AM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 29 time(s).
6/28/2013 1:23:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 (KB2709981).
6/28/2013 1:23:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 (KB2574819).
6/28/2013 1:23:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 (KB2592687).
6/27/2013 9:14:39 PM, Error: Service Control Manager [7031] - The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/27/2013 9:14:39 PM, Error: Service Control Manager [7000] - The Net.Pipe Listener Adapter service failed to start due to the following error: The pipe has been ended.
6/27/2013 8:31:56 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: Access is denied.
6/27/2013 8:20:43 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/27/2013 8:20:40 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/27/2013 5:19:32 PM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
6/27/2013 12:25:31 PM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 192.168.1.4.
6/27/2013 12:25:31 PM, Error: TermDD [50] - The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
6/27/2013 10:13:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/27/2013 10:13:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/27/2013 10:09:28 PM, Error: Microsoft Antimalware [2004] -
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by Mike at 0:31:48 on 2013-07-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.1678 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k iissvcs
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ips\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe "
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_171_ActiveX.exe -update activex
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: Interfaces\{4DFF09A4-67E9-4799-9B39-66125B06670D} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymDS.sys [2011-6-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymEFA.sys [2011-6-17 756856]
R0 vdorctrl;vdorctrl;c:\windows\system32\drivers\vdorctrl.sys [2009-7-13 45568]
R1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\bashdefs\20130620.011\BHDrvx86.sys [2013-6-20 1002072]
R1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\ipsdefs\20130628.001\IDSvix86.sys [2013-6-30 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\Ironx86.sys [2011-6-17 136312]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\symnets.sys [2011-6-17 299640]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-11-16 81920]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-11-7 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-28 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-28 701512]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2010-5-25 196912]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ccSvcHst.exe [2011-6-17 137224]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-28 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2010-1-20 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2010-1-20 11520]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]
S3 NisSrv;NisSrv;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\SyDvCtrl32.sys [2011-6-17 23984]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
.
=============== Created Last 30 ================
.
2013-07-01 03:31:26 -------- d-----w- c:\users\mike\appdata\local\Symantec
2013-07-01 03:30:35 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-07-01 03:30:35 -------- d-----w- c:\program files\common files\Symantec Shared
2013-07-01 03:29:47 94128 ----a-w- c:\windows\system32\FwsVpn.dll
2013-07-01 03:29:47 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2013-07-01 03:29:47 374704 ----a-w- c:\windows\system32\sysfer.dll
2013-07-01 03:29:47 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2013-07-01 03:29:47 240048 ----a-w- c:\windows\system32\SymVPN.dll
2013-07-01 03:29:47 10672 ----a-w- c:\windows\system32\sysferThunk.dll
2013-07-01 03:29:29 -------- d-----w- c:\windows\system32\drivers\sep\0c01029f\136b.105\x86
2013-07-01 03:29:29 -------- d-----w- c:\windows\system32\drivers\sep\0c01029f\136B.105
2013-07-01 03:29:29 -------- d-----w- c:\windows\system32\drivers\sep\0C01029F
2013-07-01 03:29:29 -------- d-----w- c:\windows\system32\drivers\SEP
2013-07-01 03:29:29 -------- d-----w- c:\programdata\Symantec
2013-07-01 03:29:29 -------- d-----w- c:\program files\Symantec
2013-06-28 16:03:39 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2013-06-28 16:03:35 -------- d-----w- c:\programdata\Malwarebytes
2013-06-28 16:03:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-28 16:03:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-28 16:03:26 -------- d-----w- c:\users\mike\appdata\local\Programs
2013-06-28 15:22:23 -------- d-----w- c:\program files\Enigma Software Group
2013-06-28 15:21:49 -------- d-----w- c:\windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-28 15:21:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-06-28 14:48:53 -------- d-----w- c:\programdata\SMR322
2013-06-28 02:27:29 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{322bd9c0-b414-4909-85b0-ff40f088a095}\mpengine.dll
2013-06-28 02:22:06 -------- d-----w- c:\users\mike\appdata\local\CrashDumps
2013-06-28 02:14:29 -------- d-----w- c:\users\mike\appdata\local\NPE
2013-06-28 02:09:28 7068072 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-28 01:01:07 -------- d-----w- C:\14a656453376b046b9a5d4dcc8
2013-06-27 15:07:50 -------- d-----w- c:\users\mike\appdata\local\ElevatedDiagnostics
2013-06-26 19:19:10 -------- d-----w- c:\users\mike\appdata\local\WinRAR
2013-06-20 13:09:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-06-20 13:08:53 -------- d-----w- c:\program files\iPod
2013-06-20 13:08:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-20 13:08:44 -------- d-----w- c:\program files\iTunes
2013-06-20 13:07:47 -------- d-----w- c:\program files\Bonjour
2013-06-20 13:05:49 -------- d-----w- c:\users\mike\appdata\local\Apple
2013-06-13 12:54:51 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-06-12 18:40:00 -------- d-----w- c:\users\mike\appdata\roaming\OpenOffice.org
2013-06-12 13:25:30 -------- d-----w- c:\users\mike\appdata\local\Apple Computer
2013-06-12 13:10:07 -------- d-----w- c:\users\mike\appdata\local\Google
2013-06-12 03:11:55 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-06-12 00:04:40 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 00:04:39 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-12 00:00:32 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 00:00:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 00:00:26 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 00:00:24 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 00:00:24 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 00:00:24 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 00:00:24 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 00:00:23 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 00:00:20 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 00:00:15 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 00:00:15 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 00:00:11 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 23:56:28 -------- d-----w- c:\users\mike\appdata\local\Adobe
2013-06-11 23:56:13 -------- d-----w- c:\users\mike\appdata\local\LogMeIn
2013-06-11 15:36:30 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2013-06-07 14:32:52 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{367c0c26-d568-4c37-8274-78db86381f27}\gapaengine.dll
2013-06-07 14:29:10 -------- d-----w- c:\program files\Microsoft Security Client
2013-06-07 12:57:43 -------- d-----w- c:\program files\common files\Macrovision Shared
2013-06-07 12:35:38 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{32ce242f-9e22-4191-813b-3350eb6bbc0e}\mpengine.dll
.
==================== Find3M ====================
.
2013-06-12 15:58:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:58:05 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-10 13:01:52 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-10 13:01:52 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-10 13:01:52 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-06-10 13:01:52 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-04 13:06:14 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-13 19:33:14 862664 ----a-w- c:\windows\system32\msvcr110.dll
2013-05-13 19:33:14 534480 ----a-w- c:\windows\system32\msvcp110.dll
2013-05-13 19:33:14 251864 ----a-w- c:\windows\system32\vccorlib110.dll
2013-05-13 19:33:10 44208 ----a-w- c:\windows\system32\drivers\point32.sys
2013-05-13 19:33:10 25712 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 13:52:04 2210992 ----a-w- c:\windows\system32\coin94.dll
2013-05-02 02:53:23 259072 ----a-w- c:\windows\system32\services.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 09:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-04 01:01:02 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-04 01:01:02 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 0:34:37.82 ===============

broni · 2013/07/01

This computer will not let me download anything.
Click to expand...

Please explain.

Jeremie · 2013/07/01

When downloading anything the file is automatically deleted it says Failed-Virus Scanned failed. Happens from all browsers. possibly due to the virus or windows download manager

broni · 2013/07/01

I'm assuming you're using some other computer to download stuff?

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Click on the Cleanup button to remove any threats and reboot if prompted to do so.

Wait while the system shuts down and the cleanup process is performed.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Jeremie · 2013/07/02

RogueKiller V8.6.1 [Jun 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Remove -- Date : 07/01/2013 22:46:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{4DFF09A4-67E9-4799-9B39-66125B06670D} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS001\[...]\{4DFF09A4-67E9-4799-9B39-66125B06670D} : NameServer (192.168.1.4,167.206.7.4) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS002\[...]\{4DFF09A4-67E9-4799-9B39-66125B06670D} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS003\[...]\{4DFF09A4-67E9-4799-9B39-66125B06670D} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> NOT REMOVED, USE DNSFIX
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\Windows\Installer\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\U [-] --> DELETED
[ZeroAccess][Folder] L : C:\Windows\Installer\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\L [-] --> DELETED
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x83720DA1 -> HOOKED (Unknown @ 0x85D81EF0)
[Address] SSDT[14] : NtAlertThread @ 0x83673CC7 -> HOOKED (Unknown @ 0x85D81FD0)
[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x8366CCBC -> HOOKED (Unknown @ 0x88649D90)
[Address] SSDT[22] : NtAlpcConnectPort @ 0x836B856E -> HOOKED (Unknown @ 0x87CAE2E8)
[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x836420BE -> HOOKED (Unknown @ 0x85D81698)
[Address] SSDT[74] : NtCreateMutant @ 0x8365334C -> HOOKED (Unknown @ 0x85D81C40)
[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x836449C6 -> HOOKED (Unknown @ 0x85D813B8)
[Address] SSDT[87] : NtCreateThread @ 0x8371EFDA -> HOOKED (Unknown @ 0x88656308)
[Address] SSDT[88] : NtCreateThreadEx @ 0x836B349B -> HOOKED (Unknown @ 0x85D814A8)
[Address] SSDT[96] : NtDebugActiveProcess @ 0x836F0EAA -> HOOKED (Unknown @ 0x85D81778)
[Address] SSDT[111] : NtDuplicateObject @ 0x83674761 -> HOOKED (Unknown @ 0x88649F60)
[Address] SSDT[131] : NtFreeVirtualMemory @ 0x834FB82C -> HOOKED (Unknown @ 0x88649B48)
[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x83638962 -> HOOKED (Unknown @ 0x85D81D30)
[Address] SSDT[147] : NtImpersonateThread @ 0x836BC962 -> HOOKED (Unknown @ 0x85D81E10)
[Address] SSDT[155] : NtLoadDriver @ 0x83608C32 -> HOOKED (Unknown @ 0x87CF3618)
[Address] SSDT[168] : NtMapViewOfSection @ 0x836895F1 -> HOOKED (Unknown @ 0x88649A48)
[Address] SSDT[177] : NtOpenEvent @ 0x83652D48 -> HOOKED (Unknown @ 0x85D81B60)
[Address] SSDT[190] : NtOpenProcess @ 0x83654B93 -> HOOKED (Unknown @ 0x886561F0)
[Address] SSDT[191] : NtOpenProcessToken @ 0x836A736F -> HOOKED (Unknown @ 0x88649E80)
[Address] SSDT[194] : NtOpenSection @ 0x836AC9EB -> HOOKED (Unknown @ 0x85D819A0)
[Address] SSDT[198] : NtOpenThread @ 0x836A10EE -> HOOKED (Unknown @ 0x88656100)
[Address] SSDT[215] : NtProtectVirtualMemory @ 0x83685651 -> HOOKED (Unknown @ 0x85D815A8)
[Address] SSDT[304] : NtResumeThread @ 0x836B36C2 -> HOOKED (Unknown @ 0x886494F8)
[Address] SSDT[316] : NtSetContextThread @ 0x8372084D -> HOOKED (Unknown @ 0x88649798)
[Address] SSDT[333] : NtSetInformationProcess @ 0x8367B875 -> HOOKED (Unknown @ 0x88649878)
[Address] SSDT[350] : NtSetSystemInformation @ 0x8369137A -> HOOKED (Unknown @ 0x85D81858)
[Address] SSDT[366] : NtSuspendProcess @ 0x83720CDB -> HOOKED (Unknown @ 0x85D81A80)
[Address] SSDT[367] : NtSuspendThread @ 0x836D819B -> HOOKED (Unknown @ 0x886495D8)
[Address] SSDT[370] : NtTerminateProcess @ 0x8369DD86 -> HOOKED (Unknown @ 0x886563E8)
[Address] SSDT[371] : NtTerminateThread @ 0x836BB69B -> HOOKED (Unknown @ 0x886496B8)
[Address] SSDT[385] : NtUnmapViewOfSection @ 0x836A79AA -> HOOKED (Unknown @ 0x88649968)
[Address] SSDT[399] : NtWriteVirtualMemory @ 0x836A2A83 -> HOOKED (Unknown @ 0x88649C38)
[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x888BFBD8)
[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x89A3DA40)
[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x89A3D980)
[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87852198)
[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89A3DB88)
[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x89A3D710)
[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x89A3D8B0)
[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89A3D7E0)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x888C1198)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x888C1008)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 +++++
--- User ---
[MBR] afc09413c6ab2d769daab5aac00815ff
[BSP] 1eaa92f0dc4dd92dd565ed4ab79261c8 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223377 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07012013_224659.txt >>
RKreport[0]_S_07012013_224419.txt

RogueKiller V8.6.1 [Jun 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Scan -- Date : 07/01/2013 22:44:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{4DFF09A4-67E9-4799-9B39-66125B06670D} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{4DFF09A4-67E9-4799-9B39-66125B06670D} : NameServer (192.168.1.4,167.206.7.4) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{4DFF09A4-67E9-4799-9B39-66125B06670D} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> FOUND
[DNS] HKLM\[...]\CS003\[...]\{4DFF09A4-67E9-4799-9B39-66125B06670D} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\Windows\Installer\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\Windows\Installer\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\L [-] --> FOUND
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x83720DA1 -> HOOKED (Unknown @ 0x85D81EF0)
[Address] SSDT[14] : NtAlertThread @ 0x83673CC7 -> HOOKED (Unknown @ 0x85D81FD0)
[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x8366CCBC -> HOOKED (Unknown @ 0x88649D90)
[Address] SSDT[22] : NtAlpcConnectPort @ 0x836B856E -> HOOKED (Unknown @ 0x87CAE2E8)
[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x836420BE -> HOOKED (Unknown @ 0x85D81698)
[Address] SSDT[74] : NtCreateMutant @ 0x8365334C -> HOOKED (Unknown @ 0x85D81C40)
[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x836449C6 -> HOOKED (Unknown @ 0x85D813B8)
[Address] SSDT[87] : NtCreateThread @ 0x8371EFDA -> HOOKED (Unknown @ 0x88656308)
[Address] SSDT[88] : NtCreateThreadEx @ 0x836B349B -> HOOKED (Unknown @ 0x85D814A8)
[Address] SSDT[96] : NtDebugActiveProcess @ 0x836F0EAA -> HOOKED (Unknown @ 0x85D81778)
[Address] SSDT[111] : NtDuplicateObject @ 0x83674761 -> HOOKED (Unknown @ 0x88649F60)
[Address] SSDT[131] : NtFreeVirtualMemory @ 0x834FB82C -> HOOKED (Unknown @ 0x88649B48)
[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x83638962 -> HOOKED (Unknown @ 0x85D81D30)
[Address] SSDT[147] : NtImpersonateThread @ 0x836BC962 -> HOOKED (Unknown @ 0x85D81E10)
[Address] SSDT[155] : NtLoadDriver @ 0x83608C32 -> HOOKED (Unknown @ 0x87CF3618)
[Address] SSDT[168] : NtMapViewOfSection @ 0x836895F1 -> HOOKED (Unknown @ 0x88649A48)
[Address] SSDT[177] : NtOpenEvent @ 0x83652D48 -> HOOKED (Unknown @ 0x85D81B60)
[Address] SSDT[190] : NtOpenProcess @ 0x83654B93 -> HOOKED (Unknown @ 0x886561F0)
[Address] SSDT[191] : NtOpenProcessToken @ 0x836A736F -> HOOKED (Unknown @ 0x88649E80)
[Address] SSDT[194] : NtOpenSection @ 0x836AC9EB -> HOOKED (Unknown @ 0x85D819A0)
[Address] SSDT[198] : NtOpenThread @ 0x836A10EE -> HOOKED (Unknown @ 0x88656100)
[Address] SSDT[215] : NtProtectVirtualMemory @ 0x83685651 -> HOOKED (Unknown @ 0x85D815A8)
[Address] SSDT[304] : NtResumeThread @ 0x836B36C2 -> HOOKED (Unknown @ 0x886494F8)
[Address] SSDT[316] : NtSetContextThread @ 0x8372084D -> HOOKED (Unknown @ 0x88649798)
[Address] SSDT[333] : NtSetInformationProcess @ 0x8367B875 -> HOOKED (Unknown @ 0x88649878)
[Address] SSDT[350] : NtSetSystemInformation @ 0x8369137A -> HOOKED (Unknown @ 0x85D81858)
[Address] SSDT[366] : NtSuspendProcess @ 0x83720CDB -> HOOKED (Unknown @ 0x85D81A80)
[Address] SSDT[367] : NtSuspendThread @ 0x836D819B -> HOOKED (Unknown @ 0x886495D8)
[Address] SSDT[370] : NtTerminateProcess @ 0x8369DD86 -> HOOKED (Unknown @ 0x886563E8)
[Address] SSDT[371] : NtTerminateThread @ 0x836BB69B -> HOOKED (Unknown @ 0x886496B8)
[Address] SSDT[385] : NtUnmapViewOfSection @ 0x836A79AA -> HOOKED (Unknown @ 0x88649968)
[Address] SSDT[399] : NtWriteVirtualMemory @ 0x836A2A83 -> HOOKED (Unknown @ 0x88649C38)
[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x888BFBD8)
[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x89A3DA40)
[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x89A3D980)
[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87852198)
[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89A3DB88)
[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x89A3D710)
[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x89A3D8B0)
[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89A3D7E0)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x888C1198)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x888C1008)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 +++++
--- User ---
[MBR] afc09413c6ab2d769daab5aac00815ff
[BSP] 1eaa92f0dc4dd92dd565ed4ab79261c8 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223377 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07012013_224419.txt >>

MBAR

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.01.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Mike :: LLF8-PC [administrator]

7/1/2013 10:50:00 PM
mbar-log-2013-07-01 (22-50-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 469570
Time elapsed: 24 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-790384558-2054425275-2914615486-1179\$6fc037c0742e9371a88cf552ab3cf0b3\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-790384558-2054425275-2914615486-1179\$6fc037c0742e9371a88cf552ab3cf0b3\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3 (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-790384558-2054425275-2914615486-1179\$6fc037c0742e9371a88cf552ab3cf0b3 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 4
c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-790384558-2054425275-2914615486-1179\$6fc037c0742e9371a88cf552ab3cf0b3\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3\U\800000cb.@ (Trojan.Siredef.C) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

System

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 3184513024, free: 1906106368

Downloaded database version: v2013.07.01.08
Initializing...
------------ Kernel report ------------
07/01/2013 22:49:53
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\vdorctrl.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS
\SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS
\SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\Teefer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\Drivers\SysPlant.sys
\SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130620.011\BHDrvx86.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\NuidFltr.sys
\SystemRoot\system32\DRIVERS\point32.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130701.009\NAVEX15.SYS
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130701.009\NAVENG.SYS
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130629.001\IDSvix86.sys
\SystemRoot\System32\lmimirr.dll
\SystemRoot\System32\lmimirr2.dll
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sysferThunk.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff874e9030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8667c028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff874e9030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff874e8190, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff874e9030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8667c028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 71B1E4FB

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 30720000
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 30801920 Numsec = 457477282

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Done!
Infected: c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-790384558-2054425275-2914615486-1179\$6fc037c0742e9371a88cf552ab3cf0b3\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3\U\80000000.@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3\U\800000cb.@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-790384558-2054425275-2914615486-1179\$6fc037c0742e9371a88cf552ab3cf0b3\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-790384558-2054425275-2914615486-1179\$6fc037c0742e9371a88cf552ab3cf0b3\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$6fc037c0742e9371a88cf552ab3cf0b3 --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-790384558-2054425275-2914615486-1179\$6fc037c0742e9371a88cf552ab3cf0b3 --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.

second scan revealed nothing

broni · 2013/07/02

Very well. It looks like we got rid of ZeroAccess rootkit.
See if you can download on THIS computer now.

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Jeremie · 2013/07/03

I apologize for the delay and waiting. I will be able to post the log on Friday.

broni · 2013/07/03

Jeremie · 2013/07/08

combofix log

ComboFix 13-07-08.04 - Mike 07/08/2013 17:26:12.1.2 - x86
Running from: c:\users\Mike\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JC\GoToAssistDownloadHelper.exe
c:\users\Jeise.LATRONICA\GoToAssistDownloadHelper.exe
c:\users\madelyn\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-06-08 to 2013-07-08 )))))))))))))))))))))))))))))))
.
.
2013-07-08 21:36 . 2013-07-08 21:36 -------- d-----w- c:\users\Jeise.LATRONICAcopy\AppData\Local\temp
2013-07-08 21:36 . 2013-07-08 21:36 -------- d-----w- c:\users\Jeise.LATRONICA\AppData\Local\temp
2013-07-08 21:36 . 2013-07-08 21:36 -------- d-----w- c:\users\JC\AppData\Local\temp
2013-07-08 21:36 . 2013-07-08 21:36 -------- d-----w- c:\users\Vianka\AppData\Local\temp
2013-07-08 21:36 . 2013-07-08 21:36 -------- d-----w- c:\users\tanya\AppData\Local\temp
2013-07-08 21:36 . 2013-07-08 21:36 -------- d-----w- c:\users\madelyn\AppData\Local\temp
2013-07-08 21:36 . 2013-07-08 21:36 -------- d-----w- c:\users\jeremie\AppData\Local\temp
2013-07-08 21:36 . 2013-07-08 21:36 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-07-08 21:36 . 2013-07-08 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-08 21:36 . 2013-07-08 21:36 -------- d-----w- c:\users\bob\AppData\Local\temp
2013-07-01 03:30 . 2013-07-01 03:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-07-01 03:30 . 2013-07-01 03:30 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-07-01 03:29 . 2013-07-01 03:29 94128 ----a-w- c:\windows\system32\FwsVpn.dll
2013-07-01 03:29 . 2013-07-01 03:29 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2013-07-01 03:29 . 2013-07-01 03:29 374704 ----a-w- c:\windows\system32\sysfer.dll
2013-07-01 03:29 . 2013-07-01 03:29 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2013-07-01 03:29 . 2013-07-01 03:29 240048 ----a-w- c:\windows\system32\SymVPN.dll
2013-07-01 03:29 . 2013-07-01 03:29 10672 ----a-w- c:\windows\system32\sysferThunk.dll
2013-07-01 03:29 . 2013-07-01 03:30 -------- d-----w- c:\program files\Symantec
2013-07-01 03:29 . 2013-07-01 03:29 -------- d-----w- c:\windows\system32\drivers\SEP
2013-07-01 03:29 . 2013-07-01 03:29 -------- d-----w- c:\programdata\Symantec
2013-06-28 16:03 . 2013-06-28 16:03 -------- d-----w- c:\programdata\Malwarebytes
2013-06-28 16:03 . 2013-06-28 16:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-28 16:03 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-28 15:22 . 2013-06-28 15:22 -------- d-----w- c:\program files\Enigma Software Group
2013-06-28 15:21 . 2013-06-28 17:38 -------- d-----w- c:\windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-28 15:21 . 2013-06-28 15:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-06-28 14:48 . 2013-06-28 14:48 -------- d-----w- c:\programdata\SMR322
2013-06-28 02:27 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{322BD9C0-B414-4909-85B0-FF40F088A095}\mpengine.dll
2013-06-28 02:09 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-28 01:01 . 2013-06-28 02:08 -------- d-----w- C:\14a656453376b046b9a5d4dcc8
2013-06-20 13:09 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-06-20 13:08 . 2013-06-20 13:08 -------- d-----w- c:\program files\iPod
2013-06-20 13:08 . 2013-06-20 13:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-20 13:08 . 2013-06-20 13:09 -------- d-----w- c:\program files\iTunes
2013-06-20 13:08 . 2013-06-20 13:08 -------- d-----w- c:\program files\Apple Software Update
2013-06-20 13:07 . 2013-06-20 13:07 -------- d-----w- c:\program files\Bonjour
2013-06-20 13:07 . 2013-06-20 13:14 -------- d-----w- c:\program files\Common Files\Apple
2013-06-13 12:54 . 2013-06-13 12:54 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-06-12 03:11 . 2009-08-20 03:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-06-12 00:04 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 00:04 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 00:00 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 00:00 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 00:00 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 00:00 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 00:00 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 00:00 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 00:00 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 00:00 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 00:00 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 00:00 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 00:00 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 00:00 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 23:54 . 2013-07-01 13:03 -------- d-----w- c:\users\Mike
2013-06-11 15:36 . 2009-08-20 03:50 46928 ----a-w- c:\windows\system32\AdobePDF.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:58 . 2012-04-13 13:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 15:58 . 2011-06-16 13:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-10 13:01 . 2010-11-07 17:31 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-10 13:01 . 2010-11-07 17:31 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-10 13:01 . 2010-11-07 17:31 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-10 13:01 . 2010-11-07 17:31 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-07 14:32 . 2013-06-07 14:32 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{367C0C26-D568-4C37-8274-78DB86381F27}\gapaengine.dll
2013-06-04 13:06 . 2010-11-07 17:31 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-05-24 22:19 . 2013-05-24 22:19 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-24 22:19 . 2013-05-24 22:19 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-24 22:19 . 2013-05-24 22:19 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-24 22:19 . 2013-05-24 22:19 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-24 22:19 . 2013-05-24 22:19 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-24 22:19 . 2013-05-24 22:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-24 22:19 . 2013-05-24 22:19 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-24 22:19 . 2013-05-24 22:19 361984 ----a-w- c:\windows\system32\html.iec
2013-05-24 22:19 . 2013-05-24 22:19 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-24 22:19 . 2013-05-24 22:19 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-24 22:19 . 2013-05-24 22:19 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-24 22:19 . 2013-05-24 22:19 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-24 22:19 . 2013-05-24 22:19 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-24 22:19 . 2013-05-24 22:19 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-24 22:19 . 2013-05-24 22:19 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-24 22:19 . 2013-05-24 22:19 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-24 22:19 . 2013-05-24 22:19 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-13 19:33 . 2013-05-13 19:33 862664 ----a-w- c:\windows\system32\msvcr110.dll
2013-05-13 19:33 . 2013-05-13 19:33 534480 ----a-w- c:\windows\system32\msvcp110.dll
2013-05-13 19:33 . 2013-05-13 19:33 251864 ----a-w- c:\windows\system32\vccorlib110.dll
2013-05-13 19:33 . 2013-05-13 19:33 44208 ----a-w- c:\windows\system32\drivers\point32.sys
2013-05-13 19:33 . 2013-05-13 19:33 25712 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2013-05-13 14:07 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 06:19 . 2013-06-07 12:35 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32CE242F-9E22-4191-813B-3350EB6BBC0E}\mpengine.dll
2013-05-02 15:28 . 2009-12-05 18:39 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 13:52 . 2013-05-02 13:52 2210992 ----a-w- c:\windows\system32\coin94.dll
2013-05-02 02:53 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe
2013-04-24 13:42 . 2013-04-24 13:42 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 04:45 . 2013-05-16 12:20 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 12:20 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-05-02 03:14 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-16 12:20 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-16 12:20 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-16 12:20 2347520 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-23 7514656]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
"SoftwareSASGeneration "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
R1 bchzdbqq;bchzdbqq;c:\windows\system32\drivers\bchzdbqq.sys [x]
R1 mzuenvyc;mzuenvyc;c:\windows\system32\drivers\mzuenvyc.sys [x]
R1 ngcjphjq;ngcjphjq;c:\windows\system32\drivers\ngcjphjq.sys [x]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 Update Agent;Practice Manager Update Agent;c:\program files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe [2007-11-23 61440]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2010-01-20 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2010-01-20 11520]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys [2011-06-17 23984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS [2011-06-17 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS [2011-06-17 756856]
S0 vdorctrl;vdorctrl;c:\windows\system32\DRIVERS\vdorctrl.sys [2009-07-14 45568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130620.011\BHDrvx86.sys [2013-06-21 1002072]
S1 IDSVix86;IDSVix86;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130705.001\IDSvix86.sys [2013-06-13 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS [2011-06-17 136312]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMNETS.SYS [2011-06-17 299640]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2013-06-10 375120]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-06-04 13624]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2010-05-25 196912]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-06-17 137224]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-07-01 106656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-28 12:34 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 15:58]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 23:50]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 23:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{4DFF09A4-67E9-4799-9B39-66125B06670D}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SepMasterService]
"ImagePath "= "\ "c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \ "Symantec Endpoint Protection\" /m \ "c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1 "
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SmcService]
"ImagePath "= "\ "c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F} "=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F} "=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6} "=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7} "=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F} "=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9} "=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} "=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp "=hex:0f,09,f0,a0,01,bd,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue "=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-08 17:42:06
ComboFix-quarantined-files.txt 2013-07-08 21:42
.
Pre-Run: 150,466,551,808 bytes free
Post-Run: 151,912,263,680 bytes free
.
- - End Of File - - 83082214FDA2FB602879AB30CF8D721D
CDB4DE4BBD714F152979DA2DCBEF57EB

broni · 2013/07/08

Looks good.

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Jeremie · 2013/07/09

I didnt restart after combo fix so I was getting some errors. I even got a message about windows not being genuine...Strange. I restarted seems ok for now. Will try downloading a file from the comp and run the scans and let you know.

broni · 2013/07/09

Jeremie · 2013/07/10

# AdwCleaner v2.304 - Logfile created 07/09/2013 at 22:12:48
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Mike - LLF8-PC
# Boot Mode : Normal
# Running from : C:\Users\Mike\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\madelyn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2989 octets] - [09/07/2013 22:12:48]

########## EOF - C:\AdwCleaner[S1].txt - [3049 octets] ##########

Jeremie · 2013/07/10

logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.3 (07.09.2013:2)
OS: Windows 7 Professional x86
Ran by Mike on Tue 07/09/2013 at 22:26:11.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3F65ADB4-B750-4AEE-B893-82AD17014AAF}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/09/2013 at 22:29:43.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jeremie · 2013/07/10

OTL logfile created on: 7/9/2013 10:33:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.99% Memory free
5.93 Gb Paging File | 4.48 Gb Available in Paging File | 75.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.14 Gb Total Space | 141.29 Gb Free Space | 64.77% Space Free | Partition Type: NTFS

Computer Name: LLF8-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/09 22:32:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.exe
PRC - [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/06/10 09:02:03 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/10 09:01:52 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/05/13 15:33:02 | 001,693,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2013/05/13 15:33:02 | 001,113,296 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011/06/17 17:31:10 | 001,664,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
PRC - [2011/06/17 17:31:08 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/08 10:27:23 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/11/20 08:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/05/31 12:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/05/25 12:00:52 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/31 18:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2007/11/23 12:47:36 | 000,221,184 | ---- | M] (Practice Manager Group, LLC) -- C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/14 21:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/14 21:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/14 21:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 21:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 21:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 21:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013/05/17 08:22:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/17 08:21:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/02 03:18:31 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/05/02 03:18:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/05/02 03:18:08 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/05/02 03:17:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/16 13:28:42 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC\PM.Deployment.EsdServiceCommon\2.0.0.12__b2520ee0b52bee09\PM.Deployment.EsdServiceCommon.dll

========== Services (SafeList) ==========

SRV - [2013/06/12 11:58:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/10 09:02:03 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/10 09:01:52 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/06/07 08:57:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/17 17:31:10 | 001,664,744 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/06/17 17:31:10 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe -- (SNAC)
SRV - [2011/06/17 17:31:08 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2010/12/08 10:27:23 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/05/25 12:00:52 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/04/19 17:46:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/03/31 18:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2007/11/23 12:47:36 | 000,061,440 | ---- | M] (Practice Manager Group, LLC) [Auto | Stopped] -- C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe -- (Update Agent)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ngcjphjq.sys -- (ngcjphjq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mzuenvyc.sys -- (mzuenvyc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mike\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bchzdbqq.sys -- (bchzdbqq)
DRV - [2013/06/30 23:44:32 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130709.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/06/30 23:44:32 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/06/30 23:44:32 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/06/30 23:44:32 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130709.016\NAVENG.SYS -- (NAVENG)
DRV - [2013/06/30 23:30:35 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/06/30 23:29:47 | 000,092,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2013/06/20 21:59:34 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130620.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/06/13 17:03:18 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130709.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/06/10 09:01:52 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/06/04 09:06:18 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/25 14:41:44 | 000,065,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/06/17 17:31:12 | 000,756,856 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2011/06/17 17:31:12 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/06/17 17:31:12 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys -- (SymDS)
DRV - [2011/06/17 17:31:12 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\symnets.sys -- (SYMNETS)
DRV - [2011/06/17 17:31:12 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/06/17 17:31:12 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2011/06/17 17:31:10 | 000,050,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
DRV - [2011/06/17 17:31:10 | 000,023,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/31 12:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/20 00:49:26 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2010/01/20 00:49:26 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/07/13 21:16:20 | 000,045,568 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\vdorctrl.sys -- (vdorctrl)
DRV - [2009/05/21 15:18:54 | 000,089,048 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6B8AE704-0391-4680-AFDD-93BB118ADA55}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1111\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1111\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS431
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1111\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 94 D0 BF 4C 7C CE 01 [binary data]
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS431
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\..\SearchScopes\{9EA12B65-C3D4-4D1D-9A50-80D3CE5E5136}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=MDDS
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2013/07/09 22:22:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://www.google.com/webhp?hl=en&tab=ww
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Windows\Downloaded Program Files\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/07/08 17:39:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Jeise.LATRONICA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790384558-2054425275-2914615486-1111\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790384558-2054425275-2914615486-1111\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790384558-2054425275-2914615486-1179\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Latronica.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DFF09A4-67E9-4799-9B39-66125B06670D}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Jeremie · 2013/07/10

PT 2 of OTL log

========== Files/Folders - Created Within 30 Days ==========

[2013/07/09 22:26:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/08 22:24:21 | 001,814,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Mike\Desktop\rkill.exe
[2013/07/08 22:22:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/08 22:22:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/08 17:36:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp
[2013/07/08 17:21:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/08 17:21:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/08 17:21:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/08 17:21:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/08 17:17:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/08 16:48:00 | 005,086,951 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2013/07/03 16:07:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Diagnostics
[2013/07/02 10:56:47 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Brother
[2013/07/01 22:47:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\mbar
[2013/07/01 22:41:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\RK_Quarantine
[2013/07/01 11:26:37 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Nitro PDF
[2013/07/01 09:02:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\Misc
[2013/06/30 23:31:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Symantec
[2013/06/30 23:30:35 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/06/30 23:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/06/30 23:29:47 | 000,374,704 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
[2013/06/30 23:29:47 | 000,240,048 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2013/06/30 23:29:47 | 000,094,128 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2013/06/30 23:29:47 | 000,092,080 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2013/06/30 23:29:47 | 000,032,208 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\WGX.SYS
[2013/06/30 23:29:47 | 000,010,672 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\sysferThunk.dll
[2013/06/30 23:29:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86
[2013/06/30 23:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2013/06/30 23:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/06/30 23:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/06/30 23:29:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP
[2013/06/30 23:29:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105
[2013/06/30 23:29:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP\0C01029F
[2013/06/28 12:03:39 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2013/06/28 12:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/28 12:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/28 12:03:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/28 12:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/28 12:03:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Programs
[2013/06/28 11:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/06/28 11:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/06/28 10:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SMR322
[2013/06/27 22:22:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\CrashDumps
[2013/06/27 22:14:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\NPE
[2013/06/27 21:01:07 | 000,000,000 | ---D | C] -- C:\14a656453376b046b9a5d4dcc8
[2013/06/27 11:07:50 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\ElevatedDiagnostics
[2013/06/26 15:19:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\WinRAR
[2013/06/24 14:57:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Fragments
[2013/06/20 09:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/06/20 09:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/20 09:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/20 09:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/20 09:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/20 09:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/06/20 09:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/06/20 09:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/06/20 09:05:49 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Apple
[2013/06/19 11:06:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Google
[2013/06/19 11:05:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\WinRAR
[2013/06/13 08:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/06/13 08:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/06/12 14:40:00 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\OpenOffice.org
[2013/06/12 09:25:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Apple Computer
[2013/06/12 09:10:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Google
[2013/06/11 23:04:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\scan
[2013/06/11 22:29:39 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\CyberLink
[2013/06/11 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Adobe
[2013/06/11 19:56:13 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\LogMeIn
[2013/06/11 19:56:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Apple Computer
[2013/06/11 19:55:28 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/06/11 19:55:28 | 000,000,000 | R--D | C] -- C:\Users\Mike\Searches
[2013/06/11 19:55:28 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/06/11 19:55:27 | 000,000,000 | -H-D | C] -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/06/11 19:55:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Identities
[2013/06/11 19:55:15 | 000,000,000 | R--D | C] -- C:\Users\Mike\Contacts
[2013/06/11 19:55:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Adobe
[2013/06/11 19:54:59 | 000,000,000 | --SD | C] -- C:\Users\Mike\AppData\Roaming\Microsoft
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\Videos
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\Saved Games
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\Pictures
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\Music
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\Links
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\Favorites
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\Downloads
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\Documents
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\Desktop
[2013/06/11 19:54:59 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Temporary Internet Files
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Templates
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Start Menu
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\SendTo
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Recent
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\PrintHood
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\NetHood
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Videos
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Pictures
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Music
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\My Documents
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Local Settings
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\History
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Cookies
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Application Data
[2013/06/11 19:54:59 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Application Data
[2013/06/11 19:54:59 | 000,000,000 | -H-D | C] -- C:\Users\Mike\AppData
[2013/06/11 19:54:59 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Mozilla
[2013/06/11 19:54:59 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft Help
[2013/06/11 19:54:59 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft
[2013/06/11 19:54:59 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Media Center Programs
[2013/06/11 19:54:59 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/09 22:29:10 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/09 22:29:10 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/09 22:23:42 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/09 22:21:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/09 22:21:37 | 2388,381,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/09 21:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/09 21:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/09 10:08:30 | 000,001,590 | ---- | M] () -- C:\Users\Mike\Desktop\HP LaserJet 1320 (CRAIG-PC) - Shortcut.lnk
[2013/07/08 17:39:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/07/08 17:17:27 | 005,086,951 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2013/07/08 16:46:04 | 001,814,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Mike\Desktop\rkill.exe
[2013/07/01 22:37:08 | 000,912,384 | ---- | M] () -- C:\Users\Mike\Desktop\winlogon.com.exe
[2013/07/01 22:31:50 | 013,399,154 | ---- | M] () -- C:\Users\Mike\Desktop\mbar-1.06.0.1004.zip
[2013/07/01 10:00:24 | 000,001,992 | -H-- | M] () -- C:\Users\Mike\Documents\Default.rdp
[2013/06/30 23:37:53 | 001,996,376 | ---- | M] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB
[2013/06/30 23:30:35 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/06/30 23:30:35 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/06/30 23:30:35 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/06/30 23:29:47 | 000,374,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
[2013/06/30 23:29:47 | 000,240,048 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2013/06/30 23:29:47 | 000,094,128 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2013/06/30 23:29:47 | 000,092,080 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2013/06/30 23:29:47 | 000,032,208 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\WGX.SYS
[2013/06/30 23:29:47 | 000,010,672 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysferThunk.dll
[2013/06/30 23:29:47 | 000,000,114 | ---- | M] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini
[2013/06/28 08:34:17 | 000,002,227 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/27 23:55:03 | 000,079,242 | ---- | M] () -- C:\Users\Mike\Documents\cc_20130627_235455.reg
[2013/06/27 23:54:13 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/27 23:49:53 | 000,684,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/27 23:49:53 | 000,126,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/27 22:26:01 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013/06/21 09:30:11 | 000,001,532 | ---- | M] () -- C:\Users\Mike\Desktop\Scan2 (WIN08SRVR) - Shortcut.lnk
[2013/06/19 11:06:28 | 000,001,409 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/14 08:43:28 | 002,367,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/13 08:55:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf
[2013/06/13 08:55:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01011.Wdf
[2013/06/13 08:53:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/06/12 08:45:40 | 000,001,105 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013/06/11 09:16:23 | 000,001,902 | ---- | M] () -- C:\Users\Mike\Desktop\WORDDOCS - Shortcut.lnk
[2013/06/10 09:01:52 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2013/06/10 09:01:52 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2013/06/10 09:01:52 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/08 17:21:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/08 17:21:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/08 17:21:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/08 17:21:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/08 17:21:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/05 15:43:05 | 000,001,590 | ---- | C] () -- C:\Users\Mike\Desktop\HP LaserJet 1320 (CRAIG-PC) - Shortcut.lnk
[2013/07/01 22:37:52 | 013,399,154 | ---- | C] () -- C:\Users\Mike\Desktop\mbar-1.06.0.1004.zip
[2013/07/01 22:37:08 | 000,912,384 | ---- | C] () -- C:\Users\Mike\Desktop\winlogon.com.exe
[2013/07/01 09:12:53 | 000,001,992 | -H-- | C] () -- C:\Users\Mike\Documents\Default.rdp
[2013/06/30 23:30:36 | 001,996,376 | ---- | C] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB
[2013/06/30 23:30:35 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/06/30 23:30:35 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/06/30 23:29:47 | 000,000,114 | ---- | C] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini
[2013/06/28 11:22:42 | 000,285,747 | ---- | C] () -- C:\shldr
[2013/06/27 23:54:57 | 000,079,242 | ---- | C] () -- C:\Users\Mike\Documents\cc_20130627_235455.reg
[2013/06/27 22:26:01 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013/06/21 09:30:11 | 000,001,532 | ---- | C] () -- C:\Users\Mike\Desktop\Scan2 (WIN08SRVR) - Shortcut.lnk
[2013/06/20 09:08:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/06/19 11:06:28 | 000,001,409 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/13 08:55:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf
[2013/06/13 08:55:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01011.Wdf
[2013/06/13 08:53:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/06/12 08:45:40 | 000,001,105 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013/06/11 23:04:41 | 000,001,902 | ---- | C] () -- C:\Users\Mike\Desktop\WORDDOCS - Shortcut.lnk
[2013/06/11 19:55:51 | 000,002,227 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/11 19:55:05 | 000,001,415 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/06/11 19:54:59 | 000,000,290 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/06/11 19:54:59 | 000,000,272 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/12/27 12:45:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012/11/12 07:42:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/11/12 07:42:12 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/11/12 07:42:12 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC08A.DAT
[2009/12/06 16:05:23 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2013/01/31 13:48:06 | 000,002,048 | -HS- | M] () -- C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\@
[2011/11/17 01:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\L
[2011/11/17 01:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Jeise.LATRONICA\AppData\Local\{6fc037c0-742e-9371-a88c-f552ab3cf0b3}\U
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

========== LOP Check ==========

[2011/12/14 21:41:42 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Downloaded Installations
[2011/12/14 21:41:44 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\ESET
[2013/01/31 18:33:42 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Nitro PDF
[2011/12/14 21:41:50 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\PrimoPDF
[2011/12/14 21:41:50 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Unity
[2010/06/01 12:08:37 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICA\AppData\Roaming\Downloaded Installations
[2010/04/15 16:52:10 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICA\AppData\Roaming\ESET
[2012/12/18 19:26:20 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICA\AppData\Roaming\Nitro PDF
[2012/03/16 13:06:53 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICA\AppData\Roaming\OpenOffice.org
[2011/05/27 09:56:17 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICA\AppData\Roaming\PrimoPDF
[2011/09/30 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICA\AppData\Roaming\Unity
[2011/12/14 21:21:54 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICAcopy\AppData\Roaming\Downloaded Installations
[2011/12/14 21:21:56 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICAcopy\AppData\Roaming\ESET
[2011/12/14 21:22:00 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICAcopy\AppData\Roaming\Nitro PDF
[2011/12/14 21:22:00 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICAcopy\AppData\Roaming\PrimoPDF
[2011/12/14 21:22:00 | 000,000,000 | ---D | M] -- C:\Users\Jeise.LATRONICAcopy\AppData\Roaming\Unity
[2013/06/07 10:22:49 | 000,000,000 | ---D | M] -- C:\Users\madelyn\AppData\Roaming\com.adobe.ExMan
[2013/06/07 10:19:33 | 000,000,000 | ---D | M] -- C:\Users\madelyn\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/21 15:39:40 | 000,000,000 | ---D | M] -- C:\Users\madelyn\AppData\Roaming\Nitro PDF
[2013/05/06 09:57:52 | 000,000,000 | ---D | M] -- C:\Users\madelyn\AppData\Roaming\OpenOffice.org
[2013/04/04 08:57:05 | 000,000,000 | ---D | M] -- C:\Users\madelyn\AppData\Roaming\PrimoPDF
[2013/07/01 11:26:38 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Nitro PDF
[2013/06/12 14:40:00 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\OpenOffice.org

========== Purity Check ==========

< End of report >

Jeremie · 2013/07/10

OTL Extras logfile created on: 7/9/2013 10:33:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.99% Memory free
5.93 Gb Paging File | 4.48 Gb Available in Paging File | 75.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.14 Gb Total Space | 141.29 Gb Free Space | 64.77% Space Free | Partition Type: NTFS

Computer Name: LLF8-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-790384558-2054425275-2914615486-1179\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CF9A28E-23AF-4FAC-AF24-BA1F0E74626E}" = rport=138 | protocol=17 | dir=out | app=system |
"{299D452D-D8B8-4227-99E3-BCE70F827955}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{44E3488F-0AD8-4ABF-99FF-CAF45767D5B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{461DA6FA-CBE0-41FB-A94F-DE74085F0CE3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6240C7C6-6F26-476F-9480-5F8B76E7B764}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{669A0492-2170-4A33-843B-68334C131D80}" = lport=138 | protocol=17 | dir=in | app=system |
"{674C6B98-BC56-4FF4-B9D4-A00BD21DE92C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7346502F-4168-4820-BF9B-2AE2917955D6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8BD758EA-0501-4026-ABFD-399052DE598E}" = rport=445 | protocol=6 | dir=out | app=system |
"{8EC9DC38-D70E-419A-AF5F-89A10CC5C596}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{953E0C85-22D5-47F7-AFCE-E877E70996E0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A4A9EEEB-46C3-4E1C-B81F-BEACCD8CA82E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF218F66-1875-45E0-B8BD-59CB920E2942}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D03B3A66-E060-4253-B9D1-64C31B8103D8}" = lport=139 | protocol=6 | dir=in | app=system |
"{D2A5D722-6281-4A30-B61C-269CE91B2F7A}" = lport=445 | protocol=6 | dir=in | app=system |
"{D6C1707A-B90E-45B2-BCE3-4EB547D68A62}" = lport=137 | protocol=17 | dir=in | app=system |
"{D84A08F8-DE20-46F7-A57D-81EF08B08FC8}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0467591-AFC4-42AB-8942-87CD4A413F28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F22BB3D4-7064-42B4-92F6-76D0A8765426}" = rport=139 | protocol=6 | dir=out | app=system |
"{F22CCDBB-5C05-4E3F-9D49-E79397F09543}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2FB559D8-25D0-437B-9252-4DD2DA3C7F64}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3902E250-8ED2-444E-BFF3-694A9EA1FAD4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{986E7B91-A555-40C8-864B-CDA50CBB8E46}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EC2414D3-B2BF-433C-A0B6-4B92E679E0BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EDE016E0-9045-49B8-931D-302ADE6582E3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DB7C30-A170-4C51-B39E-EDC55E0836D4}" = Practice Manager PM Purger Client Adapter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37566D8F-0EA4-46EF-8858-973FF21853B6}" = Nitro PDF Reader
"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}" = Dell Backup and Recovery Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86924253-1BCC-4BF5-B995-33C1DB7EECAE}" = 32 Bit HP CIO Components Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE75E68-96A2-48F3-90AB-34E6B8C9989D}" = Microsoft Mouse and Keyboard Center
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}" = Symantec Endpoint Protection
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, FranÃ§ais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0AC146D-2ABE-4D9D-AF25-798734CE4292}" = Practice Manager Update Agent
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B35DB336-C7AA-4B4E-B3F5-2D4B0361603C}" = Practice Manager 10 Workstation
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BADA4CD0-ECA5-11D4-8561-00A0C9720C2C}" = Saga Practice Manager and Plugins
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C83A7BC5-CA10-4C9E-8FB0-7D33B2EDAEFB}" = Practice Manager n-tier Framework Client
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Practice Manager 8" = Practice Manager 8
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ OSession Events ]
Error - 6/30/2011 1:54:30 PM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16559
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 9/28/2011 5:20:06 PM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8927
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 11/28/2011 6:04:55 PM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10567
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 4/10/2012 6:01:11 PM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17677
seconds with 600 seconds of active time. This session ended with a crash.

Error - 8/14/2012 8:11:23 AM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 80341
seconds with 120 seconds of active time. This session ended with a crash.

Error - 10/3/2012 5:52:11 PM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23821
seconds with 2940 seconds of active time. This session ended with a crash.

Error - 12/21/2012 6:04:47 PM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8945
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 12/26/2012 3:52:03 PM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6327
seconds with 540 seconds of active time. This session ended with a crash.

Error - 4/17/2013 6:02:27 PM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33434
seconds with 5040 seconds of active time. This session ended with a crash.

Error - 7/9/2013 1:12:23 PM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 852
seconds with 600 seconds of active time. This session ended with a crash.

[ PMUpdater Events ]
Error - 8/13/2012 8:56:17 AM | Computer Name = LLF8-PC.Latronica.com | Source = PmUpdater | ID = 1000
Description = SR.ExceptionSummary : ====================================== --> MachineName:
LLF8-PC --> TimeStamp: 8/13/2012 12:56:17 PM --> FullName: PM.Deployment.Updater,
Version=2.0.0.12, Culture=neutral, PublicKeyToken=b2520ee0b52bee09 --> AppDomainName:
PM.Deployment.EsdService.exe --> WindowsIdentity: NT AUTHORITY\SYSTEM SR.ExceptionDetails
======================================
SR.ExceptionType:
System.Net.WebException Status: NameResolutionFailure Response: NULL Message: The
remote name could not be resolved: 'win08srvr' Data: System.Collections.ListDictionaryInternal
TargetSite:
System.Net.WebResponse GetResponse() HelpLink: NULL Source: System SR.ExceptionStackTraceDetails
====================================== at System.Net.HttpWebRequest.GetResponse()

at PM.Deployment.Updater.ManifestManager.DownloadFile(Uri uri) in D:\Progrs\C#\PMUpdater\PMUpdater\Manifest\ManifestManager.cs:line
351 at PM.Deployment.Updater.ManifestManager.ValidateAndDeserialize(Type type,
Uri location, String productId, String schemaResource) in D:\Progrs\C#\PMUpdater\PMUpdater\Manifest\ManifestManager.cs:line
213

[ System Events ]
Error - 7/9/2013 10:31:53 PM | Computer Name = LLF8-PC.Latronica.com | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.153.1555.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.

< End of report >

Log in or Sign up

Solved Terrible worm infecting alot of computers

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Terrible worm infecting alot of computers

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Share This Page

Useful Searches