Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Infected with zeroaccess rootkit!!!  (Read 22021 times)

0 Members and 1 Guest are viewing this topic.

tsfc

    Topic Starter


    Rookie

    • Experience: Familiar
    • OS: Windows 7
    Infected with zeroaccess rootkit!!!
    « on: September 29, 2012, 12:05:41 PM »
    I was infected with zeroaccess rootkit and attempted to remove it and it appears that it is gone however now my computer is running extremely slow while on the internet. Please HELP!!!

    tsfc

    Logs posted below:

    # AdwCleaner v2.003 - Logfile created 09/29/2012 at 13:04:18
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Joshua - JOSHUA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Joshua\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\searchplugins\Askcom.xml
    Folder Found : C:\Program Files (x86)\Ask.com
    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\Users\Joshua\AppData\LocalLow\AskToolbar
    Folder Found : C:\Users\Joshua\AppData\LocalLow\BabylonToolbar
    Folder Found : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\extensions\[email protected]
    Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Found : HKCU\Software\APN
    Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\Ask.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Found : HKLM\Software\APN
    Key Found : HKLM\Software\AskToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Mozilla Firefox v12.0 (en-US)

    Profile name : default
    File : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\prefs.js

    Found : user_pref("browser.search.defaultengine", "Ask.com");
    Found : user_pref("browser.search.defaultenginename", "Ask.com");
    Found : user_pref("browser.search.order.1", "Ask.com");

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [4411 octets] - [29/09/2012 13:04:18]

    ########## EOF - C:\AdwCleaner[R1].txt - [4471 octets] ##########


    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.29.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Joshua :: JOSHUA-PC [administrator]

    9/29/2012 12:37:01 PM
    mbam-log-2012-09-29 (12-37-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203507
    Time elapsed: 3 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_31
    Run by Joshua at 12:43:29 on 2012-09-29
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2250 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\lxddcoms.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\SysWOW64\REGEDIT.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page =
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120724204840.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [uTorrent] "C:\Users\Joshua\Pictures\uTorrent.exe"  /MINIMIZED
    uRun: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\2375942554330323 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\2375942554339333 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\2375942554931373 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\84F6C6964616970294E6E60224561657D6F6E647 : DhcpNameServer = 4.2.2.2 4.2.2.3 8.8.8.8
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64:     AcroIEHelperStub - No File
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO-X64:     McAfee Phishing Filter - No File
    BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO-X64:     Canon Easy-WebPrint EX BHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120724204840.dll
    BHO-X64:     scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64:     SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64:     Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun-x64: [(Default)]
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - att.net
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Joshua\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-14 89600]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-14 13336]
    R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe -service --> C:\Windows\system32\lxddcoms.exe -service [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-1-14 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-1-14 210584]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2011-1-14 162192]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-14 1692480]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-14 2320920]
    R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxddserv.exe [2007-5-25 34224]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 129976]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-29 17:35:43   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
    2012-09-29 17:35:43   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-29 17:15:13   --------   d-----w-   C:\Program Files\CCleaner
    2012-09-29 11:18:18   --------   d-----w-   C:\ProgramData\SUPERSetup
    2012-09-29 11:10:59   --------   d-sh--w-   C:\$RECYCLE.BIN
    2012-09-29 08:54:01   --------   d-----w-   C:\Users\Joshua\AppData\Roaming\USTechSupport
    2012-09-29 08:52:19   --------   d-----w-   C:\ProgramData\USTechSupport
    2012-09-28 19:53:21   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DB98C2F-38F0-4604-8868-78303CEDC956}\offreg.dll
    2012-09-28 19:35:45   9308616   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DB98C2F-38F0-4604-8868-78303CEDC956}\mpengine.dll
    2012-09-26 21:39:22   245760   ----a-w-   C:\Windows\System32\OxpsConverter.exe
    2012-09-24 22:45:04   --------   d-----w-   C:\Users\Joshua\AppData\Roaming\Softland
    2012-09-24 22:45:03   24968   ----a-w-   C:\Windows\System32\dopdfmn7.dll
    2012-09-24 22:45:03   21384   ----a-w-   C:\Windows\System32\dopdfmi7.dll
    2012-09-24 22:45:02   1700352   ----a-w-   C:\Windows\System32\GdiPlus.dll
    2012-09-24 22:44:59   --------   d-----w-   C:\Program Files\Softland
    2012-09-21 22:59:43   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
    2012-09-21 22:59:42   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
    2012-09-17 01:10:06   --------   d-----w-   C:\Users\Joshua\AppData\Local\CutePDF Writer
    2012-09-17 01:09:08   --------   d-----w-   C:\Program Files (x86)\GPLGS
    2012-09-16 01:58:11   87152   ----a-w-   C:\Windows\System32\cpwmon64.dll
    2012-09-16 01:58:09   --------   d-----w-   C:\Program Files (x86)\Acro Software
    2012-09-16 01:57:35   --------   d-----w-   C:\Program Files (x86)\Ask.com
    2012-09-16 01:43:35   --------   d-----w-   C:\Users\Joshua\AppData\Local\PrimoPDFContent
    2012-09-16 00:39:37   --------   d-----w-   C:\Users\Joshua\AppData\Roaming\PrimoPDF
    2012-09-16 00:37:13   95008   ----a-w-   C:\Windows\System32\Primomonnt.dll
    2012-09-16 00:37:10   --------   d-----w-   C:\Program Files (x86)\Nitro PDF
    2012-09-15 21:56:36   --------   d-----w-   C:\Users\Joshua\AppData\Local\Amazon
    2012-09-15 21:56:15   101680   ----a-w-   C:\Windows\System32\stkMonitor.dll
    2012-09-15 21:56:12   --------   d-----w-   C:\Program Files (x86)\Amazon
    2012-09-14 23:29:07   --------   d--h--w-   C:\ProgramData\CanonIJSolutionMenuEX
    2012-09-14 23:29:06   --------   d--h--w-   C:\ProgramData\CanonIJEPPEX2
    2012-09-14 23:29:06   --------   d--h--w-   C:\ProgramData\CanonEPP
    2012-09-14 23:28:53   --------   d--h--w-   C:\ProgramData\CanonIJMyPrinter
    2012-09-14 23:25:16   --------   d-----w-   C:\ProgramData\Canon IJ Network Tool
    2012-09-14 23:14:46   --------   d--h--w-   C:\ProgramData\CanonIJFAX
    2012-09-14 23:14:29   --------   d--h--w-   C:\ProgramData\CanonIJEGV
    2012-09-14 23:10:18   --------   d-----w-   C:\Program Files\Common Files\CANON
    2012-09-14 23:09:59   --------   d-----w-   C:\ProgramData\CanonIJWSpt
    2012-09-14 23:06:35   --------   d-----w-   C:\Program Files\Canon
    2012-09-14 23:03:17   --------   d-----w-   C:\ProgramData\CanonIJPLM
    2012-09-14 23:02:54   --------   d--h--w-   C:\ProgramData\CanonIJETV
    2012-09-14 23:02:19   --------   d-----w-   C:\Program Files (x86)\Canon
    2012-09-12 16:59:34   950128   ----a-w-   C:\Windows\System32\drivers\ndis.sys
    2012-09-12 16:59:34   41472   ----a-w-   C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 16:59:33   574464   ----a-w-   C:\Windows\System32\d3d10level9.dll
    2012-09-12 16:59:29   490496   ----a-w-   C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 16:59:27   376688   ----a-w-   C:\Windows\System32\drivers\netio.sys
    2012-09-12 16:59:27   288624   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-12 16:59:27   1913200   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M  ====================
    .
    2012-08-24 18:05:06   1188864   ----a-w-   C:\Windows\System32\wininet.dll
    2012-08-24 16:57:48   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
    2012-07-24 00:37:36   0   ----a-w-   C:\Windows\SysWow64\sho8B2F.tmp
    2012-07-18 18:15:06   3148800   ----a-w-   C:\Windows\System32\win32k.sys
    2012-07-06 20:07:42   552960   ----a-w-   C:\Windows\System32\drivers\bthport.sys
    2012-07-04 22:13:27   59392   ----a-w-   C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27   136704   ----a-w-   C:\Windows\System32\browser.dll
    2012-07-04 21:14:34   41984   ----a-w-   C:\Windows\SysWow64\browcli.dll
    .
    ============= FINISH: 12:44:03.70 ===============
     

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Infected with zeroaccess rootkit!!!
    « Reply #1 on: September 29, 2012, 12:13:28 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Remove the Adware:
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    **************************************************************
    I am required to give you this warning.

    It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.

    Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.

    Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:

     What danger is presented by rootkits?
     Rootkits and how to combat them
     r00tkit Analysis: What Is A Rootkit

    If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    What Should I Do If I've Become A Victim Of Identity Theft?
     Identity Theft Victims Guide - What to do
    It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
    be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
    When should I re-format? How should I reinstall?
    Help: I Got Hacked. Now What Do I Do?
    Help: I Got Hacked. Now What Do I Do? Part II
    Where to draw the line? When to recommend a format and reinstall?

    Guides for format and reinstall:

    how-to-reformat-and-reinstall-your-operating-system-the-easy-way

    However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
    If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

    Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.
    Windows 8 and Windows 10 dual boot with two SSD's

    tsfc

      Topic Starter


      Rookie

      • Experience: Familiar
      • OS: Windows 7
      Re: Infected with zeroaccess rootkit!!!
      « Reply #2 on: September 29, 2012, 12:37:09 PM »
      I would like to try everything before I have to do a re-format :) hopefully you will be able to help me.

      adw log posted below.

      # AdwCleaner v2.003 - Logfile created 09/29/2012 at 13:36:31
      # Updated 23/09/2012 by Xplode
      # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
      # User : Joshua - JOSHUA-PC
      # Boot Mode : Normal
      # Running from : C:\Users\Joshua\Desktop\adwcleaner.exe
      # Option [Delete]


      ***** [Services] *****


      ***** [Files / Folders] *****

      File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
      File Deleted : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\searchplugins\Askcom.xml
      Folder Deleted : C:\Program Files (x86)\Ask.com
      Folder Deleted : C:\ProgramData\Ask
      Folder Deleted : C:\Users\Joshua\AppData\LocalLow\AskToolbar
      Folder Deleted : C:\Users\Joshua\AppData\LocalLow\BabylonToolbar
      Folder Deleted : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\extensions\[email protected]
      Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

      ***** [Registry] *****

      Key Deleted : HKCU\Software\APN
      Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
      Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
      Key Deleted : HKCU\Software\Ask.com
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
      Key Deleted : HKLM\Software\APN
      Key Deleted : HKLM\Software\AskToolbar
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
      Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
      Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
      Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
      Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

      ***** [Internet Browsers] *****

      -\\ Internet Explorer v8.0.7601.17514

      Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

      -\\ Mozilla Firefox v12.0 (en-US)

      Profile name : default
      File : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\prefs.js

      Deleted : user_pref("browser.search.defaultengine", "Ask.com");
      Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
      Deleted : user_pref("browser.search.order.1", "Ask.com");

      -\\ Google Chrome v [Unable to get version]

      File : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] File is clean.

      *************************

      AdwCleaner[R1].txt - [4532 octets] - [29/09/2012 13:04:18]
      AdwCleaner[S1].txt - [5172 octets] - [29/09/2012 13:36:31]

      ########## EOF - C:\AdwCleaner[S1].txt - [5232 octets] ##########

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Infected with zeroaccess rootkit!!!
      « Reply #3 on: September 29, 2012, 05:36:43 PM »
      Download Farbar Recovery Scan Tool and save it to a flash drive.

      Please make sure to download the 64-bit version.

      Plug the flashdrive into the infected PC.

      Enter System Recovery Options.

      To enter System Recovery Options from the Advanced Boot Options:
      • Restart the computer.
      • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
      • Use the arrow keys to select the Repair your computer menu item.
      • Choose your language settings, and then click Next.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
      To enter System Recovery Options by using Windows installation disc:
      • Insert the installation disc.
      • Restart your computer.
      • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
      • Click Repair your computer.
      • Choose your language settings, and then click Next.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account an click Next.
      On the System Recovery Options menu you will get the following options:
        Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt

        [/list]
        • Select Command Prompt
        • In the command window type in notepad and press Enter.
        • The notepad opens. Under File menu select Open.
        • Select "Computer" and find your flash drive letter and close the notepad.
        • In the command window type e:\frst64 and press Enter
          Note: Replace letter e with the drive letter of your flash drive.
        • The tool will start to run.
        • When the tool opens click Yes to the disclaimer.
        • Place a check next to List Drivers MD5 as well as the default check marks that are already there
        • Press Scan button.
        • type exit and reboot the computer normally
        • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
        Windows 8 and Windows 10 dual boot with two SSD's

        tsfc

          Topic Starter


          Rookie

          • Experience: Familiar
          • OS: Windows 7
          Re: Infected with zeroaccess rootkit!!!
          « Reply #4 on: September 29, 2012, 10:52:51 PM »
          Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01
          Ran by SYSTEM at 30-09-2012 01:49:16
          Running from F:\
          Windows 7 Home Premium   (X64) OS Language: English(US)
          The current controlset is ControlSet002

          ==================== Registry (Whitelisted) ===================

          HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
          HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
          HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
          HKLM\...\Run: [lxddmon.exe] "C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
          HKLM\...\Run: [lxddamon] "C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
          HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2780776 2011-07-19] (CANON INC.)
          HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
          HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
          HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
          HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
          HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
          HKLM-x32\...\Run: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [86184 2010-10-08] (Absolute Software)
          HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-12-15] ()
          HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
          HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
          HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
          HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
          HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
          HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1637496 2011-08-04] (CANON INC.)
          HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [439440 2011-09-27] (CANON INC.)
          HKLM-x32\...\Run: [] 

          HKU\Joshua\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-22] (Google Inc.)
          HKU\Joshua\...\Run: [uTorrent] "C:\Users\Joshua\Pictures\uTorrent.exe"  /MINIMIZED [880528 2012-06-08] (BitTorrent, Inc.)
          HKU\Joshua\...\Run: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5" [129184 2012-03-22] ()
          HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-12] (Dell)
          HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
          Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
          Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
          Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
          ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
          Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
          ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
          Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
          ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

          ==================== Services (Whitelisted) ===================

          2 AbsoluteNotifier; "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe" [10408 2010-10-08] (Microsoft)
          2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
          2 lxdd_device; C:\Windows\system32\lxddcoms.exe -service [567216 2007-05-25] ( )
          2 lxdd_device; C:\Windows\SysWow64\lxddcoms.exe -service [537520 2007-05-25] ( )
          2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
          2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
          2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
          2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
          2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
          2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
          2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
          3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
          4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
          2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
          2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
          2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
          2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
          2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

          ==================== Drivers (Whitelisted) =====================

          3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
          3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
          3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
          3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
          3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
          0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
          1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
          3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
          0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
          3 catchme; \??\C:\ComboFix\catchme.sys

          3 mfeavfk01; 


          ==================== NetSvcs (Whitelisted) ====================


          ==================== One Month Created Files and Folders ========

          2012-09-30 00:34 - 2012-09-30 00:34 - 00000089 ____A C:\data
          2012-09-30 00:32 - 2012-09-30 00:45 - 00000000 ____D C:\Program Files (x86)\DownloadManager
          2012-09-29 13:38 - 2012-09-30 00:29 - 00000224 ____A C:\Windows\setupact.log
          2012-09-29 13:38 - 2012-09-29 13:38 - 00000456 ____A C:\Windows\PFRO.log
          2012-09-29 13:38 - 2012-09-29 13:38 - 00000000 ____A C:\Windows\setuperr.log
          2012-09-29 13:36 - 2012-09-29 13:36 - 00005289 ____A C:\AdwCleaner[S1].txt
          2012-09-29 13:04 - 2012-09-29 13:04 - 00004532 ____A C:\AdwCleaner[R1].txt
          2012-09-29 12:54 - 2012-09-29 12:55 - 00003456 ____A C:\Users\Joshua\My Documents\cc_20120929_125451.reg
          2012-09-29 12:54 - 2012-09-29 12:55 - 00003456 ____A C:\Users\Joshua\Documents\cc_20120929_125451.reg
          2012-09-29 12:42 - 2012-09-29 12:43 - 00607260 ____R (Swearware) C:\Users\Joshua\Desktop\dds.scr
          2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
          2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
          2012-09-29 12:35 - 2012-09-29 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
          2012-09-29 12:35 - 2012-09-07 17:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
          2012-09-29 12:33 - 2012-09-29 12:34 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\Joshua\Desktop\mbam-setup-1.65.0.1400.exe
          2012-09-29 12:25 - 2012-09-29 12:25 - 00513501 ____A C:\Users\Joshua\Desktop\adwcleaner.exe
          2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
          2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
          2012-09-29 12:15 - 2012-09-29 12:15 - 00000000 ____D C:\Program Files\CCleaner
          2012-09-29 12:13 - 2012-09-29 12:14 - 03941312 ____A (Piriform Ltd) C:\Users\Joshua\Desktop\ccsetup323.exe
          2012-09-29 11:37 - 2012-09-29 11:37 - 00302592 ____A C:\Users\Joshua\Downloads\c7bkzkj7.exe
          2012-09-29 10:33 - 2012-09-29 10:33 - 00000000 ____A C:\Users\Joshua\Desktop\zk2f8py0.reg
          2012-09-29 10:29 - 2012-09-29 10:29 - 00302592 ____A C:\Users\Joshua\Desktop\zk2f8py0.exe
          2012-09-29 06:18 - 2012-09-29 06:18 - 00000000 ____D C:\Users\All Users\SUPERSetup
          2012-09-29 06:18 - 2012-09-29 06:18 - 00000000 ____D C:\Users\All Users\Application Data\SUPERSetup
          2012-09-29 05:13 - 2012-09-29 05:13 - 00019277 ____A C:\ComboFix.txt
          2012-09-29 05:12 - 2012-09-29 06:00 - 00000000 ____D C:\Windows\erdnt
          2012-09-29 03:54 - 2012-09-29 04:11 - 00000000 ____D C:\Users\Joshua\Application Data\USTechSupport
          2012-09-29 03:54 - 2012-09-29 04:11 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\USTechSupport
          2012-09-29 03:52 - 2012-09-29 04:15 - 00000000 ____D C:\Users\All Users\USTechSupport
          2012-09-29 03:52 - 2012-09-29 04:15 - 00000000 ____D C:\Users\All Users\Application Data\USTechSupport
          2012-09-29 03:52 - 2012-09-29 03:52 - 02163864 ____A (US Tech Support LLC) C:\Users\Joshua\Downloads\MaxMySpeed.exe
          2012-09-26 16:39 - 2012-08-21 16:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
          2012-09-24 17:45 - 2012-09-24 17:45 - 00000000 ____D C:\Users\Joshua\Application Data\Softland
          2012-09-24 17:45 - 2012-09-24 17:45 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Softland
          2012-09-24 17:45 - 2012-05-17 08:45 - 00024968 ____A (Softland) C:\Windows\System32\dopdfmn7.dll
          2012-09-24 17:45 - 2012-05-17 08:45 - 00021384 ____A (Softland) C:\Windows\System32\dopdfmi7.dll
          2012-09-24 17:45 - 2010-11-25 12:17 - 00007549 ____A C:\Windows\System32\dopdf7.ctm
          2012-09-24 17:45 - 2010-02-05 15:00 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
          2012-09-24 17:44 - 2012-09-24 17:44 - 04238448 ____A (Softland                                                    ) C:\Users\Joshua\Downloads\dopdf-7.exe
          2012-09-24 17:44 - 2012-09-24 17:44 - 00000000 ____D C:\Program Files\Softland
          2012-09-23 11:40 - 2012-09-23 11:40 - 00057560 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
          2012-09-21 18:01 - 2012-08-24 13:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
          2012-09-21 18:01 - 2012-08-24 13:03 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
          2012-09-21 18:01 - 2012-08-24 13:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
          2012-09-21 18:01 - 2012-08-24 13:02 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
          2012-09-21 18:01 - 2012-08-24 11:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
          2012-09-21 18:01 - 2012-08-24 11:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
          2012-09-21 18:01 - 2012-08-24 11:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
          2012-09-21 18:01 - 2012-08-24 11:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
          2012-09-21 18:00 - 2012-08-24 13:05 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
          2012-09-21 18:00 - 2012-08-24 13:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
          2012-09-21 18:00 - 2012-08-24 13:03 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
          2012-09-21 18:00 - 2012-08-24 13:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
          2012-09-21 18:00 - 2012-08-24 13:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
          2012-09-21 18:00 - 2012-08-24 11:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
          2012-09-21 18:00 - 2012-08-24 11:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
          2012-09-21 18:00 - 2012-08-24 11:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
          2012-09-21 18:00 - 2012-08-24 11:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
          2012-09-21 17:59 - 2012-08-24 13:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
          2012-09-21 17:59 - 2012-08-24 11:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
          2012-09-21 17:59 - 2012-08-24 11:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
          2012-09-21 17:59 - 2012-08-24 10:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
          2012-09-21 17:59 - 2012-08-24 10:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
          2012-09-16 20:10 - 2012-09-24 17:42 - 00000000 ____D C:\Users\Joshua\Local Settings\CutePDF Writer
          2012-09-16 20:10 - 2012-09-24 17:42 - 00000000 ____D C:\Users\Joshua\Local Settings\Application Data\CutePDF Writer
          2012-09-16 20:10 - 2012-09-24 17:42 - 00000000 ____D C:\Users\Joshua\AppData\Local\CutePDF Writer
          2012-09-16 20:09 - 2012-09-16 20:09 - 00000000 ____D C:\Program Files (x86)\GPLGS
          2012-09-16 20:08 - 2012-09-16 20:08 - 05254656 ____A C:\Users\Joshua\Downloads\converter.exe
          2012-09-15 20:58 - 2012-09-15 20:58 - 00000000 ____D C:\Program Files (x86)\Acro Software
          2012-09-15 20:58 - 2012-07-31 11:31 - 00087152 ____A C:\Windows\System32\cpwmon64.dll
          2012-09-15 20:55 - 2012-09-15 20:55 - 04633584 ____A (Acro Software Inc.                                          ) C:\Users\Joshua\Downloads\CuteWriter.exe
          2012-09-15 20:54 - 2012-09-15 20:54 - 00587640 ____A C:\Users\Joshua\Downloads\cbsidlm-tr1_6-CutePDF_Writer-10206470.exe
          2012-09-15 20:43 - 2012-09-15 20:43 - 00000000 ____D C:\Users\Joshua\Local Settings\PrimoPDFContent
          2012-09-15 20:43 - 2012-09-15 20:43 - 00000000 ____D C:\Users\Joshua\Local Settings\Application Data\PrimoPDFContent
          2012-09-15 20:43 - 2012-09-15 20:43 - 00000000 ____D C:\Users\Joshua\AppData\Local\PrimoPDFContent
          2012-09-15 19:42 - 2012-09-15 19:45 - 700989440 ___AT C:\Users\Joshua\My Documents\ModPhys.ps
          2012-09-15 19:42 - 2012-09-15 19:45 - 700989440 ___AT C:\Users\Joshua\Documents\ModPhys.ps
          2012-09-15 19:39 - 2012-09-15 21:04 - 00000000 ____D C:\Users\Joshua\Application Data\PrimoPDF
          2012-09-15 19:39 - 2012-09-15 21:04 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\PrimoPDF
          2012-09-15 19:37 - 2012-09-16 21:04 - 00000000 ____D C:\Program Files (x86)\Nitro PDF
          2012-09-15 19:37 - 2011-02-28 17:37 - 00095008 ____A C:\Windows\System32\Primomonnt.dll
          2012-09-15 19:35 - 2012-09-16 19:44 - 07549704 ____A C:\Users\Joshua\Downloads\InternationalPrimoPDF.exe
          2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\My Documents\SolidPhys.txt
          2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\Documents\SolidPhys.txt
          2012-09-15 16:56 - 2012-09-15 16:56 - 00101680 ____A (Amazon.com, Inc.) C:\Windows\System32\stkMonitor.dll
          2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Users\Joshua\Local Settings\Application Data\Amazon
          2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Users\Joshua\Local Settings\Amazon
          2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Users\Joshua\AppData\Local\Amazon
          2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Program Files (x86)\Amazon
          2012-09-15 16:55 - 2012-09-15 16:55 - 05291440 ____A (Amazon.com, Inc.) C:\Users\Joshua\Downloads\SendToKindleForPC-installer.exe
          2012-09-15 16:42 - 2012-09-24 18:15 - 00000000 ____D C:\Users\Joshua\Desktop\Fall 2012 Class PDF's
          2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\CanonIJSolutionMenuEX
          2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\CanonIJEPPEX2
          2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\CanonEPP
          2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJSolutionMenuEX
          2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJEPPEX2
          2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\Application Data\CanonEPP
          2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ___HD C:\Users\All Users\CanonIJMyPrinter
          2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJMyPrinter
          2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ____D C:\Users\Joshua\Application Data\Canon
          2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Canon
          2012-09-14 18:25 - 2012-09-14 18:25 - 00000000 ____D C:\Users\All Users\Canon IJ Network Tool
          2012-09-14 18:25 - 2012-09-14 18:25 - 00000000 ____D C:\Users\All Users\Application Data\Canon IJ Network Tool
          2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\CanonIJFAX
          2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\CanonIJEGV
          2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJFAX
          2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJEGV
          2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
          2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\All Users\Desktop\Canon Solution Menu EX.lnk
          2012-09-14 18:10 - 2012-09-14 18:10 - 00000000 ____D C:\Program Files\Common Files\CANON
          2012-09-14 18:09 - 2012-09-14 18:09 - 00000000 ____D C:\Users\All Users\CanonIJWSpt
          2012-09-14 18:09 - 2012-09-14 18:09 - 00000000 ____D C:\Users\All Users\Application Data\CanonIJWSpt
          2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\Public\Desktop\Canon MX430 series On-screen Manual.lnk
          2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\All Users\Desktop\Canon MX430 series On-screen Manual.lnk
          2012-09-14 18:06 - 2012-09-14 18:06 - 00000000 ____D C:\Program Files\Canon
          2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
          2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Users\All Users\CanonBJ
          2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Users\All Users\Application Data\CanonBJ
          2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Program Files\CanonBJ
          2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ____D C:\Windows\System32\STRING
          2012-09-14 18:04 - 2011-11-03 05:00 - 00385024 ____A (CANON INC.) C:\Windows\System32\CNMLMB1.DLL
          2012-09-14 18:04 - 2011-10-14 11:57 - 00300544 ____A (CANON INC.) C:\Windows\System32\CNC_B1C.dll
          2012-09-14 18:04 - 2011-10-14 11:57 - 00102912 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_B1U.dll
          2012-09-14 18:04 - 2011-10-14 11:56 - 00109568 ____A (CANON INC.) C:\Windows\System32\CNC_B1I.dll
          2012-09-14 18:04 - 2011-09-29 04:23 - 00256000 ____A (CANON INC.) C:\Windows\System32\CNMIUB1.DLL
          2012-09-14 18:04 - 2011-09-22 08:59 - 00358912 ____A (CANON INC.) C:\Windows\System32\CNC_B1L.dll
          2012-09-14 18:04 - 2011-09-22 08:57 - 00316416 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_B1L.dll
          2012-09-14 18:04 - 2011-09-21 05:00 - 00302592 ____A (CANON INC.) C:\Windows\System32\CNCALB1.DLL
          2012-09-14 18:04 - 2011-08-16 03:30 - 00356864 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
          2012-09-14 18:04 - 2011-08-16 03:30 - 00039424 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
          2012-09-14 18:04 - 2011-06-30 13:52 - 00065280 ____A C:\Windows\SysWOW64\CNC175BD.TBL
          2012-09-14 18:04 - 2011-06-30 13:52 - 00065280 ____A C:\Windows\System32\CNC175BD.TBL
          2012-09-14 18:04 - 2011-05-27 11:19 - 00097792 ____A (Canon Inc.) C:\Windows\System32\CNC_B1O.dll
          2012-09-14 18:04 - 2008-08-25 18:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
          2012-09-14 18:04 - 2008-08-25 18:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
          2012-09-14 18:03 - 2012-09-22 03:17 - 00000000 ____D C:\Users\All Users\CanonIJPLM
          2012-09-14 18:03 - 2012-09-22 03:17 - 00000000 ____D C:\Users\All Users\Application Data\CanonIJPLM
          2012-09-14 18:02 - 2012-09-14 18:28 - 00000000 ____D C:\Program Files (x86)\Canon
          2012-09-14 18:02 - 2012-09-14 18:02 - 00000000 ___HD C:\Users\All Users\CanonIJETV
          2012-09-14 18:02 - 2012-09-14 18:02 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJETV
          2012-09-12 11:59 - 2012-08-22 13:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
          2012-09-12 11:59 - 2012-08-22 13:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
          2012-09-12 11:59 - 2012-08-22 13:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
          2012-09-12 11:59 - 2012-08-22 13:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
          2012-09-12 11:59 - 2012-08-02 12:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
          2012-09-12 11:59 - 2012-08-02 11:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
          2012-09-12 11:59 - 2012-07-04 15:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
          2012-09-10 22:46 - 2012-09-10 22:47 - 00007562 ____A C:\Users\Joshua\My Documents\cc_20120910_224651.reg
          2012-09-10 22:46 - 2012-09-10 22:47 - 00007562 ____A C:\Users\Joshua\Documents\cc_20120910_224651.reg
          2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\My Documents\cc_20120910_224400.reg
          2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\Documents\cc_20120910_224400.reg
          2012-09-10 22:39 - 2012-09-10 22:40 - 03927560 ____A (Piriform Ltd) C:\Users\Joshua\Downloads\ccsetup322.exe


          ==================== 3 Months Modified Files ==================

          2012-09-30 00:47 - 2011-01-14 10:07 - 01861103 ____A C:\Windows\WindowsUpdate.log
          2012-09-30 00:36 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
          2012-09-30 00:36 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
          2012-09-30 00:34 - 2012-09-30 00:34 - 00000089 ____A C:\data
          2012-09-30 00:34 - 2009-07-14 00:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
          2012-09-30 00:29 - 2012-09-29 13:38 - 00000224 ____A C:\Windows\setupact.log
          2012-09-30 00:29 - 2011-02-22 21:09 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
          2012-09-30 00:29 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
          2012-09-29 22:52 - 2011-02-22 21:09 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
          2012-09-29 13:38 - 2012-09-29 13:38 - 00000456 ____A C:\Windows\PFRO.log
          2012-09-29 13:38 - 2012-09-29 13:38 - 00000000 ____A C:\Windows\setuperr.log
          2012-09-29 13:36 - 2012-09-29 13:36 - 00005289 ____A C:\AdwCleaner[S1].txt
          2012-09-29 13:04 - 2012-09-29 13:04 - 00004532 ____A C:\AdwCleaner[R1].txt
          2012-09-29 12:55 - 2012-09-29 12:54 - 00003456 ____A C:\Users\Joshua\My Documents\cc_20120929_125451.reg
          2012-09-29 12:55 - 2012-09-29 12:54 - 00003456 ____A C:\Users\Joshua\Documents\cc_20120929_125451.reg
          2012-09-29 12:43 - 2012-09-29 12:42 - 00607260 ____R (Swearware) C:\Users\Joshua\Desktop\dds.scr
          2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
          2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
          2012-09-29 12:34 - 2012-09-29 12:33 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\Joshua\Desktop\mbam-setup-1.65.0.1400.exe
          2012-09-29 12:25 - 2012-09-29 12:25 - 00513501 ____A C:\Users\Joshua\Desktop\adwcleaner.exe
          2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
          2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
          2012-09-29 12:14 - 2012-09-29 12:13 - 03941312 ____A (Piriform Ltd) C:\Users\Joshua\Desktop\ccsetup323.exe
          2012-09-29 11:37 - 2012-09-29 11:37 - 00302592 ____A C:\Users\Joshua\Downloads\c7bkzkj7.exe
          2012-09-29 10:33 - 2012-09-29 10:33 - 00000000 ____A C:\Users\Joshua\Desktop\zk2f8py0.reg
          2012-09-29 10:29 - 2012-09-29 10:29 - 00302592 ____A C:\Users\Joshua\Desktop\zk2f8py0.exe
          2012-09-29 05:13 - 2012-09-29 05:13 - 00019277 ____A C:\ComboFix.txt
          2012-09-29 05:12 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
          2012-09-29 03:52 - 2012-09-29 03:52 - 02163864 ____A (US Tech Support LLC) C:\Users\Joshua\Downloads\MaxMySpeed.exe
          2012-09-24 17:44 - 2012-09-24 17:44 - 04238448 ____A (Softland                                                    ) C:\Users\Joshua\Downloads\dopdf-7.exe
          2012-09-23 11:40 - 2012-09-23 11:40 - 00057560 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
          2012-09-16 20:08 - 2012-09-16 20:08 - 05254656 ____A C:\Users\Joshua\Downloads\converter.exe
          2012-09-16 19:44 - 2012-09-15 19:35 - 07549704 ____A C:\Users\Joshua\Downloads\InternationalPrimoPDF.exe
          2012-09-15 20:55 - 2012-09-15 20:55 - 04633584 ____A (Acro Software Inc.                                          ) C:\Users\Joshua\Downloads\CuteWriter.exe
          2012-09-15 20:54 - 2012-09-15 20:54 - 00587640 ____A C:\Users\Joshua\Downloads\cbsidlm-tr1_6-CutePDF_Writer-10206470.exe
          2012-09-15 19:45 - 2012-09-15 19:42 - 700989440 ___AT C:\Users\Joshua\My Documents\ModPhys.ps
          2012-09-15 19:45 - 2012-09-15 19:42 - 700989440 ___AT C:\Users\Joshua\Documents\ModPhys.ps
          2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\My Documents\SolidPhys.txt
          2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\Documents\SolidPhys.txt
          2012-09-15 16:56 - 2012-09-15 16:56 - 00101680 ____A (Amazon.com, Inc.) C:\Windows\System32\stkMonitor.dll
          2012-09-15 16:55 - 2012-09-15 16:55 - 05291440 ____A (Amazon.com, Inc.) C:\Users\Joshua\Downloads\SendToKindleForPC-installer.exe
          2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
          2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\All Users\Desktop\Canon Solution Menu EX.lnk
          2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\Public\Desktop\Canon MX430 series On-screen Manual.lnk
          2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\All Users\Desktop\Canon MX430 series On-screen Manual.lnk
          2012-09-13 03:01 - 2011-03-01 12:42 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
          2012-09-10 22:47 - 2012-09-10 22:46 - 00007562 ____A C:\Users\Joshua\My Documents\cc_20120910_224651.reg
          2012-09-10 22:47 - 2012-09-10 22:46 - 00007562 ____A C:\Users\Joshua\Documents\cc_20120910_224651.reg
          2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\My Documents\cc_20120910_224400.reg
          2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\Documents\cc_20120910_224400.reg
          2012-09-10 22:40 - 2012-09-10 22:39 - 03927560 ____A (Piriform Ltd) C:\Users\Joshua\Downloads\ccsetup322.exe
          2012-09-07 17:04 - 2012-09-29 12:35 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
          2012-08-29 16:35 - 2012-08-29 16:35 - 00929280 ____A C:\Users\Joshua\Downloads\LarColAlg8_01_04.ppt
          2012-08-24 13:05 - 2012-09-21 18:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
          2012-08-24 13:05 - 2012-09-21 18:00 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
          2012-08-24 13:05 - 2012-09-21 17:59 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
          2012-08-24 13:03 - 2012-09-21 18:01 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
          2012-08-24 13:03 - 2012-09-21 18:01 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
          2012-08-24 13:03 - 2012-09-21 18:00 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
          2012-08-24 13:03 - 2012-09-21 18:00 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
          2012-08-24 13:02 - 2012-09-21 18:01 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
          2012-08-24 13:02 - 2012-09-21 18:00 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
          2012-08-24 13:02 - 2012-09-21 18:00 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
          2012-08-24 11:57 - 2012-09-21 18:01 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
          2012-08-24 11:57 - 2012-09-21 18:01 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
          2012-08-24 11:57 - 2012-09-21 18:01 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
          2012-08-24 11:57 - 2012-09-21 18:00 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
          2012-08-24 11:57 - 2012-09-21 18:00 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
          2012-08-24 11:57 - 2012-09-21 17:59 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
          2012-08-24 11:56 - 2012-09-21 18:01 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
          2012-08-24 11:56 - 2012-09-21 18:00 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
          2012-08-24 11:56 - 2012-09-21 18:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
          2012-08-24 11:56 - 2012-09-21 17:59 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
          2012-08-24 10:59 - 2012-09-21 17:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
          2012-08-24 10:20 - 2012-09-21 17:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
          2012-08-22 13:12 - 2012-09-12 11:59 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
          2012-08-22 13:12 - 2012-09-12 11:59 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
          2012-08-22 13:12 - 2012-09-12 11:59 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
          2012-08-22 13:12 - 2012-09-12 11:59 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
          2012-08-21 16:01 - 2012-09-26 16:39 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
          2012-08-17 08:44 - 2009-07-13 23:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
          2012-08-02 12:58 - 2012-09-12 11:59 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
          2012-08-02 11:57 - 2012-09-12 11:59 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
          2012-07-31 11:31 - 2012-09-15 20:58 - 00087152 ____A C:\Windows\System32\cpwmon64.dll
          2012-07-25 13:57 - 2012-07-25 13:56 - 10652120 ____A (Malwarebytes Corporation                                    ) C:\Users\Joshua\Downloads\mbam-setup-1.62.0.1300.exe
          2012-07-25 10:29 - 2012-07-25 10:29 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Joshua\Downloads\tdsskiller.exe
          2012-07-23 19:37 - 2012-07-23 19:37 - 00000000 ____A C:\Windows\SysWOW64\sho8B2F.tmp
          2012-07-23 18:05 - 2012-07-23 18:03 - 16580936 ____A (McAfee, Inc.) C:\Users\Joshua\Downloads\6781xdat.exe.part
          2012-07-23 18:04 - 2012-07-23 18:04 - 02199393 ____A (McAfee, Inc.) C:\Users\Joshua\Downloads\5400eng.exe
          2012-07-18 13:15 - 2012-08-16 08:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
          2012-07-16 15:32 - 2012-07-16 15:32 - 00008187 ____A C:\Users\Joshua\My Documents\2012-2013 FADX.txt
          2012-07-16 15:32 - 2012-07-16 15:32 - 00008187 ____A C:\Users\Joshua\Documents\2012-2013 FADX.txt
          2012-07-06 15:07 - 2012-08-17 03:09 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
          2012-07-04 17:16 - 2012-08-16 08:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
          2012-07-04 17:13 - 2012-08-16 08:18 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
          2012-07-04 17:13 - 2012-08-16 08:18 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
          2012-07-04 16:16 - 2012-08-16 08:18 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
          2012-07-04 16:14 - 2012-08-16 08:18 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
          2012-07-04 15:26 - 2012-09-12 11:59 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys


          ==================== Known DLLs (Whitelisted) =================


          ==================== Bamital & volsnap Check =================

          C:\Windows\System32\winlogon.exe => MD5 is legit
          C:\Windows\System32\wininit.exe => MD5 is legit
          C:\Windows\SysWOW64\wininit.exe => MD5 is legit
          C:\Windows\explorer.exe => MD5 is legit
          C:\Windows\SysWOW64\explorer.exe => MD5 is legit
          C:\Windows\System32\svchost.exe => MD5 is legit
          C:\Windows\SysWOW64\svchost.exe => MD5 is legit
          C:\Windows\System32\services.exe => MD5 is legit
          C:\Windows\System32\User32.dll => MD5 is legit
          C:\Windows\SysWOW64\User32.dll => MD5 is legit
          C:\Windows\System32\userinit.exe => MD5 is legit
          C:\Windows\SysWOW64\userinit.exe => MD5 is legit
          C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

          ==================== EXE ASSOCIATION =====================

          HKLM\...\.exe: exefile => OK
          HKLM\...\exefile\DefaultIcon: %1 => OK
          HKLM\...\exefile\open\command: "%1" %* => OK

          ==================== Restore Points  =========================

          Restore point made on: 2012-09-29 06:01:43

          ==================== Memory info ===========================

          Percentage of memory in use: 16%
          Total physical RAM: 3894.68 MB
          Available physical RAM: 3249.96 MB
          Total Pagefile: 3892.83 MB
          Available Pagefile: 3241.49 MB
          Total Virtual: 8192 MB
          Available Virtual: 8191.9 MB

          ==================== Partitions =============================

          1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:370.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
          2 Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
          4 Drive f: (JOKAZZ) (Removable) (Total:3.74 GB) (Free:2.27 GB) FAT32
          5 Drive g: () (Removable) (Total:3.69 GB) (Free:0.02 GB) FAT32
          6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

            Disk ###  Status         Size     Free     Dyn  Gpt
            --------  -------------  -------  -------  ---  ---
            Disk 0    Online          465 GB      0 B         
            Disk 1    Online         3835 MB      0 B         
            Disk 2    Online         3781 MB      0 B         

          Partitions of Disk 0:
          ===============

            Partition ###  Type              Size     Offset
            -------------  ----------------  -------  -------
            Partition 1    OEM                100 MB  1024 KB
            Partition 2    Primary             14 GB   101 MB
            Partition 3    Primary            451 GB    14 GB

          ==================================================================================

          Disk: 0
          Partition 1
          Type  : DE
          Hidden: Yes
          Active: No

            Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
            ----------  ---  -----------  -----  ----------  -------  ---------  --------
          * Volume 5         DELLUTILITY  FAT    Partition    100 MB  Healthy    Hidden 

          =========================================================

          Disk: 0
          Partition 2
          Type  : 07
          Hidden: No
          Active: Yes

            Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
            ----------  ---  -----------  -----  ----------  -------  ---------  --------
          * Volume 1     D   Recovery     NTFS   Partition     14 GB  Healthy           

          =========================================================

          Disk: 0
          Partition 3
          Type  : 07
          Hidden: No
          Active: No

            Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
            ----------  ---  -----------  -----  ----------  -------  ---------  --------
          * Volume 2     C   OS           NTFS   Partition    451 GB  Healthy           

          =========================================================

          Partitions of Disk 1:
          ===============

            Partition ###  Type              Size     Offset
            -------------  ----------------  -------  -------
            Partition 1    Primary           3827 MB    19 KB

          ==================================================================================

          Disk: 1
          Partition 1
          Type  : 0B
          Hidden: No
          Active: No

            Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
            ----------  ---  -----------  -----  ----------  -------  ---------  --------
          * Volume 3     F   JOKAZZ       FAT32  Removable   3827 MB  Healthy           

          =========================================================

          Partitions of Disk 2:
          ===============

            Partition ###  Type              Size     Offset
            -------------  ----------------  -------  -------
            Partition 1    Primary           3777 MB  4096 KB

          ==================================================================================

          Disk: 2
          Partition 1
          Type  : 0B
          Hidden: No
          Active: No

            Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
            ----------  ---  -----------  -----  ----------  -------  ---------  --------
          * Volume 4     G                FAT32  Removable   3777 MB  Healthy           

          =========================================================

          Last Boot: 2012-09-26 18:45

          ==================== End Of Log =============================

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Infected with zeroaccess rootkit!!!
          « Reply #5 on: September 30, 2012, 11:16:39 AM »
          Download Security Check by screen317 from one of the following links and save it to your desktop.

          Link 1
          Link 2

          * Double-click Security Check.bat
          * Follow the on-screen instructions inside of the black box.
          * A Notepad document should open automatically called checkup.txt
          * Post the contents of that document in your next reply.

          Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
          **************************************************************
          Download Combofix from any of the links below, and save it to your DESKTOP

          Link 1
          Link 2
          Link 3

          To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
          • Close any open windows and double click ComboFix.exe to run it.

            You will see the following image:


          Click I Agree to start the program.

          ComboFix will then extract the necessary files and you will see this:



          As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

          It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

          If you did not have it installed, you will see the prompt below. Choose YES.



          Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

          **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

          Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



          Click on Yes, to continue scanning for malware.

          When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

          Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

          Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
          Windows 8 and Windows 10 dual boot with two SSD's

          tsfc

            Topic Starter


            Rookie

            • Experience: Familiar
            • OS: Windows 7
            Re: Infected with zeroaccess rootkit!!!
            « Reply #6 on: September 30, 2012, 12:01:43 PM »
             Results of screen317's Security Check version 0.99.51 
             Windows 7 Service Pack 1 x64 (UAC is enabled) 
             Internet Explorer 8 Out of date!
            ``````````````Antivirus/Firewall Check:``````````````[/u]
             Windows Firewall Enabled! 
            McAfee Anti-Virus and Anti-Spyware   
             WMI entry may not exist for antivirus; attempting automatic update.
            `````````Anti-malware/Other Utilities Check:`````````[/u]
             Malwarebytes Anti-Malware version 1.65.0.1400 
             Java(TM) 6 Update 35 
             Java version out of Date!
             Adobe Flash Player 10 Flash Player out of Date!
             Adobe Reader 9 Adobe Reader out of Date!
             Mozilla Firefox 12.0 Firefox out of Date! 
            ````````Process Check: objlist.exe by Laurent````````[/u] 
             Malwarebytes Anti-Malware mbamservice.exe 
             Malwarebytes Anti-Malware mbamgui.exe 
             Malwarebytes' Anti-Malware mbamscheduler.exe   
            `````````````````System Health check`````````````````[/u]
             Total Fragmentation on Drive C: 0%
            ````````````````````End of Log``````````````````````[/u]


            ComboFix 12-09-30.01 - Joshua 09/30/2012  14:51:22.2.4 - x64
            Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2588 [GMT -5:00]
            Running from: c:\users\Joshua\Desktop\ComboFix.exe
            AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
            FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
            SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
            SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            .
            .
            (((((((((((((((((((((((((   Files Created from 2012-08-28 to 2012-09-30  )))))))))))))))))))))))))))))))
            .
            .
            2012-09-30 19:59 . 2012-09-30 19:59   --------   d-----w-   c:\users\Default\AppData\Local\temp
            2012-09-30 14:45 . 2012-09-30 14:45   477168   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
            2012-09-30 06:48 . 2012-09-30 06:48   --------   d-----w-   C:\FRST
            2012-09-30 05:32 . 2012-09-30 06:52   --------   d-----w-   c:\program files (x86)\DownloadManager
            2012-09-29 17:35 . 2012-09-29 17:35   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
            2012-09-29 17:35 . 2012-09-07 22:04   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
            2012-09-29 17:15 . 2012-09-29 17:15   --------   d-----w-   c:\program files\CCleaner
            2012-09-29 11:18 . 2012-09-29 11:18   --------   d-----w-   c:\programdata\SUPERSetup
            2012-09-29 08:54 . 2012-09-29 09:11   --------   d-----w-   c:\users\Joshua\AppData\Roaming\USTechSupport
            2012-09-29 08:52 . 2012-09-29 09:15   --------   d-----w-   c:\programdata\USTechSupport
            2012-09-28 19:35 . 2012-08-30 07:27   9308616   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DB98C2F-38F0-4604-8868-78303CEDC956}\mpengine.dll
            2012-09-26 21:39 . 2012-08-21 21:01   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
            2012-09-24 22:45 . 2012-09-24 22:45   --------   d-----w-   c:\users\Joshua\AppData\Roaming\Softland
            2012-09-24 22:45 . 2012-05-17 13:45   24968   ----a-w-   c:\windows\system32\dopdfmn7.dll
            2012-09-24 22:45 . 2012-05-17 13:45   21384   ----a-w-   c:\windows\system32\dopdfmi7.dll
            2012-09-24 22:45 . 2010-02-05 20:00   1700352   ----a-w-   c:\windows\system32\GdiPlus.dll
            2012-09-24 22:44 . 2012-09-24 22:44   --------   d-----w-   c:\program files\Softland
            2012-09-21 23:01 . 2012-08-24 18:03   9056256   ----a-w-   c:\windows\system32\mshtml.dll
            2012-09-21 23:01 . 2012-08-24 18:02   12295680   ----a-w-   c:\windows\system32\ieframe.dll
            2012-09-21 23:01 . 2012-08-24 18:03   735744   ----a-w-   c:\windows\system32\msfeeds.dll
            2012-09-21 23:01 . 2012-08-24 18:05   1494528   ----a-w-   c:\windows\system32\urlmon.dll
            2012-09-21 22:59 . 2012-08-24 18:05   134144   ----a-w-   c:\windows\system32\url.dll
            2012-09-21 22:59 . 2012-08-24 15:20   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
            2012-09-21 22:59 . 2012-08-24 15:59   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
            2012-09-17 01:10 . 2012-09-24 22:42   --------   d-----w-   c:\users\Joshua\AppData\Local\CutePDF Writer
            2012-09-17 01:09 . 2012-09-17 01:09   --------   d-----w-   c:\program files (x86)\GPLGS
            2012-09-16 01:58 . 2012-07-31 16:31   87152   ----a-w-   c:\windows\system32\cpwmon64.dll
            2012-09-16 01:58 . 2012-09-16 01:58   --------   d-----w-   c:\program files (x86)\Acro Software
            2012-09-16 01:43 . 2012-09-16 01:43   --------   d-----w-   c:\users\Joshua\AppData\Local\PrimoPDFContent
            2012-09-16 00:39 . 2012-09-16 02:04   --------   d-----w-   c:\users\Joshua\AppData\Roaming\PrimoPDF
            2012-09-16 00:37 . 2011-02-28 22:37   95008   ----a-w-   c:\windows\system32\Primomonnt.dll
            2012-09-16 00:37 . 2012-09-17 02:04   --------   d-----w-   c:\program files (x86)\Nitro PDF
            2012-09-15 21:56 . 2012-09-15 21:56   --------   d-----w-   c:\users\Joshua\AppData\Local\Amazon
            2012-09-15 21:56 . 2012-09-15 21:56   101680   ----a-w-   c:\windows\system32\stkMonitor.dll
            2012-09-15 21:56 . 2012-09-15 21:56   --------   d-----w-   c:\program files (x86)\Amazon
            2012-09-14 23:29 . 2012-09-14 23:29   --------   d--h--w-   c:\programdata\CanonIJSolutionMenuEX
            2012-09-14 23:29 . 2012-09-14 23:29   --------   d--h--w-   c:\programdata\CanonIJEPPEX2
            2012-09-14 23:29 . 2012-09-14 23:29   --------   d--h--w-   c:\programdata\CanonEPP
            2012-09-14 23:28 . 2012-09-14 23:28   --------   d--h--w-   c:\programdata\CanonIJMyPrinter
            2012-09-14 23:28 . 2012-09-14 23:28   --------   d-----w-   c:\users\Joshua\AppData\Roaming\Canon
            2012-09-14 23:25 . 2012-09-14 23:25   --------   d-----w-   c:\programdata\Canon IJ Network Tool
            2012-09-14 23:14 . 2012-09-14 23:14   --------   d--h--w-   c:\programdata\CanonIJFAX
            2012-09-14 23:14 . 2012-09-14 23:14   --------   d--h--w-   c:\programdata\CanonIJEGV
            2012-09-14 23:10 . 2012-09-14 23:10   --------   d-----w-   c:\program files\Common Files\CANON
            2012-09-14 23:09 . 2012-09-14 23:09   --------   d-----w-   c:\programdata\CanonIJWSpt
            2012-09-14 23:06 . 2012-09-14 23:06   --------   d-----w-   c:\program files\Canon
            2012-09-14 23:03 . 2012-09-22 08:17   --------   d-----w-   c:\programdata\CanonIJPLM
            2012-09-14 23:02 . 2012-09-14 23:02   --------   d--h--w-   c:\programdata\CanonIJETV
            2012-09-14 23:02 . 2012-09-14 23:28   --------   d-----w-   c:\program files (x86)\Canon
            2012-09-12 16:59 . 2012-08-22 18:12   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
            2012-09-12 16:59 . 2012-07-04 20:26   41472   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
            2012-09-12 16:59 . 2012-08-02 17:58   574464   ----a-w-   c:\windows\system32\d3d10level9.dll
            2012-09-12 16:59 . 2012-08-02 16:57   490496   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
            2012-09-12 16:59 . 2012-08-22 18:12   1913200   ----a-w-   c:\windows\system32\drivers\tcpip.sys
            2012-09-12 16:59 . 2012-08-22 18:12   376688   ----a-w-   c:\windows\system32\drivers\netio.sys
            2012-09-12 16:59 . 2012-08-22 18:12   288624   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
            .
            .
            .
            ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2012-09-30 14:45 . 2011-03-07 02:09   473072   ----a-w-   c:\windows\SysWow64\deployJava1.dll
            2012-09-13 08:01 . 2011-03-01 17:42   64462936   ----a-w-   c:\windows\system32\MRT.exe
            2012-07-24 00:37 . 2012-07-24 00:37   0   ----a-w-   c:\windows\SysWow64\sho8B2F.tmp
            2012-07-18 18:15 . 2012-08-16 13:15   3148800   ----a-w-   c:\windows\system32\win32k.sys
            2012-07-06 20:07 . 2012-08-17 08:09   552960   ----a-w-   c:\windows\system32\drivers\bthport.sys
            2012-07-04 22:16 . 2012-08-16 13:18   73216   ----a-w-   c:\windows\system32\netapi32.dll
            2012-07-04 22:13 . 2012-08-16 13:18   59392   ----a-w-   c:\windows\system32\browcli.dll
            2012-07-04 22:13 . 2012-08-16 13:18   136704   ----a-w-   c:\windows\system32\browser.dll
            2012-07-04 21:14 . 2012-08-16 13:18   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
            .
            .
            (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown
            REGEDIT4
            .
            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-23 39408]
            "uTorrent"="c:\users\Joshua\Pictures\uTorrent.exe" [2012-06-09 880528]
            "DelayShred"="c:\progra~1\mcafee\mqs\ShrCL.EXE" [2012-03-23 129184]
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
            "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
            "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
            "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
            "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
            "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
            "Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
            "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
            "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
            "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
            "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
            "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
            "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
            "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]
            "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
            "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-12 559616]
            "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]
            .
            c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
            Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
            .
            c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
            Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "ConsentPromptBehaviorAdmin"= 5 (0x5)
            "ConsentPromptBehaviorUser"= 3 (0x3)
            "EnableUIADesktopToggle"= 0 (0x0)
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
            "LoadAppInit_DLLs"=0 (0x0)
            .
            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
            Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
            @=""
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
            @=""
            .
            R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
            R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
            R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
            R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
            R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
            R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
            R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
            R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
            R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
            R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976]
            R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
            R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
            R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
            R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-24 1255736]
            R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
            R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
            R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
            S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
            S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
            S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
            S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
            S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
            S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
            S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
            S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
            S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
            S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
            S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
            S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
            S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
            S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
            S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
            S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
            S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
            S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
            S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
            S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]
            S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
            S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
            S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
            S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
            S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280]
            S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
            S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
            S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]
            S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
            S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
            S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
            S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
            S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
            S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
            .
            .
            --- Other Services/Drivers In Memory ---
            .
            *Deregistered* - mfeavfk01
            .
            Contents of the 'Scheduled Tasks' folder
            .
            2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
            - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:09]
            .
            2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
            - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:09]
            .
            .
            --------- X64 Entries -----------
            .
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
            "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
            "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
            "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
            "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
            "lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
            "lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
            "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
            .
            ------- Supplementary Scan -------
            .
            uLocal Page = c:\windows\system32\blank.htm
            uStart Page =
            mLocal Page = c:\windows\SysWOW64\blank.htm
            IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
            IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
            TCP: DhcpNameServer = 192.168.1.254
            FF - ProfilePath - c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\
            FF - prefs.js: browser.search.selectedEngine - Google
            FF - prefs.js: browser.startup.homepage - att.net
            FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
            FF - prefs.js: network.proxy.type - 0
            .
            - - - - ORPHANS REMOVED - - - -
            .
            Wow6432Node-HKLM-Run-<NO NAME> - (no file)
            SafeBoot-19306437.sys
            ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
            ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
            ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
            ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
            HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
            .
            .
            .
            --------------------- LOCKED REGISTRY KEYS ---------------------
            .
            [HKEY_USERS\S-1-5-21-3310118324-520105195-1961103251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
            @Denied: (2) (LocalSystem)
            "Progid"="WindowsLiveMail.Email.1"
            .
            [HKEY_USERS\S-1-5-21-3310118324-520105195-1961103251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
            @Denied: (2) (LocalSystem)
            "Progid"="WindowsLiveMail.VCard.1"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
            @Denied: (A 2) (Everyone)
            @="FlashBroker"
            "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
            "Enabled"=dword:00000001
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            @="Shockwave Flash Object"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
            "ThreadingModel"="Apartment"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
            @="0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
            @="ShockwaveFlash.ShockwaveFlash.10"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
            @="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
            @="ShockwaveFlash.ShockwaveFlash"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            @="Macromedia Flash Factory Object"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
            "ThreadingModel"="Apartment"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
            @="FlashFactory.FlashFactory.1"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
            @="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
            @="FlashFactory.FlashFactory"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
            @Denied: (A 2) (Everyone)
            @="IFlashBroker4"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
            @="{00020424-0000-0000-C000-000000000046}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            "Version"="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\McAfee]
            "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
               00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
            .
            [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
            @Denied: (Full) (Everyone)
            .
            Completion time: 2012-09-30  15:01:42
            ComboFix-quarantined-files.txt  2012-09-30 20:01
            ComboFix2.txt  2012-09-29 10:13
            .
            Pre-Run: 396,813,836,288 bytes free
            Post-Run: 396,684,918,784 bytes free
            .
            - - End Of File - - 63C9E8662D372AD2AB44006831CF39DE

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Infected with zeroaccess rootkit!!!
            « Reply #7 on: October 01, 2012, 04:04:58 PM »
            Update Your Java (JRE)

            Old versions of Java have vulnerabilities that malware can use to infect your system.


            First Verify your Java Version

            If there are any other version(s) installed then update now.

            Get the new version (if needed)

            If your version is out of date install the newest version of the Sun Java Runtime Environment.

            Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

            Be sure to close ALL open web browsers before starting the installation.

            Remove any old versions

            1. Download JavaRa and unzip the file to your Desktop.
            2. Open JavaRA.exe and choose Remove Older Versions
            3. Once complete exit JavaRA.

            Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
            **********************************************************
            Update your Adobe Reader. get.adobe.com/reader.

            Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
            **************************************************************
            Please download aswMBR.exe ( 511KB ) to your desktop.

            Double click the aswMBR.exe to run it



            Click the "Scan" button to start scan

            Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



            On completion of the scan click save log, save it to your desktop and post in your next reply
            Windows 8 and Windows 10 dual boot with two SSD's

            tsfc

              Topic Starter


              Rookie

              • Experience: Familiar
              • OS: Windows 7
              Re: Infected with zeroaccess rootkit!!!
              « Reply #8 on: October 01, 2012, 08:05:25 PM »
              aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
              Run date: 2012-10-01 21:08:16
              -----------------------------
              21:08:16.834    OS Version: Windows x64 6.1.7601 Service Pack 1
              21:08:16.834    Number of processors: 4 586 0x2505
              21:08:16.835    ComputerName: JOSHUA-PC  UserName: Joshua
              21:08:18.674    Initialize success
              21:09:32.682    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
              21:09:32.685    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
              21:09:32.697    Disk 0 MBR read successfully
              21:09:32.699    Disk 0 MBR scan
              21:09:32.701    Disk 0 Windows 7 default MBR code
              21:09:32.707    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      100 MB offset 2048
              21:09:32.724    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 206848
              21:09:32.737    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461838 MB offset 30926848
              21:09:32.762    Disk 0 scanning C:\Windows\system32\drivers
              21:09:49.139    Service scanning
              21:10:52.462    Modules scanning
              21:10:52.476    Disk 0 trace - called modules:
              21:10:52.495    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
              21:10:52.502    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bbc060]
              21:10:52.511    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004979050]
              21:10:52.518    Scan finished successfully
              21:11:28.805    Disk 0 MBR has been saved successfully to "C:\Users\Joshua\Desktop\MBR.dat"
              21:11:28.997    The log file has been saved successfully to "C:\Users\Joshua\Desktop\aswMBR.txt"



              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Infected with zeroaccess rootkit!!!
              « Reply #9 on: October 02, 2012, 01:19:40 PM »
              Please download Rooter and Save it to your desktop.
              • Double click it to start the tool.Vista and Windows7 run as administrator.
              • Click Scan.
              • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
              Windows 8 and Windows 10 dual boot with two SSD's

              tsfc

                Topic Starter


                Rookie

                • Experience: Familiar
                • OS: Windows 7
                Re: Infected with zeroaccess rootkit!!!
                « Reply #10 on: October 02, 2012, 09:28:02 PM »
                I have tried to run the Rooter scan but it keeps telling me it has stopped working and the program closes. What to do next?

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Infected with zeroaccess rootkit!!!
                « Reply #11 on: October 03, 2012, 01:22:03 PM »
                I'd like to scan your machine with ESET OnlineScan

                •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                ESET OnlineScan
                •Click the button.
                •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                • Click on to download the ESET Smart Installer. Save it to your desktop.
                • Double click on the icon on your desktop.
                •Check
                •Click the button.
                •Accept any security warnings from your browser.
                •Check
                •Push the Start button.
                •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                •When the scan completes, push
                •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                •Push the button.
                •Push
                A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                Windows 8 and Windows 10 dual boot with two SSD's

                tsfc

                  Topic Starter


                  Rookie

                  • Experience: Familiar
                  • OS: Windows 7
                  Re: Infected with zeroaccess rootkit!!!
                  « Reply #12 on: October 03, 2012, 08:52:34 PM »
                  C:\Documents and Settings\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\56d3a47a-70b66261   a variant of Java/Exploit.CVE-2012-1723.R trojan   deleted - quarantined

                  SuperDave

                  • Malware Removal Specialist


                  • Genius
                  • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: Infected with zeroaccess rootkit!!!
                  « Reply #13 on: October 04, 2012, 01:00:24 PM »
                  How's your computer running now? Any other issues?
                  Windows 8 and Windows 10 dual boot with two SSD's

                  tsfc

                    Topic Starter


                    Rookie

                    • Experience: Familiar
                    • OS: Windows 7
                    Re: Infected with zeroaccess rootkit!!!
                    « Reply #14 on: October 05, 2012, 07:57:20 PM »
                    Its the exact same still slow no difference.

                    SuperDave

                    • Malware Removal Specialist


                    • Genius
                    • Thanked: 1020
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 10
                    Re: Infected with zeroaccess rootkit!!!
                    « Reply #15 on: October 06, 2012, 12:34:00 PM »
                    Quote
                    I was infected with zeroaccess rootkit and attempted to remove it and it appears that it is gone however now my computer is running extremely slow while on the internet.
                    Is is just running slowly while on the internet?

                    • Download TDSSKiller and save it to your Desktop.
                    • Extract its contents to your desktop.
                    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



                    • If an infected file is detected, the default action will be Cure, click on Continue.



                    • If a suspicious file is detected, the default action will be Skip, click on Continue.



                    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



                    • Click the Report button and copy/paste the contents of it into your next reply
                    Note:It will also create a log in the C:\ directory..
                    **********************************************************************
                    • Download RogueKiller on the desktop
                    • Close all the running programs
                    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
                    • Otherwise just double-click on RogueKiller.exe
                    • Pre-scan will start. Let it finish.
                    • Click on SCAN button.
                    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
                    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
                    Windows 8 and Windows 10 dual boot with two SSD's

                    tsfc

                      Topic Starter


                      Rookie

                      • Experience: Familiar
                      • OS: Windows 7
                      Re: Infected with zeroaccess rootkit!!!
                      « Reply #16 on: October 07, 2012, 04:46:24 PM »
                      Yes, only when I'm on the internet.

                      RogueKiller V8.1.1 [10/03/2012] by Tigzy
                      mail: tigzyRK<at>gmail<dot>com
                      Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
                      Website: http://tigzy.geekstogo.com/roguekiller.php
                      Blog: http://tigzyrk.blogspot.com

                      Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
                      Started in : Normal mode
                      User : Joshua [Admin rights]
                      Mode : Remove -- Date : 10/07/2012 17:12:26

                      ¤¤¤ Bad processes : 0 ¤¤¤

                      ¤¤¤ Registry Entries : 12 ¤¤¤
                      [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
                      [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
                      [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
                      [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
                      [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

                      ¤¤¤ Particular Files / Folders: ¤¤¤

                      ¤¤¤ Driver : [NOT LOADED] ¤¤¤

                      ¤¤¤ HOSTS File: ¤¤¤
                      --> C:\Windows\system32\drivers\etc\hosts

                      127.0.0.1       localhost


                      ¤¤¤ MBR Check: ¤¤¤

                      +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
                      --- User ---
                      [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
                      [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
                      Partition table:
                      0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
                      1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
                      2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
                      User = LL1 ... OK!
                      User = LL2 ... OK!

                      +++++ PhysicalDrive1: SD Card +++++
                      --- User ---
                      [MBR] 83b42057fb3fd1d945874c9bf1406a5b
                      [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
                      Partition table:
                      0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
                      User = LL1 ... OK!
                      Error reading LL2 MBR!

                      Finished : << RKreport[2].txt >>
                      RKreport[1].txt ; RKreport[2].txt



                      RogueKiller V8.1.1 [10/03/2012] by Tigzy
                      mail: tigzyRK<at>gmail<dot>com
                      Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
                      Website: http://tigzy.geekstogo.com/roguekiller.php
                      Blog: http://tigzyrk.blogspot.com

                      Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
                      Started in : Normal mode
                      User : Joshua [Admin rights]
                      Mode : Remove -- Date : 10/07/2012 17:12:26

                      ¤¤¤ Bad processes : 0 ¤¤¤

                      ¤¤¤ Registry Entries : 12 ¤¤¤
                      [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
                      [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
                      [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
                      [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
                      [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

                      ¤¤¤ Particular Files / Folders: ¤¤¤

                      ¤¤¤ Driver : [NOT LOADED] ¤¤¤

                      ¤¤¤ HOSTS File: ¤¤¤
                      --> C:\Windows\system32\drivers\etc\hosts

                      127.0.0.1       localhost


                      ¤¤¤ MBR Check: ¤¤¤

                      +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
                      --- User ---
                      [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
                      [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
                      Partition table:
                      0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
                      1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
                      2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
                      User = LL1 ... OK!
                      User = LL2 ... OK!

                      +++++ PhysicalDrive1: SD Card +++++
                      --- User ---
                      [MBR] 83b42057fb3fd1d945874c9bf1406a5b
                      [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
                      Partition table:
                      0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
                      User = LL1 ... OK!
                      Error reading LL2 MBR!

                      Finished : << RKreport[2].txt >>
                      RKreport[1].txt ; RKreport[2].txt



                      RogueKiller V8.1.1 [10/03/2012] by Tigzy
                      mail: tigzyRK<at>gmail<dot>com
                      Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
                      Website: http://tigzy.geekstogo.com/roguekiller.php
                      Blog: http://tigzyrk.blogspot.com

                      Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
                      Started in : Normal mode
                      User : Joshua [Admin rights]
                      Mode : Remove -- Date : 10/07/2012 17:12:26

                      ¤¤¤ Bad processes : 0 ¤¤¤

                      ¤¤¤ Registry Entries : 12 ¤¤¤
                      [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
                      [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
                      [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
                      [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
                      [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

                      ¤¤¤ Particular Files / Folders: ¤¤¤

                      ¤¤¤ Driver : [NOT LOADED] ¤¤¤

                      ¤¤¤ HOSTS File: ¤¤¤
                      --> C:\Windows\system32\drivers\etc\hosts

                      127.0.0.1       localhost


                      ¤¤¤ MBR Check: ¤¤¤

                      +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
                      --- User ---
                      [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
                      [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
                      Partition table:
                      0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
                      1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
                      2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
                      User = LL1 ... OK!
                      User = LL2 ... OK!

                      +++++ PhysicalDrive1: SD Card +++++
                      --- User ---
                      [MBR] 83b42057fb3fd1d945874c9bf1406a5b
                      [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
                      Partition table:
                      0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
                      User = LL1 ... OK!
                      Error reading LL2 MBR!

                      Finished : << RKreport[2].txt >>
                      RKreport[1].txt ; RKreport[2].txt



                      RogueKiller V8.1.1 [10/03/2012] by Tigzy
                      mail: tigzyRK<at>gmail<dot>com
                      Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
                      Website: http://tigzy.geekstogo.com/roguekiller.php
                      Blog: http://tigzyrk.blogspot.com

                      Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
                      Started in : Normal mode
                      User : Joshua [Admin rights]
                      Mode : Remove -- Date : 10/07/2012 17:12:26

                      ¤¤¤ Bad processes : 0 ¤¤¤

                      ¤¤¤ Registry Entries : 12 ¤¤¤
                      [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
                      [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
                      [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
                      [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
                      [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

                      ¤¤¤ Particular Files / Folders: ¤¤¤

                      ¤¤¤ Driver : [NOT LOADED] ¤¤¤

                      ¤¤¤ HOSTS File: ¤¤¤
                      --> C:\Windows\system32\drivers\etc\hosts

                      127.0.0.1       localhost


                      ¤¤¤ MBR Check: ¤¤¤

                      +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
                      --- User ---
                      [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
                      [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
                      Partition table:
                      0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
                      1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
                      2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
                      User = LL1 ... OK!
                      User = LL2 ... OK!

                      +++++ PhysicalDrive1: SD Card +++++
                      --- User ---
                      [MBR] 83b42057fb3fd1d945874c9bf1406a5b
                      [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
                      Partition table:
                      0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
                      User = LL1 ... OK!
                      Error reading LL2 MBR!

                      Finished : << RKreport[2].txt >>
                      RKreport[1].txt ; RKreport[2].txt



                      RogueKiller V8.1.1 [10/03/2012] by Tigzy
                      mail: tigzyRK<at>gmail<dot>com
                      Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
                      Website: http://tigzy.geekstogo.com/roguekiller.php
                      Blog: http://tigzyrk.blogspot.com

                      Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
                      Started in : Normal mode
                      User : Joshua [Admin rights]
                      Mode : Remove -- Date : 10/07/2012 17:12:26

                      ¤¤¤ Bad processes : 0 ¤¤¤

                      ¤¤¤ Registry Entries : 12 ¤¤¤
                      [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
                      [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
                      [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
                      [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
                      [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

                      ¤¤¤ Particular Files / Folders: ¤¤¤

                      ¤¤¤ Driver : [NOT LOADED] ¤¤¤

                      ¤¤¤ HOSTS File: ¤¤¤
                      --> C:\Windows\system32\drivers\etc\hosts

                      127.0.0.1       localhost


                      ¤¤¤ MBR Check: ¤¤¤

                      +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
                      --- User ---
                      [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
                      [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
                      Partition table:
                      0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
                      1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
                      2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
                      User = LL1 ... OK!
                      User = LL2 ... OK!

                      +++++ PhysicalDrive1: SD Card +++++
                      --- User ---
                      [MBR] 83b42057fb3fd1d945874c9bf1406a5b
                      [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
                      Partition table:
                      0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
                      User = LL1 ... OK!
                      Error reading LL2 MBR!

                      Finished : << RKreport[2].txt >>
                      RKreport[1].txt ; RKreport[2].txt



                      RogueKiller V8.1.1 [10/03/2012] by Tigzy
                      mail: tigzyRK<at>gmail<dot>com
                      Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
                      Website: http://tigzy.geekstogo.com/roguekiller.php
                      Blog: http://tigzyrk.blogspot.com

                      Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
                      Started in : Normal mode
                      User : Joshua [Admin rights]
                      Mode : Remove -- Date : 10/07/2012 17:12:26

                      ¤¤¤ Bad processes : 0 ¤¤¤

                      ¤¤¤ Registry Entries : 12 ¤¤¤
                      [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
                      [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
                      [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
                      [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
                      [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
                      [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
                      [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

                      ¤¤¤ Particular Files / Folders: ¤¤¤

                      ¤¤¤ Driver : [NOT LOADED] ¤¤¤

                      ¤¤¤ HOSTS File: ¤¤¤
                      --> C:\Windows\system32\drivers\etc\hosts

                      127.0.0.1       localhost


                      ¤¤¤ MBR Check: ¤¤¤

                      +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
                      --- User ---
                      [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
                      [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
                      Partition table:
                      0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
                      1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
                      2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
                      User = LL1 ... OK!
                      User = LL2 ... OK!

                      +++++ PhysicalDrive1: SD Card +++++
                      --- User ---
                      [MBR] 83b42057fb3fd1d945874c9bf1406a5b
                      [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
                      Partition table:
                      0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
                      User = LL1 ... OK!
                      Error reading LL2 MBR!

                      Finished : << RKreport[2].txt >>
                      RKreport[1].txt ; RKreport[2].txt


                      17:46:09.0625 7552  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
                      17:46:11.0627 7552  ============================================================
                      17:46:11.0627 7552  Current date / time: 2012/10/07 17:46:11.0627
                      17:46:11.0627 7552  SystemInfo:
                      17:46:11.0627 7552 
                      17:46:11.0628 7552  OS Version: 6.1.7601 ServicePack: 1.0
                      17:46:11.0628 7552  Product type: Workstation
                      17:46:11.0628 7552  ComputerName: JOSHUA-PC
                      17:46:11.0628 7552  UserName: Joshua
                      17:46:11.0628 7552  Windows directory: C:\Windows
                      17:46:11.0628 7552  System windows directory: C:\Windows
                      17:46:11.0628 7552  Running under WOW64
                      17:46:11.0628 7552  Processor architecture: Intel x64
                      17:46:11.0628 7552  Number of processors: 4
                      17:46:11.0628 7552  Page size: 0x1000
                      17:46:11.0628 7552  Boot type: Normal boot
                      17:46:11.0628 7552  ============================================================
                      17:46:12.0249 7552  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
                      17:46:12.0297 7552  Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
                      17:46:12.0303 7552  ============================================================
                      17:46:12.0303 7552  \Device\Harddisk0\DR0:
                      17:46:12.0304 7552  MBR partitions:
                      17:46:12.0304 7552  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
                      17:46:12.0304 7552  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
                      17:46:12.0304 7552  \Device\Harddisk1\DR1:
                      17:46:12.0305 7552  MBR partitions:
                      17:46:12.0305 7552  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
                      17:46:12.0305 7552  ============================================================
                      17:46:12.0337 7552  C: <-> \Device\Harddisk0\DR0\Partition2
                      17:46:12.0337 7552  ============================================================
                      17:46:12.0338 7552  Initialize success
                      17:46:12.0338 7552  ============================================================
                      17:46:52.0104 7660  ============================================================
                      17:46:52.0104 7660  Scan started
                      17:46:52.0104 7660  Mode: Manual;
                      17:46:52.0104 7660  ============================================================
                      17:46:52.0392 7660  ================ Scan system memory ========================
                      17:46:52.0392 7660  System memory - ok
                      17:46:52.0393 7660  ================ Scan services =============================
                      17:46:52.0601 7660  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
                      17:46:52.0664 7660  1394ohci - ok
                      17:46:52.0745 7660  [ 426E0E8127BAC7D5DDEE8251F104E053 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
                      17:46:52.0813 7660  AbsoluteNotifier - ok
                      17:46:52.0986 7660  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
                      17:46:53.0041 7660  ACPI - ok
                      17:46:53.0100 7660  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
                      17:46:53.0170 7660  AcpiPmi - ok
                      17:46:53.0330 7660  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
                      17:46:53.0407 7660  AdobeFlashPlayerUpdateSvc - ok
                      17:46:53.0462 7660  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
                      17:46:53.0481 7660  adp94xx - ok
                      17:46:53.0530 7660  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
                      17:46:53.0541 7660  adpahci - ok
                      17:46:53.0562 7660  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
                      17:46:53.0571 7660  adpu320 - ok
                      17:46:53.0605 7660  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
                      17:46:53.0607 7660  AeLookupSvc - ok
                      17:46:53.0711 7660  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
                      17:46:53.0774 7660  AESTFilters - ok
                      17:46:53.0866 7660  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
                      17:46:53.0870 7660  AFD - ok
                      17:46:53.0901 7660  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
                      17:46:53.0905 7660  agp440 - ok
                      17:46:53.0932 7660  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
                      17:46:53.0933 7660  ALG - ok
                      17:46:53.0956 7660  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
                      17:46:53.0960 7660  aliide - ok
                      17:46:53.0983 7660  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
                      17:46:53.0985 7660  amdide - ok
                      17:46:54.0019 7660  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
                      17:46:54.0022 7660  AmdK8 - ok
                      17:46:54.0054 7660  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
                      17:46:54.0057 7660  AmdPPM - ok
                      17:46:54.0118 7660  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
                      17:46:54.0167 7660  amdsata - ok
                      17:46:54.0185 7660  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
                      17:46:54.0191 7660  amdsbs - ok
                      17:46:54.0220 7660  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
                      17:46:54.0267 7660  amdxata - ok
                      17:46:54.0299 7660  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
                      17:46:54.0343 7660  AppID - ok
                      17:46:54.0361 7660  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
                      17:46:54.0365 7660  AppIDSvc - ok
                      17:46:54.0407 7660  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
                      17:46:54.0467 7660  Appinfo - ok
                      17:46:54.0499 7660  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
                      17:46:54.0502 7660  arc - ok
                      17:46:54.0518 7660  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
                      17:46:54.0524 7660  arcsas - ok
                      17:46:54.0563 7660  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
                      17:46:54.0573 7660  AsyncMac - ok
                      17:46:54.0633 7660  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
                      17:46:54.0634 7660  atapi - ok
                      17:46:54.0696 7660  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
                      17:46:54.0766 7660  AudioEndpointBuilder - ok
                      17:46:54.0793 7660  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
                      17:46:54.0835 7660  AudioSrv - ok
                      17:46:54.0902 7660  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
                      17:46:54.0952 7660  AxInstSV - ok
                      17:46:54.0982 7660  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
                      17:46:54.0990 7660  b06bdrv - ok
                      17:46:55.0008 7660  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
                      17:46:55.0014 7660  b57nd60a - ok
                      17:46:55.0067 7660  [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
                      17:46:55.0115 7660  BCM42RLY - ok
                      17:46:55.0754 7660  [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
                      17:46:55.0772 7660  BCM43XX - ok
                      17:46:55.0927 7660  [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL          C:\Windows\system32\DRIVERS\bcmvwl64.sys
                      17:46:55.0992 7660  BcmVWL - ok
                      17:46:56.0035 7660  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
                      17:46:56.0037 7660  BDESVC - ok
                      17:46:56.0334 7660  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
                      17:46:56.0340 7660  Beep - ok
                      17:46:56.0416 7660  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
                      17:46:56.0421 7660  BFE - ok
                      17:46:56.0517 7660  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
                      17:46:56.0524 7660  BITS - ok
                      17:46:56.0711 7660  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
                      17:46:56.0720 7660  blbdrive - ok
                      17:46:56.0916 7660  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
                      17:46:56.0918 7660  bowser - ok
                      17:46:56.0966 7660  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
                      17:46:56.0975 7660  BrFiltLo - ok
                      17:46:56.0999 7660  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
                      17:46:57.0005 7660  BrFiltUp - ok
                      17:46:57.0053 7660  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
                      17:46:57.0058 7660  BridgeMP - ok
                      17:46:57.0126 7660  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
                      17:46:57.0128 7660  Browser - ok
                      17:46:57.0249 7660  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
                      17:46:57.0264 7660  Brserid - ok
                      17:46:57.0305 7660  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
                      17:46:57.0310 7660  BrSerWdm - ok
                      17:46:57.0351 7660  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
                      17:46:57.0358 7660  BrUsbMdm - ok
                      17:46:57.0413 7660  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
                      17:46:57.0417 7660  BrUsbSer - ok
                      17:46:57.0596 7660  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
                      17:46:57.0600 7660  BthEnum - ok
                      17:46:57.0633 7660  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
                      17:46:57.0635 7660  BTHMODEM - ok
                      17:46:57.0802 7660  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
                      17:46:57.0806 7660  BthPan - ok
                      17:46:58.0137 7660  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
                      17:46:58.0185 7660  BTHPORT - ok
                      17:46:58.0216 7660  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
                      17:46:58.0217 7660  bthserv - ok
                      17:46:58.0275 7660  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
                      17:46:58.0319 7660  BTHUSB - ok
                      17:46:58.0366 7660  [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
                      17:46:58.0415 7660  btusbflt - ok
                      17:46:58.0609 7660  [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
                      17:46:58.0680 7660  btwaudio - ok
                      17:46:58.0729 7660  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
                      17:46:58.0779 7660  btwavdt - ok
                      17:46:58.0838 7660  [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
                      17:46:58.0909 7660  btwdins - ok
                      17:46:58.0928 7660  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
                      17:46:58.0973 7660  btwl2cap - ok
                      17:46:59.0033 7660  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
                      17:46:59.0101 7660  btwrchid - ok
                      17:46:59.0116 7660  catchme - ok
                      17:46:59.0142 7660  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
                      17:46:59.0147 7660  cdfs - ok
                      17:46:59.0182 7660  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
                      17:46:59.0227 7660  cdrom - ok
                      17:46:59.0269 7660  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
                      17:46:59.0271 7660  CertPropSvc - ok
                      17:46:59.0314 7660  [ 274CE03459896006F7A5069266E0469E ] cfwids          C:\Windows\system32\drivers\cfwids.sys
                      17:46:59.0379 7660  cfwids - ok
                      17:46:59.0408 7660  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
                      17:46:59.0411 7660  circlass - ok
                      17:46:59.0481 7660  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
                      17:46:59.0484 7660  CLFS - ok
                      17:46:59.0696 7660  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
                      17:46:59.0701 7660  clr_optimization_v2.0.50727_32 - ok
                      17:46:59.0751 7660  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
                      17:46:59.0761 7660  clr_optimization_v2.0.50727_64 - ok
                      17:46:59.0834 7660  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
                      17:46:59.0894 7660  clr_optimization_v4.0.30319_32 - ok
                      17:46:59.0970 7660  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                      17:47:00.0033 7660  clr_optimization_v4.0.30319_64 - ok
                      17:47:00.0073 7660  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
                      17:47:00.0077 7660  CmBatt - ok
                      17:47:00.0092 7660  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
                      17:47:00.0095 7660  cmdide - ok
                      17:47:00.0137 7660  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
                      17:47:00.0140 7660  CNG - ok
                      17:47:00.0177 7660  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
                      17:47:00.0181 7660  Compbatt - ok
                      17:47:00.0223 7660  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
                      17:47:00.0276 7660  CompositeBus - ok
                      17:47:00.0281 7660  COMSysApp - ok
                      17:47:00.0294 7660  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
                      17:47:00.0296 7660  crcdisk - ok
                      17:47:00.0323 7660  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
                      17:47:00.0324 7660  CryptSvc - ok
                      17:47:00.0387 7660  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
                      17:47:00.0432 7660  CtClsFlt - ok
                      17:47:00.0536 7660  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
                      17:47:00.0547 7660  cvhsvc - ok
                      17:47:00.0594 7660  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
                      17:47:00.0659 7660  DcomLaunch - ok
                      17:47:00.0728 7660  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
                      17:47:00.0730 7660  defragsvc - ok
                      17:47:00.0835 7660  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
                      17:47:00.0838 7660  DfsC - ok
                      17:47:00.0870 7660  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
                      17:47:00.0873 7660  Dhcp - ok
                      17:47:00.0921 7660  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
                      17:47:00.0922 7660  discache - ok
                      17:47:00.0935 7660  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
                      17:47:00.0941 7660  Disk - ok
                      17:47:00.0976 7660  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
                      17:47:00.0978 7660  Dnscache - ok
                      17:47:01.0016 7660  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
                      17:47:01.0018 7660  dot3svc - ok
                      17:47:01.0055 7660  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
                      17:47:01.0057 7660  DPS - ok
                      17:47:01.0073 7660  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
                      17:47:01.0078 7660  drmkaud - ok
                      17:47:01.0134 7660  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
                      17:47:01.0207 7660  DXGKrnl - ok
                      17:47:01.0248 7660  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
                      17:47:01.0252 7660  EapHost - ok
                      17:47:01.0356 7660  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
                      17:47:01.0395 7660  ebdrv - ok
                      17:47:01.0421 7660  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
                      17:47:01.0470 7660  EFS - ok
                      17:47:01.0576 7660  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
                      17:47:01.0638 7660  ehRecvr - ok
                      17:47:01.0666 7660  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
                      17:47:01.0667 7660  ehSched - ok
                      17:47:01.0699 7660  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
                      17:47:01.0706 7660  elxstor - ok
                      17:47:01.0738 7660  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
                      17:47:01.0741 7660  ErrDev - ok
                      17:47:01.0904 7660  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
                      17:47:01.0911 7660  EventSystem - ok
                      17:47:01.0950 7660  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
                      17:47:01.0960 7660  exfat - ok
                      17:47:02.0029 7660  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
                      17:47:02.0032 7660  fastfat - ok
                      17:47:02.0084 7660  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
                      17:47:02.0144 7660  Fax - ok
                      17:47:02.0172 7660  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
                      17:47:02.0176 7660  fdc - ok
                      17:47:02.0212 7660  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
                      17:47:02.0219 7660  fdPHost - ok
                      17:47:02.0232 7660  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
                      17:47:02.0234 7660  FDResPub - ok
                      17:47:02.0310 7660  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
                      17:47:02.0311 7660  FileInfo - ok
                      17:47:02.0322 7660  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
                      17:47:02.0323 7660  Filetrace - ok
                      17:47:02.0362 7660  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
                      17:47:02.0369 7660  flpydisk - ok
                      17:47:02.0414 7660  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
                      17:47:02.0418 7660  FltMgr - ok
                      17:47:02.0487 7660  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
                      17:47:02.0500 7660  FontCache - ok
                      17:47:02.0574 7660  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
                      17:47:02.0645 7660  FontCache3.0.0.0 - ok
                      17:47:02.0669 7660  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
                      17:47:02.0670 7660  FsDepends - ok
                      17:47:02.0725 7660  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
                      17:47:02.0794 7660  fssfltr - ok
                      17:47:02.0994 7660  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
                      17:47:03.0065 7660  fsssvc - ok
                      17:47:03.0124 7660  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
                      17:47:03.0192 7660  Fs_Rec - ok
                      17:47:03.0251 7660  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
                      17:47:03.0255 7660  fvevol - ok
                      17:47:03.0276 7660  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
                      17:47:03.0285 7660  gagp30kx - ok
                      17:47:03.0365 7660  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
                      17:47:03.0436 7660  GamesAppService - ok
                      17:47:03.0490 7660  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
                      17:47:03.0562 7660  GoToAssist - ok
                      17:47:03.0622 7660  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
                      17:47:03.0627 7660  gpsvc - ok
                      17:47:03.0700 7660  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                      17:47:03.0771 7660  gupdate - ok
                      17:47:03.0789 7660  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                      17:47:03.0854 7660  gupdatem - ok
                      17:47:03.0884 7660  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
                      17:47:03.0886 7660  gusvc - ok
                      17:47:03.0922 7660  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
                      17:47:03.0925 7660  hcw85cir - ok
                      17:47:04.0001 7660  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
                      17:47:04.0056 7660  HdAudAddService - ok
                      17:47:04.0081 7660  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
                      17:47:04.0125 7660  HDAudBus - ok
                      17:47:04.0243 7660  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
                      17:47:04.0288 7660  HECIx64 - ok
                      17:47:04.0334 7660  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
                      17:47:04.0337 7660  HidBatt - ok
                      17:47:04.0342 7660  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
                      17:47:04.0346 7660  HidBth - ok
                      17:47:04.0350 7660  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
                      17:47:04.0353 7660  HidIr - ok
                      17:47:04.0373 7660  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
                      17:47:04.0374 7660  hidserv - ok
                      17:47:04.0412 7660  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
                      17:47:04.0461 7660  HidUsb - ok
                      17:47:04.0485 7660  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
                      17:47:04.0487 7660  hkmsvc - ok
                      17:47:04.0527 7660  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
                      17:47:04.0587 7660  HomeGroupListener - ok
                      17:47:04.0622 7660  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
                      17:47:04.0625 7660  HomeGroupProvider - ok
                      17:47:04.0660 7660  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
                      17:47:04.0712 7660  HpSAMD - ok
                      17:47:04.0775 7660  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
                      17:47:04.0829 7660  HTTP - ok
                      17:47:04.0896 7660  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
                      17:47:04.0932 7660  hwpolicy - ok
                      17:47:04.0985 7660  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
                      17:47:04.0997 7660  i8042prt - ok
                      17:47:05.0043 7660  [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
                      17:47:05.0049 7660  iaStor - ok
                      17:47:05.0102 7660  [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
                      17:47:05.0103 7660  IAStorDataMgrSvc - ok
                      17:47:05.0167 7660  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
                      17:47:05.0232 7660  iaStorV - ok
                      17:47:05.0386 7660  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
                      17:47:05.0454 7660  idsvc - ok
                      17:47:05.0772 7660  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
                      17:47:05.0859 7660  igfx - ok
                      17:47:05.0939 7660  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
                      17:47:05.0948 7660  iirsp - ok
                      17:47:06.0042 7660  [ 54E0F4CCD6CE99A807459AF928DD64AC ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
                      17:47:06.0045 7660  IJPLMSVC - ok
                      17:47:06.0098 7660  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
                      17:47:06.0106 7660  IKEEXT - ok
                      17:47:06.0148 7660  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
                      17:47:06.0200 7660  Impcd - ok
                      17:47:06.0249 7660  [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
                      17:47:06.0297 7660  IntcDAud - ok
                      17:47:06.0318 7660  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
                      17:47:06.0320 7660  intelide - ok
                      17:47:06.0431 7660  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
                      17:47:06.0432 7660  intelppm - ok
                      17:47:06.0503 7660  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
                      17:47:06.0505 7660  IPBusEnum - ok
                      17:47:06.0558 7660  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
                      17:47:06.0625 7660  IpFilterDriver - ok
                      17:47:06.0668 7660  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
                      17:47:06.0712 7660  iphlpsvc - ok
                      17:47:06.0761 7660  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
                      17:47:06.0806 7660  IPMIDRV - ok
                      17:47:06.0841 7660  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
                      17:47:06.0846 7660  IPNAT - ok
                      17:47:06.0863 7660  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
                      17:47:06.0864 7660  IRENUM - ok
                      17:47:06.0906 7660  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
                      17:47:06.0909 7660  isapnp - ok
                      17:47:06.0951 7660  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
                      17:47:07.0004 7660  iScsiPrt - ok
                      17:47:07.0068 7660  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
                      17:47:07.0075 7660  kbdclass - ok
                      17:47:07.0121 7660  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
                      17:47:07.0180 7660  kbdhid - ok
                      17:47:07.0198 7660  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
                      17:47:07.0246 7660  KeyIso - ok
                      17:47:07.0289 7660  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
                      17:47:07.0292 7660  KSecDD - ok
                      17:47:07.0331 7660  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
                      17:47:07.0334 7660  KSecPkg - ok
                      17:47:07.0376 7660  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
                      17:47:07.0381 7660  ksthunk - ok
                      17:47:07.0408 7660  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
                      17:47:07.0420 7660  KtmRm - ok
                      17:47:07.0473 7660  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
                      17:47:07.0515 7660  LanmanServer - ok
                      17:47:07.0571 7660  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
                      17:47:07.0613 7660  LanmanWorkstation - ok
                      17:47:07.0694 7660  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
                      17:47:07.0703 7660  lltdio - ok
                      17:47:07.0741 7660  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
                      17:47:07.0750 7660  lltdsvc - ok
                      17:47:07.0762 7660  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
                      17:47:07.0769 7660  lmhosts - ok
                      17:47:07.0821 7660  [ 23DE5B62B0445A6F874BE633C95B483E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                      17:47:07.0905 7660  LMS - ok
                      17:47:07.0928 7660  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
                      17:47:07.0932 7660  LSI_FC - ok
                      17:47:07.0946 7660  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
                      17:47:07.0949 7660  LSI_SAS - ok
                      17:47:07.0965 7660  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
                      17:47:07.0968 7660  LSI_SAS2 - ok
                      17:47:07.0973 7660  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
                      17:47:07.0977 7660  LSI_SCSI - ok
                      17:47:08.0020 7660  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
                      17:47:08.0021 7660  luafv - ok
                      17:47:08.0060 7660  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
                      17:47:08.0106 7660  MBAMProtector - ok
                      17:47:08.0163 7660  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
                      17:47:08.0223 7660  MBAMScheduler - ok
                      17:47:08.0253 7660  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
                      17:47:08.0318 7660  MBAMService - ok
                      17:47:08.0461 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
                      17:47:08.0465 7660  McAfee SiteAdvisor Service - ok
                      17:47:08.0477 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
                      17:47:08.0480 7660  McMPFSvc - ok
                      17:47:08.0513 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
                      17:47:08.0516 7660  mcmscsvc - ok
                      17:47:08.0549 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
                      17:47:08.0552 7660  McNaiAnn - ok
                      17:47:08.0559 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
                      17:47:08.0562 7660  McNASvc - ok
                      17:47:08.0637 7660  [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
                      17:47:08.0706 7660  McODS - ok
                      17:47:08.0750 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
                      17:47:08.0752 7660  McOobeSv - ok
                      17:47:08.0790 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
                      17:47:08.0792 7660  McProxy - ok
                      17:47:08.0885 7660  [ E998E3B12101288D716558466CBF6AE1 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
                      17:47:08.0888 7660  McShield - ok
                      17:47:08.0923 7660  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
                      17:47:08.0969 7660  Mcx2Svc - ok
                      17:47:08.0998 7660  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
                      17:47:09.0002 7660  megasas - ok
                      17:47:09.0023 7660  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
                      17:47:09.0030 7660  MegaSR - ok
                      17:47:09.0064 7660  [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
                      17:47:09.0113 7660  mfeapfk - ok
                      17:47:09.0150 7660  [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
                      17:47:09.0203 7660  mfeavfk - ok
                      17:47:09.0229 7660  mfeavfk01 - ok
                      17:47:09.0299 7660  [ B26782C3D6045B4464017D7926877560 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
                      17:47:09.0301 7660  mfefire - ok
                      17:47:09.0362 7660  [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
                      17:47:09.0432 7660  mfefirek - ok
                      17:47:09.0480 7660  [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
                      17:47:09.0489 7660  mfehidk - ok
                      17:47:09.0527 7660  [ A8129CFB919347F8533C934B365E9202 ] mfenlfk         C:\Windows\system32\DRIVERS\mfenlfk.sys
                      17:47:09.0529 7660  mfenlfk - ok
                      17:47:09.0576 7660  [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
                      17:47:09.0625 7660  mferkdet - ok
                      17:47:09.0690 7660  [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
                      17:47:09.0691 7660  mfevtp - ok
                      17:47:09.0715 7660  [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
                      17:47:09.0717 7660  mfewfpk - ok
                      17:47:09.0747 7660  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
                      17:47:09.0749 7660  MMCSS - ok
                      17:47:09.0782 7660  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
                      17:47:09.0784 7660  Modem - ok
                      17:47:09.0931 7660  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
                      17:47:09.0936 7660  monitor - ok
                      17:47:09.0953 7660  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
                      17:47:09.0957 7660  mouclass - ok
                      17:47:09.0973 7660  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
                      17:47:09.0977 7660  mouhid - ok
                      17:47:10.0007 7660  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
                      17:47:10.0008 7660  mountmgr - ok
                      17:47:10.0110 7660  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                      17:47:10.0174 7660  MozillaMaintenance - ok
                      17:47:10.0208 7660  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
                      17:47:10.0256 7660  mpio - ok
                      17:47:10.0280 7660  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
                      17:47:10.0286 7660  mpsdrv - ok
                      17:47:10.0330 7660  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
                      17:47:10.0336 7660  MpsSvc - ok
                      17:47:10.0373 7660  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
                      17:47:10.0441 7660  MRxDAV - ok
                      17:47:10.0491 7660  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
                      17:47:10.0493 7660  mrxsmb - ok
                      17:47:10.0524 7660  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
                      17:47:10.0526 7660  mrxsmb10 - ok
                      17:47:10.0568 7660  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
                      17:47:10.0569

                      SuperDave

                      • Malware Removal Specialist


                      • Genius
                      • Thanked: 1020
                      • Certifications: List
                      • Experience: Expert
                      • OS: Windows 10
                      Re: Infected with zeroaccess rootkit!!!
                      « Reply #17 on: October 07, 2012, 07:54:11 PM »
                      Please download MiniToolBox to Desktop and run it.



                      Checkmark the following boxes:

                        • Flush DNS
                        • Report IE Proxy Settings
                        • Reset IE Proxy Settings
                        • List content of Hosts
                        • List IP Configuration
                        • Lst Last 10 Event Viewer Errors
                        • List Users, Partitions and Memory Size
                        • [/b]
                        Click Go and copy/paste the log (Result.txt) into your next post.
                        Windows 8 and Windows 10 dual boot with two SSD's

                        tsfc

                          Topic Starter


                          Rookie

                          • Experience: Familiar
                          • OS: Windows 7
                          Re: Infected with zeroaccess rootkit!!!
                          « Reply #18 on: October 08, 2012, 10:17:49 AM »
                          MiniToolBox by Farbar  Version: 23-07-2012
                          Ran by Joshua (administrator) on 08-10-2012 at 11:24:14
                          Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
                          Boot Mode: Normal
                          ***************************************************************************

                          ========================= Flush DNS: ===================================

                          Windows IP Configuration

                          Successfully flushed the DNS Resolver Cache.

                          ========================= IE Proxy Settings: ==============================

                          Proxy is not enabled.
                          No Proxy Server is set.

                          "Reset IE Proxy Settings": IE Proxy Settings were reset.
                          ========================= Hosts content: =================================

                          127.0.0.1       localhost

                          ========================= IP Configuration: ================================

                          DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
                          Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
                          Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected)
                          Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


                          # ----------------------------------
                          # IPv4 Configuration
                          # ----------------------------------
                          pushd interface ipv4

                          reset
                          set global
                          add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.72 metric=1 publish=Yes


                          popd
                          # End of IPv4 configuration



                          Windows IP Configuration

                             Host Name . . . . . . . . . . . . : Joshua-PC
                             Primary Dns Suffix  . . . . . . . :
                             Node Type . . . . . . . . . . . . : Broadcast
                             IP Routing Enabled. . . . . . . . : No
                             WINS Proxy Enabled. . . . . . . . : No
                             DNS Suffix Search List. . . . . . : gateway.2wire.net

                          Wireless LAN adapter Wireless Network Connection 2:

                             Media State . . . . . . . . . . . : Media disconnected
                             Connection-specific DNS Suffix  . :
                             Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
                             Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C
                             DHCP Enabled. . . . . . . . . . . : Yes
                             Autoconfiguration Enabled . . . . : Yes

                          Ethernet adapter Local Area Connection 2:

                             Media State . . . . . . . . . . . : Media disconnected
                             Connection-specific DNS Suffix  . :
                             Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter
                             Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C
                             DHCP Enabled. . . . . . . . . . . : Yes
                             Autoconfiguration Enabled . . . . : Yes

                          Wireless LAN adapter Wireless Network Connection:

                             Connection-specific DNS Suffix  . : gateway.2wire.net
                             Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
                             Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C
                             DHCP Enabled. . . . . . . . . . . : Yes
                             Autoconfiguration Enabled . . . . : Yes
                             Link-local IPv6 Address . . . . . : fe80::3d3d:c5a:25ec:b91f%12(Preferred)
                             IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)
                             Subnet Mask . . . . . . . . . . . : 255.255.255.0
                             Lease Obtained. . . . . . . . . . : Saturday, October 06, 2012 12:41:46 PM
                             Lease Expires . . . . . . . . . . : Tuesday, October 09, 2012 11:17:03 AM
                             Default Gateway . . . . . . . . . : 192.168.1.254
                             DHCP Server . . . . . . . . . . . : 192.168.1.254
                             DHCPv6 IAID . . . . . . . . . . . : 247515960
                             DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C2-1D-F5-F0-4D-A2-C8-56-6C
                             DNS Servers . . . . . . . . . . . : 192.168.1.254
                             NetBIOS over Tcpip. . . . . . . . : Enabled

                          Ethernet adapter Local Area Connection:

                             Media State . . . . . . . . . . . : Media disconnected
                             Connection-specific DNS Suffix  . :
                             Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
                             Physical Address. . . . . . . . . : F0-4D-A2-C8-56-6C
                             DHCP Enabled. . . . . . . . . . . : Yes
                             Autoconfiguration Enabled . . . . : Yes

                          Tunnel adapter isatap.gateway.2wire.net:

                             Media State . . . . . . . . . . . : Media disconnected
                             Connection-specific DNS Suffix  . : gateway.2wire.net
                             Description . . . . . . . . . . . : Microsoft ISATAP Adapter
                             Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                             DHCP Enabled. . . . . . . . . . . : No
                             Autoconfiguration Enabled . . . . : Yes

                          Tunnel adapter Teredo Tunneling Pseudo-Interface:

                             Connection-specific DNS Suffix  . :
                             Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
                             Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                             DHCP Enabled. . . . . . . . . . . : No
                             Autoconfiguration Enabled . . . . : Yes
                             IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1856:282a:b973:6c43(Preferred)
                             Link-local IPv6 Address . . . . . : fe80::1856:282a:b973:6c43%19(Preferred)
                             Default Gateway . . . . . . . . . : ::
                             NetBIOS over Tcpip. . . . . . . . : Disabled

                          Tunnel adapter isatap.{78D026F0-6BF5-439A-BB4F-3D506194B4E6}:

                             Media State . . . . . . . . . . . : Media disconnected
                             Connection-specific DNS Suffix  . :
                             Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
                             Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                             DHCP Enabled. . . . . . . . . . . : No
                             Autoconfiguration Enabled . . . . : Yes

                          Tunnel adapter isatap.{92522764-F5CA-4CE5-A3A1-22D349C2C0C4}:

                             Media State . . . . . . . . . . . : Media disconnected
                             Connection-specific DNS Suffix  . :
                             Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
                             Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                             DHCP Enabled. . . . . . . . . . . : No
                             Autoconfiguration Enabled . . . . : Yes

                          Tunnel adapter isatap.{C39F09A7-04CC-403D-9070-C7E8AADE3F77}:

                             Media State . . . . . . . . . . . : Media disconnected
                             Connection-specific DNS Suffix  . :
                             Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
                             Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                             DHCP Enabled. . . . . . . . . . . : No
                             Autoconfiguration Enabled . . . . : Yes
                          Server:  homeportal
                          Address:  192.168.1.254

                          Name:    google.com
                          Addresses:  2607:f8b0:4000:801::1007
                               74.125.227.0
                               74.125.227.1
                               74.125.227.2
                               74.125.227.3
                               74.125.227.4
                               74.125.227.5
                               74.125.227.6
                               74.125.227.7
                               74.125.227.8
                               74.125.227.9
                               74.125.227.14


                          Pinging google.com [74.125.227.66] with 32 bytes of data:
                          Reply from 74.125.227.66: bytes=32 time=90ms TTL=52
                          Reply from 74.125.227.66: bytes=32 time=120ms TTL=52

                          Ping statistics for 74.125.227.66:
                              Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
                          Approximate round trip times in milli-seconds:
                              Minimum = 90ms, Maximum = 120ms, Average = 105ms
                          Server:  homeportal
                          Address:  192.168.1.254

                          Name:    yahoo.com
                          Addresses:  72.30.38.140
                               98.138.253.109
                               98.139.183.24


                          Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
                          Reply from 72.30.38.140: bytes=32 time=966ms TTL=48
                          Reply from 72.30.38.140: bytes=32 time=1146ms TTL=48

                          Ping statistics for 72.30.38.140:
                              Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
                          Approximate round trip times in milli-seconds:
                              Minimum = 966ms, Maximum = 1146ms, Average = 1056ms
                          Server:  homeportal
                          Address:  192.168.1.254

                          Name:    bleepingcomputer.com
                          Address:  208.43.87.2


                          Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
                          Reply from 208.43.87.2: Destination host unreachable.
                          Reply from 208.43.87.2: Destination host unreachable.

                          Ping statistics for 208.43.87.2:
                              Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

                          Pinging 127.0.0.1 with 32 bytes of data:
                          Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
                          Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

                          Ping statistics for 127.0.0.1:
                              Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
                          Approximate round trip times in milli-seconds:
                              Minimum = 0ms, Maximum = 0ms, Average = 0ms
                          ===========================================================================
                          Interface List
                           17...c0 cb 38 95 c5 6c ......Microsoft Virtual WiFi Miniport Adapter
                           13...c0 cb 38 95 c5 6c ......Broadcom Virtual Wireless Adapter
                           12...c0 cb 38 95 c5 6c ......DW1501 Wireless-N WLAN Half-Mini Card
                           10...f0 4d a2 c8 56 6c ......Realtek PCIe FE Family Controller
                            1...........................Software Loopback Interface 1
                           18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
                           19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
                           20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
                           21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
                           22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
                          ===========================================================================

                          IPv4 Route Table
                          ===========================================================================
                          Active Routes:
                          Network Destination        Netmask          Gateway       Interface  Metric
                                    0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.72     25
                                  127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
                                  127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
                            127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
                                169.254.0.0      255.255.0.0         On-link      192.168.1.72     26
                            169.254.255.255  255.255.255.255         On-link      192.168.1.72    281
                                192.168.1.0    255.255.255.0         On-link      192.168.1.72    281
                               192.168.1.72  255.255.255.255         On-link      192.168.1.72    281
                              192.168.1.255  255.255.255.255         On-link      192.168.1.72    281
                                  224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
                                  224.0.0.0        240.0.0.0         On-link      192.168.1.72    281
                            255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
                            255.255.255.255  255.255.255.255         On-link      192.168.1.72    281
                          ===========================================================================
                          Persistent Routes:
                            Network Address          Netmask  Gateway Address  Metric
                                169.254.0.0      255.255.0.0     192.168.1.72       1
                          ===========================================================================

                          IPv6 Route Table
                          ===========================================================================
                          Active Routes:
                           If Metric Network Destination      Gateway
                           19     58 ::/0                     On-link
                            1    306 ::1/128                  On-link
                           19     58 2001::/32                On-link
                           19    306 2001:0:4137:9e76:1856:282a:b973:6c43/128
                                                              On-link
                           12    281 fe80::/64                On-link
                           19    306 fe80::/64                On-link
                           19    306 fe80::1856:282a:b973:6c43/128
                                                              On-link
                           12    281 fe80::3d3d:c5a:25ec:b91f/128
                                                              On-link
                            1    306 ff00::/8                 On-link
                           19    306 ff00::/8                 On-link
                           12    281 ff00::/8                 On-link
                          ===========================================================================
                          Persistent Routes:
                            None

                          ========================= Event log errors: ===============================

                          Application errors:
                          ==================
                          Error: (10/05/2012 10:04:41 AM) (Source: SideBySide) (User: )
                          Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
                          A component version required by the application conflicts with another component version already active.
                          Conflicting components are:.
                          Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
                          Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

                          Error: (10/05/2012 10:03:23 AM) (Source: SideBySide) (User: )
                          Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
                          A component version required by the application conflicts with another component version already active.
                          Conflicting components are:.
                          Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
                          Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

                          Error: (10/04/2012 10:06:30 AM) (Source: SideBySide) (User: )
                          Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
                          A component version required by the application conflicts with another component version already active.
                          Conflicting components are:.
                          Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
                          Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

                          Error: (10/04/2012 10:06:30 AM) (Source: SideBySide) (User: )
                          Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
                          A component version required by the application conflicts with another component version already active.
                          Conflicting components are:.
                          Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
                          Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

                          Error: (10/03/2012 10:47:19 PM) (Source: SideBySide) (User: )
                          Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
                          A component version required by the application conflicts with another component version already active.
                          Conflicting components are:.
                          Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
                          Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

                          Error: (10/03/2012 10:44:01 PM) (Source: SideBySide) (User: )
                          Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
                          A component version required by the application conflicts with another component version already active.
                          Conflicting components are:.
                          Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
                          Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

                          Error: (10/03/2012 10:42:51 PM) (Source: Microsoft-Windows-Defrag) (User: )
                          Description: The volume (H:) was not defragmented because an error was encountered: The disk was disconnected from the system. (0x89000011)

                          Error: (10/03/2012 10:42:38 PM) (Source: SideBySide) (User: )
                          Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
                          A component version required by the application conflicts with another component version already active.
                          Conflicting components are:.
                          Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
                          Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

                          Error: (10/03/2012 07:35:03 PM) (Source: SideBySide) (User: )
                          Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
                          A component version required by the application conflicts with another component version already active.
                          Conflicting components are:.
                          Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
                          Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

                          Error: (10/03/2012 07:34:58 PM) (Source: SideBySide) (User: )
                          Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
                          A component version required by the application conflicts with another component version already active.
                          Conflicting components are:.
                          Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
                          Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


                          System errors:
                          =============
                          Error: (10/04/2012 10:46:03 AM) (Source: Service Control Manager) (User: )
                          Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

                          Error: (10/04/2012 10:45:33 AM) (Source: Service Control Manager) (User: )
                          Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

                          Error: (10/04/2012 08:09:13 AM) (Source: Service Control Manager) (User: )
                          Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

                          Error: (10/02/2012 10:09:26 PM) (Source: Service Control Manager) (User: )
                          Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

                          Error: (10/02/2012 10:08:56 PM) (Source: Service Control Manager) (User: )
                          Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

                          Error: (10/02/2012 10:05:28 PM) (Source: DCOM) (User: )
                          Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

                          Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
                          Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
                          %%1068

                          Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
                          Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
                          %%1068

                          Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
                          Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
                          %%1068

                          Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
                          Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
                          %%1068


                          Microsoft Office Sessions:
                          =========================
                          Error: (10/05/2012 10:04:41 AM) (Source: SideBySide)(User: )
                          Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

                          Error: (10/05/2012 10:03:23 AM) (Source: SideBySide)(User: )
                          Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

                          Error: (10/04/2012 10:06:30 AM) (Source: SideBySide)(User: )
                          Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

                          Error: (10/04/2012 10:06:30 AM) (Source: SideBySide)(User: )
                          Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

                          Error: (10/03/2012 10:47:19 PM) (Source: SideBySide)(User: )
                          Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe

                          Error: (10/03/2012 10:44:01 PM) (Source: SideBySide)(User: )
                          Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

                          Error: (10/03/2012 10:42:51 PM) (Source: Microsoft-Windows-Defrag)(User: )
                          Description: (H:)The disk was disconnected from the system. (0x89000011)

                          Error: (10/03/2012 10:42:38 PM) (Source: SideBySide)(User: )
                          Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

                          Error: (10/03/2012 07:35:03 PM) (Source: SideBySide)(User: )
                          Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe

                          Error: (10/03/2012 07:34:58 PM) (Source: SideBySide)(User: )
                          Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe


                          ========================= Memory info: ===================================

                          Percentage of memory in use: 34%
                          Total physical RAM: 3894.68 MB
                          Available physical RAM: 2536.79 MB
                          Total Pagefile: 7787.56 MB
                          Available Pagefile: 5084.63 MB
                          Total Virtual: 4095.88 MB
                          Available Virtual: 3963.11 MB

                          ========================= Partitions: =====================================

                          1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:364.94 GB) NTFS
                          4 Drive h: () (Removable) (Total:3.69 GB) (Free:0.02 GB) FAT32

                          ========================= Users: ========================================

                          User accounts for \\JOSHUA-PC

                          Administrator            Guest                    Joshua                   


                          **** End of log ****

                          SuperDave

                          • Malware Removal Specialist


                          • Genius
                          • Thanked: 1020
                          • Certifications: List
                          • Experience: Expert
                          • OS: Windows 10
                          Re: Infected with zeroaccess rootkit!!!
                          « Reply #19 on: October 08, 2012, 04:34:44 PM »
                          The internet speed seems acceptable. I really can't see what would cause the slowness you speak of. Did you try another browser?
                          Windows 8 and Windows 10 dual boot with two SSD's

                          tsfc

                            Topic Starter


                            Rookie

                            • Experience: Familiar
                            • OS: Windows 7
                            Re: Infected with zeroaccess rootkit!!!
                            « Reply #20 on: October 21, 2012, 11:16:12 PM »
                            I tried another browser and it is working alittle better but I seem to be have a problem loading videos.

                            SuperDave

                            • Malware Removal Specialist


                            • Genius
                            • Thanked: 1020
                            • Certifications: List
                            • Experience: Expert
                            • OS: Windows 10
                            Re: Infected with zeroaccess rootkit!!!
                            « Reply #21 on: October 22, 2012, 04:10:44 PM »
                            Please try disabling all your add-ons to see if that makes any difference.
                            Windows 8 and Windows 10 dual boot with two SSD's