Solved 0i763f66bz -- can't get rid of it

mekabuser

Posts: 93   +0
FIrst virus ever that was troublesome. Tried getting rid of with traditional methods, adaware,malawarebytes,iobit<tried shredding it with iobit> tried stopping process.. We now all know none of that helps. Computer is basically functional, it eats 25% cpu but thats about it, aside from the strange music.

What is the first thing I should do ? Thanks in advance. Broni et al, you guys are fantastic.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thanks for help. A few points, my windows firewall, am unable to enable it, get message<windows firewall cant change some of your settings. Error code 0x80070424> Also was unable to instal antivirus. adaware free couldnt get to work, commodo was disconnecting me from internet<just like the latest version of adaware> So I still have no antivirus. here are the logs.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.18.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bing :: BING-PC [administrator]
7/18/2012 6:08:00 PM
mbam-log-2012-07-18 (18-08-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190785
Time elapsed: 3 minute(s), 59 second(s)
Memory Processes Detected: 1
c:\users\bing\0i763f66bz.exe (Trojan.Agent) -> 2380 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|0i763f66bz (Trojan.Agent) -> Data: C:\Users\bing\0i763f66bz.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Windows\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\users\bing\0i763f66bz.exe (Trojan.Agent) -> Delete on reboot.
c:\users\public\0i763f66bz.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\0i763f66bz.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\0i763f66bz.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\system32\config\systemprofile\0i763f66bz.exe (Trojan.Agent) -> Delete on reboot.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-18 19:55:21
Windows 6.1.7601 Service Pack 1
Running: vt91odlv.exe

---- Services - GMER 1.0.15 ----
Service C:\SystemRoot\System32\Drivers\ff8dd40f59eeaad9.sys (*** hidden *** ) [BOOT] ff8dd40f59eeaad9 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b6b63a4ee
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fee44d81
Reg HKLM\SYSTEM\CurrentControlSet\services\ff8dd40f59eeaad9@ImagePath \SystemRoot\System32\Drivers\ff8dd40f59eeaad9.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\ff8dd40f59eeaad9@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\ff8dd40f59eeaad9@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\ff8dd40f59eeaad9@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ff8dd40f59eeaad9@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\ff8dd40f59eeaad9@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ff8dd40f59eeaad9@DisplayName 0i763f66bz.exe
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b6b63a4ee (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fee44d81 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\ff8dd40f59eeaad9@ImagePath \SystemRoot\System32\Drivers\ff8dd40f59eeaad9.sys
Reg HKLM\SYSTEM\ControlSet002\services\ff8dd40f59eeaad9@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\ff8dd40f59eeaad9@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\ff8dd40f59eeaad9@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\ff8dd40f59eeaad9@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\ff8dd40f59eeaad9@Tag 1
Reg HKLM\SYSTEM\ControlSet002\services\ff8dd40f59eeaad9@DisplayName 0i763f66bz.exe
---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by bing at 21:06:54 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2933.1045 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\Explorer.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\System32\svchost.exe -k swprv
C:\windows\SysWOW64\NOTEPAD.EXE
\\.\globalroot\systemroot\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974}\U
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{0E60EF94-B41C-479A-B729-CAE7EA4F430C} : DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{0E60EF94-B41C-479A-B729-CAE7EA4F430C}\2696E676 : DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{0E60EF94-B41C-479A-B729-CAE7EA4F430C}\4796D656771627E65627361626C65677966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
TCP: Interfaces\{0E60EF94-B41C-479A-B729-CAE7EA4F430C}\A657A6572656165723032303 : DhcpNameServer = 124.106.6.2 124.106.5.2
TCP: Interfaces\{0E60EF94-B41C-479A-B729-CAE7EA4F430C}\F6074796D657D677966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
.
============= SERVICES / DRIVERS ===============
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-7-13 3069752]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-5-24 913752]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-7-13 23208]
S1 SBRE;SBRE;\??\C:\windows\system32\drivers\SBREdrv.sys --> C:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-7-13 66320]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-9 250056]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-6-19 245760]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-9 17152]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-18 21:57:56 -------- d-----w- C:\ProgramData\CPA_VA
2012-07-18 19:59:39 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-18 19:59:39 -------- d-----w- C:\Program Files\AVAST Software
2012-07-14 23:12:09 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
2012-07-14 11:36:52 0 ----a-w- C:\windows\SysWow64\shoC2A0.tmp
2012-07-14 00:39:53 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-07-13 23:47:14 -------- d-----w- C:\Users\bing\AppData\Roaming\Malwarebytes
2012-07-13 23:47:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-13 23:47:01 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-07-13 23:47:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 23:19:17 -------- d-----w- C:\ProgramData\GFI Software
2012-07-10 00:25:51 -------- d-sh--w- C:\windows\System32\%APPDATA%
2012-07-06 11:29:15 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2656AB82-F1B6-4D54-B309-47321C178E68}\mpengine.dll
2012-07-03 13:54:32 -------- d-----r- C:\Program Files (x86)\Skype
2012-06-21 11:53:42 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-21 11:53:31 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-21 11:53:22 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-21 11:53:22 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-19 23:15:11 -------- d-----w- C:\Brother
2012-06-19 23:15:08 -------- d-----w- C:\Program Files (x86)\Browny02
2012-06-19 23:13:42 73728 ------w- C:\windows\SysWow64\BrDctF2.dll
2012-06-19 23:13:42 5120 ------w- C:\windows\SysWow64\BrDctF2L.dll
2012-06-19 23:13:42 3072 ------w- C:\windows\SysWow64\BrDctF2S.dll
2012-06-19 23:13:42 217088 ------w- C:\windows\SysWow64\NSSearch.dll
2012-06-19 23:13:38 180224 ------w- C:\windows\SysWow64\BroSNMP.dll
.
==================== Find3M ====================
.
2012-07-12 02:58:30 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 02:58:30 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-25 01:02:55 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
.
============= FINISH: 21:07:24.14 ===============
 
Computer is running fine, so it seems, I dont see the virus in task manager but I cant understand why it would be gone now,, for real... THank you again.
Ah yes, attach txt... I dont know where that is? As far as I could tell the program only made one log. Only one window opened.
nvmnd. found it.
tnks again. I have to log off for the night.. TY.
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/27/2011 6:09:07 PM
System Uptime: 7/18/2012 7:02:40 PM (2 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R530/R730/R540
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU 1 | 1190/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 10.686 GiB free.
D: is FIXED (NTFS) - 227 GiB total, 139.1 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP136: 7/12/2012 6:22:07 AM - FU
RP137: 7/14/2012 6:41:07 PM - Installed Ad-Aware
RP138: 7/14/2012 7:08:54 PM - Installed Ad-Aware
RP139: 7/18/2012 3:59:10 PM - avast! Free Antivirus Setup
RP140: 7/18/2012 5:33:46 PM - avast! Free Antivirus Setup
RP141: 7/18/2012 5:47:30 PM - avast! Free Antivirus Setup
RP142: 7/18/2012 5:53:56 PM - Device Driver Package Install: COMODO Network Service
.
==== Installed Programs ======================
.
?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
?????????? Windows Live
??????????? ?? Windows Live
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Advanced SystemCare 5
Apple Application Support
Apple Software Update
Atheros Client Installation Program
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Brother MFL-Pro Suite MFC-J265W
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
D3DX10
Easy Content Share
Easy Display Manager
Easy Media Player 1.1.12
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
Emsisoft Anti-Malware
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Game Pack
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
ImgBurn
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Lagarith lossless video codec (Remove Only)
Malwarebytes Anti-Malware version 1.62.0.1300
Marvell Miniport Driver
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Online Backup
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
QuickTime
Raccolta foto di Windows Live
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.10
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
System Requirements Lab CYRI
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
VLC media player 2.0.1
Vuze
Vuze Remote Toolbar
Windows 7 USB/DVD Download Tool
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX control for remote connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
.
==== Event Viewer Messages From Past Week ========
.
7/18/2012 6:59:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
7/18/2012 6:59:33 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/18/2012 6:59:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/18/2012 6:59:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/18/2012 6:59:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/18/2012 6:59:30 PM, Error: Service Control Manager [7022] - The Emsisoft Anti-Malware 6.6 - Service service hung on starting.
7/18/2012 6:01:07 PM, Error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
7/18/2012 5:56:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmderd cmdGuard cmdHlp inspect Lbd SBRE
7/18/2012 5:54:13 PM, Error: Service Control Manager [7000] - The COMODO Internet Security Sandbox Driver service failed to start due to the following error: A device attached to the system is not functioning.
7/18/2012 5:54:12 PM, Error: Service Control Manager [7000] - The COMODO Internet Security Firewall Driver service failed to start due to the following error: A device attached to the system is not functioning.
7/18/2012 5:53:52 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/18/2012 5:46:09 PM, Error: Service Control Manager [7001] - The avast! Antivirus service depends on the aswMonFlt service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2012 5:46:09 PM, Error: Service Control Manager [7000] - The aswMonFlt service failed to start due to the following error: A device attached to the system is not functioning.
7/18/2012 5:42:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRdr aswSnx aswSP aswTdi Lbd SBRE
7/18/2012 5:41:53 PM, Error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: A device attached to the system is not functioning.
7/18/2012 5:34:59 PM, Error: Service Control Manager [7000] - The avast! Network Shield Support service failed to start due to the following error: A device attached to the system is not functioning.
7/18/2012 5:34:59 PM, Error: Service Control Manager [7000] - The aswSP service failed to start due to the following error: A device attached to the system is not functioning.
7/15/2012 3:03:19 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
7/14/2012 9:42:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SBRE
7/14/2012 7:46:09 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
7/14/2012 7:46:09 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
7/14/2012 7:09:38 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: A device attached to the system is not functioning.
7/13/2012 7:34:26 PM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: A device attached to the system is not functioning.
7/13/2012 7:34:26 PM, Error: Service Control Manager [7000] - The sbhips service failed to start due to the following error: A device attached to the system is not functioning.
7/13/2012 3:16:19 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
7/12/2012 8:50:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SbFw SBRE
7/12/2012 8:50:25 PM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: A device attached to the system is not functioning.
7/11/2012 7:44:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14356] - A media delivery engine with ID '0x80070057' was not initialized because RegisterDelegate() encountered error ''. Restart your computer, and then restart the WMPNetworkSvc service.
7/11/2012 7:44:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14348] - A new media server was not initialized due to error '0x80070057'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on.
7/11/2012 7:44:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] - Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0x80070505'. If possible, reinstall Windows Media Player.
7/11/2012 7:44:30 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: Access is denied.
7/11/2012 11:12:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SbFw
7/11/2012 10:51:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
.
==== End Of File ===========================
 
You're still seriously infected.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 19-07-2012 22:44:43
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [161304 2010-11-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [386584 2010-11-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [415256 2010-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-05-31] (Symantec Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [346 2012-07-19] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273528 2011-11-12] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-02-09] (Brother Industries, Ltd.)
HKU\bing\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-10-27] (Google Inc.)
HKU\bing\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [574296 2012-03-06] (IObit)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.254.1 167.206.254.2
AppInit_DLLs:

==================== Services (Whitelisted) ======

2 a2AntiMalware; "C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe" [3069752 2012-06-17] (Emsisoft GmbH)
2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-05-31] (Symantec Corporation)

========================== Drivers (Whitelisted) =============

3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [23208 2011-05-19] (Emsi Software GmbH)
0 ff8dd40f59eeaad9; C:\Windows\System32\Drivers\ff8dd40f59eeaad9.sys [73688 2012-07-10] ()
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-11-09] ()
3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2011-07-01] (Windows (R) 2003 DDK 3790 provider)
1 SABI; C:\Windows\System32\Drivers\SABI.sys [13824 2010-10-06] (SAMSUNG ELECTRONICS)
1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [55384 2012-07-14] (Sunbelt Software)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-19 22:44 - 2012-07-19 22:44 - 00000000 ____D C:\FRST
2012-07-19 17:49 - 2012-07-19 17:50 - 01437107 ____A (Farbar) C:\Users\bing\Downloads\FRST64.exe
2012-07-19 17:44 - 2012-07-19 17:44 - 00000000 ____D C:\Users\bing\Desktop\selected
2012-07-19 15:43 - 2012-07-19 15:43 - 00000000 ____D C:\Users\bing\AppData\Local\{EEF4FB3C-910F-47E9-96F1-980DF58B14E9}
2012-07-19 15:43 - 2012-07-19 15:43 - 00000000 ____D C:\Users\bing\AppData\Local\{8D55BD51-5C83-425B-963A-7927D68BDCDF}
2012-07-19 06:20 - 2012-07-19 06:20 - 00000000 ____D C:\Users\All Users\Comodo
2012-07-18 17:09 - 2012-07-18 17:09 - 00021106 ____A C:\Users\bing\Desktop\DDS.txt
2012-07-18 16:59 - 2012-07-18 16:59 - 00607260 ____R (Swearware) C:\Users\bing\Desktop\dds.scr
2012-07-18 15:55 - 2012-07-18 15:55 - 00002528 ____A C:\Users\bing\Desktop\gmer.log
2012-07-18 13:57 - 2012-07-18 13:57 - 00000000 ____D C:\Users\All Users\CPA_VA
2012-07-18 13:31 - 2012-07-18 13:33 - 89340632 ____A C:\Users\bing\Downloads\avast_free_antivirus_setup.exe
2012-07-18 12:00 - 2012-07-18 13:34 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-18 12:00 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-18 11:59 - 2012-07-18 13:48 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-07-18 11:59 - 2012-07-18 11:59 - 00000000 ____D C:\Program Files\AVAST Software
2012-07-14 15:12 - 2012-07-14 15:12 - 00055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-07-14 15:09 - 2012-07-18 14:01 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-07-14 03:36 - 2012-07-14 03:36 - 00000000 ____A C:\Windows\SysWOW64\shoC2A0.tmp
2012-07-13 16:40 - 2012-07-13 16:40 - 00001091 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2012-07-13 16:39 - 2012-07-16 18:21 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2012-07-13 15:47 - 2012-07-13 15:47 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-13 15:47 - 2012-07-13 15:47 - 00000000 ____D C:\Users\bing\AppData\Roaming\Malwarebytes
2012-07-13 15:47 - 2012-07-13 15:47 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-13 15:47 - 2012-07-13 15:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 15:47 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-13 15:19 - 2012-07-13 15:19 - 00000000 ____D C:\Users\All Users\GFI Software
2012-07-10 17:09 - 2012-07-10 17:09 - 00025368 ____A C:\Users\bing\Downloads\John Adams_1x03_en.zip
2012-07-10 17:09 - 2012-07-10 17:09 - 00025368 ____A C:\Users\bing\Downloads\John Adams_1x03_en (1).zip
2012-07-10 17:07 - 2012-07-10 17:13 - 02820393 ____A C:\Users\bing\Downloads\John Adams_1x02_LOL.en.zip
2012-07-10 03:30 - 2012-07-10 03:30 - 00073688 ____A C:\Windows\System32\Drivers\ff8dd40f59eeaad9.sys
2012-07-10 03:30 - 2012-07-10 03:30 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2012-07-10 03:30 - 2012-07-10 03:30 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2012-07-09 16:25 - 2012-07-09 16:25 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-09 16:22 - 2012-07-19 17:57 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-08 04:15 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-08 04:15 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-08 04:15 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-08 04:15 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-08 04:15 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-08 04:15 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-08 04:15 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-08 04:15 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-08 04:15 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-08 04:15 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-08 04:15 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-08 04:15 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-08 04:15 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-08 04:15 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-08 04:15 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-08 04:15 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-08 04:15 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-08 04:15 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-08 04:15 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-08 04:15 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-08 04:15 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-08 04:15 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-08 04:15 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-08 04:15 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-08 04:15 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-08 04:15 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-08 04:15 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-08 04:15 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-05 15:35 - 2012-07-05 15:35 - 00002993 ____A C:\Users\bing\Downloads\resume2 (1).html
2012-07-03 05:54 - 2012-07-09 05:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-07-03 05:52 - 2012-07-03 05:53 - 00946352 ____A (Skype Technologies S.A.) C:\Users\bing\Downloads\SkypeSetup.exe
2012-06-21 03:53 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 03:53 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 03:53 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 03:53 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 03:53 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 03:53 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 03:53 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 03:53 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 03:53 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-19 15:15 - 2012-06-19 15:15 - 00002140 ____A C:\Users\Public\Desktop\Brother Creative Center.lnk
2012-06-19 15:15 - 2012-06-19 15:15 - 00000000 ____D C:\Program Files (x86)\Browny02
2012-06-19 15:15 - 2012-06-19 15:15 - 00000000 ____D C:\Brother
2012-06-19 15:15 - 2003-11-28 14:57 - 00000000 ____A C:\Windows\brdfxspd.dat
2012-06-19 15:13 - 2010-02-09 13:11 - 00217088 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2012-06-19 15:13 - 2010-02-05 07:42 - 00180224 ____N (Brother Industries, Ltd.) C:\Windows\SysWOW64\BroSNMP.dll
2012-06-19 15:13 - 2010-01-22 11:34 - 00003072 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2012-06-19 15:13 - 2007-12-13 18:16 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2012-06-19 15:13 - 2007-12-13 18:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2012-06-19 15:06 - 2012-06-19 15:06 - 00000000 ____D C:\Users\bing\AppData\Roaming\InstallShield

============ 3 Months Modified Files ========================

2012-07-19 18:38 - 2012-05-24 17:38 - 00009362 ____A C:\Windows\setupact.log
2012-07-19 18:38 - 2011-10-27 21:40 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-19 18:38 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-19 18:25 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-19 18:25 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-19 18:23 - 2011-10-27 21:40 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-19 17:57 - 2012-07-09 16:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-19 17:50 - 2012-07-19 17:49 - 01437107 ____A (Farbar) C:\Users\bing\Downloads\FRST64.exe
2012-07-19 17:45 - 2009-07-13 21:13 - 00727136 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 17:09 - 2012-07-18 17:09 - 00021106 ____A C:\Users\bing\Desktop\DDS.txt
2012-07-18 16:59 - 2012-07-18 16:59 - 00607260 ____R (Swearware) C:\Users\bing\Desktop\dds.scr
2012-07-18 15:55 - 2012-07-18 15:55 - 00002528 ____A C:\Users\bing\Desktop\gmer.log
2012-07-18 14:57 - 2012-05-27 17:40 - 00007508 ____A C:\Windows\PFRO.log
2012-07-18 13:55 - 2011-11-11 22:50 - 00016593 ____A C:\aaw7boot.log
2012-07-18 13:34 - 2012-07-18 12:00 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-18 13:33 - 2012-07-18 13:31 - 89340632 ____A C:\Users\bing\Downloads\avast_free_antivirus_setup.exe
2012-07-14 15:12 - 2012-07-14 15:12 - 00055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-07-14 03:36 - 2012-07-14 03:36 - 00000000 ____A C:\Windows\SysWOW64\shoC2A0.tmp
2012-07-13 16:40 - 2012-07-13 16:40 - 00001091 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2012-07-13 16:00 - 2012-04-26 05:54 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-13 15:47 - 2012-07-13 15:47 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-12 04:22 - 2011-04-28 18:05 - 01269303 ____A C:\Windows\WindowsUpdate.log
2012-07-11 18:58 - 2012-04-28 07:56 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 18:58 - 2012-04-28 07:56 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 08:40 - 2011-11-16 16:55 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-07-11 08:40 - 2011-11-16 16:55 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-07-10 17:13 - 2012-07-10 17:07 - 02820393 ____A C:\Users\bing\Downloads\John Adams_1x02_LOL.en.zip
2012-07-10 17:09 - 2012-07-10 17:09 - 00025368 ____A C:\Users\bing\Downloads\John Adams_1x03_en.zip
2012-07-10 17:09 - 2012-07-10 17:09 - 00025368 ____A C:\Users\bing\Downloads\John Adams_1x03_en (1).zip
2012-07-10 03:31 - 2009-07-13 21:08 - 00029458 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-10 03:30 - 2012-07-10 03:30 - 00073688 ____A C:\Windows\System32\Drivers\ff8dd40f59eeaad9.sys
2012-07-08 06:02 - 2009-07-13 20:45 - 00276040 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-08 04:22 - 2011-10-29 11:26 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-05 15:36 - 2012-05-31 15:08 - 00002993 ____A C:\Users\bing\Downloads\resume2.html
2012-07-05 15:35 - 2012-07-05 15:35 - 00002993 ____A C:\Users\bing\Downloads\resume2 (1).html
2012-07-03 09:46 - 2012-07-13 15:47 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 08:21 - 2012-07-18 12:00 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 05:54 - 2011-10-27 11:06 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-03 05:53 - 2012-07-03 05:52 - 00946352 ____A (Skype Technologies S.A.) C:\Users\bing\Downloads\SkypeSetup.exe
2012-06-19 15:15 - 2012-06-19 15:15 - 00002140 ____A C:\Users\Public\Desktop\Brother Creative Center.lnk
2012-06-19 15:15 - 2011-10-29 10:55 - 00000254 ____A C:\Windows\Brpfx04a.ini
2012-06-19 15:15 - 2011-10-29 10:55 - 00000093 ____A C:\Windows\brpcfx.ini
2012-06-19 15:15 - 2011-10-29 10:53 - 00000419 ____A C:\Windows\BRWMARK.INI
2012-06-19 15:15 - 2011-10-29 10:50 - 00000050 ____A C:\Windows\System32\BRIDF10A.DAT
2012-06-18 15:53 - 2012-06-18 15:53 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-12 10:40 - 2012-03-06 04:58 - 00007667 ____A C:\Users\bing\AppData\Local\Resmon.ResmonCfg
2012-06-02 14:19 - 2012-06-21 03:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 03:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 03:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 03:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 03:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 03:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 03:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 03:53 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 03:53 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-24 17:38 - 2012-05-24 17:38 - 00000000 ____A C:\Windows\setuperr.log
2012-05-24 17:26 - 2012-05-24 17:26 - 00001272 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-05-24 17:26 - 2012-05-24 17:26 - 00001221 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-05-20 08:30 - 2011-10-27 11:24 - 00060984 ____A C:\Users\bing\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-20 08:29 - 2012-05-20 08:29 - 00001293 ____A C:\Users\bing\Desktop\AVS4YOU Software Navigator.lnk
2012-05-20 08:28 - 2012-05-20 08:28 - 00001201 ____A C:\Users\bing\Desktop\AVS Video Editor.lnk
2012-05-20 06:20 - 2012-02-13 15:06 - 00007168 ____A C:\Users\bing\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-17 18:47 - 2012-07-08 04:15 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-07-08 04:15 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-07-08 04:15 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-07-08 04:15 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-07-08 04:15 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-07-08 04:15 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-07-08 04:15 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-07-08 04:15 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-07-08 04:15 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-07-08 04:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-07-08 04:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-07-08 04:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-07-08 04:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-07-08 04:15 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-07-08 04:15 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-07-08 04:15 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-07-08 04:15 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-07-08 04:15 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-07-08 04:15 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-07-08 04:15 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-07-08 04:15 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-07-08 04:15 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-07-08 04:15 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-07-08 04:15 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-07-08 04:15 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-07-08 04:15 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-07-08 04:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-07-08 04:15 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 15:24 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-07 10:43 - 2012-05-07 10:43 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-04 03:06 - 2012-06-13 15:24 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 15:24 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 15:24 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 15:24 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 15:24 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 15:24 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 15:24 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 15:24 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 17:02 - 2012-04-24 17:03 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-24 17:02 - 2012-04-24 17:03 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-24 17:02 - 2012-04-24 17:03 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-24 17:02 - 2012-04-24 17:03 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-23 21:37 - 2012-06-13 15:23 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 15:23 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 15:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 15:23 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 15:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 15:23 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


ZeroAccess:
C:\Windows\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974}
C:\Windows\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974}\@
C:\Windows\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974}\L
C:\Windows\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974}\U
C:\Windows\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974}\U\00000001.@
C:\Windows\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974}\U\80000000.@
C:\Windows\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974}\U\800000cb.@

ZeroAccess:
C:\Users\bing\AppData\Local\{5d463ba7-dce0-4c6e-e783-06357ec45974}
C:\Users\bing\AppData\Local\{5d463ba7-dce0-4c6e-e783-06357ec45974}\@
C:\Users\bing\AppData\Local\{5d463ba7-dce0-4c6e-e783-06357ec45974}\L
C:\Users\bing\AppData\Local\{5d463ba7-dce0-4c6e-e783-06357ec45974}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 2932.55 MB
Available physical RAM: 2375.27 MB
Total Pagefile: 2930.75 MB
Available Pagefile: 2364.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:51 GB) (Free:9.49 GB) NTFS
2 Drive d: () (Fixed) (Total:226.99 GB) (Free:137.74 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:20 GB) (Free:3.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.64 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 3745 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 20 GB 1024 KB
Partition 2 Primary 100 MB 20 GB
Partition 3 Primary 51 GB 20 GB
Partition 0 Extended 226 GB 71 GB
Partition 4 Logical 226 GB 71 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F RECOVERY NTFS Partition 20 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 51 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 226 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT32 Removable 3741 MB Healthy

==================================================================================
testsigning: ==> Check for possible unsigned malware driver <===== ATTENTION!


==========================================================

Last Boot: 2012-07-18 15:36

======================= End Of Log ==========================
 
In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Broni, ty and here is the latest log. COmputer continues to run practically normal . We really havent been using it as much as a precautionary measure because I know it will take a little while to get this sorted out because I can only do so much with computer per day due to psychotic schedule. TNks again. !.
Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-21 20:10:10
Running from H:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
 
You're still seriously infected.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    600 bytes · Views: 3
ty for replies. Based on what IVe posted, have I successfully disabled my anti malware etc while running prior scans?I will run your new scans tonight barring unforseen event. TNks yet again.
 
pls dont close. A,m doing 14 hour days last two days and just dont have the time. Hope to run scan 2morrow. Ty...
 
am still under a terrible schedule. Wife sez computer is still running ok, hope to run combo etc 2morrw. tyvm.
 
combofix has detected lavasoft ad-watch live anti virus and ad watch live running, but I dont see them listed in process, on taskbar, or unistall program or in program list? what should I do? continue scan?
I found a small lavasoft file in program files on the C drive. gonna empty recycle bin too.
 
I got the illegal operation attempted message. I restarted right away. Expected to see report but dug for it in combofile folder and looked for a txt doc. I hope this is the right one. On my desktop it says Im still running in test mode. Is that proper?Here are the logs.
ComboFix 12-07-27.03 - bing 07/27/2012 20:24:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2933.1821 [GMT -4:00]
Running from: C:\Users\bing\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files (x86)\I Want This
C:\ProgramData\FullRemove.exe

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))

2012-07-28 00:28:57 . 2012-07-28 00:28:57 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-07-20 06:44:32 . 2012-07-20 06:44:43 -------- d-----w- C:\FRST
2012-07-19 14:20:16 . 2012-07-19 14:20:16 -------- d-----w- C:\ProgramData\Comodo
2012-07-18 21:57:56 . 2012-07-18 21:57:56 -------- d-----w- C:\ProgramData\CPA_VA
2012-07-18 20:00:39 . 2012-07-03 16:21:18 285328 ----a-w- C:\windows\system32\aswBoot.exe
2012-07-18 19:59:39 . 2012-07-18 21:48:06 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-18 19:59:39 . 2012-07-18 19:59:39 -------- d-----w- C:\Program Files\AVAST Software
2012-07-14 23:12:09 . 2012-07-14 23:12:09 55384 ----a-w- C:\windows\system32\drivers\SBREDrv.sys
2012-07-14 23:09:31 . 2012-07-18 22:01:22 -------- d-----w- C:\ProgramData\Lavasoft
2012-07-14 00:39:53 . 2012-07-22 14:23:25 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-07-13 23:47:14 . 2012-07-13 23:47:14 -------- d-----w- C:\Users\bing\AppData\Roaming\Malwarebytes
2012-07-13 23:47:02 . 2012-07-13 23:47:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-13 23:47:01 . 2012-07-13 23:47:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 23:47:01 . 2012-07-03 17:46:44 24904 ----a-w- C:\windows\system32\drivers\mbam.sys
2012-07-13 23:19:17 . 2012-07-13 23:19:17 -------- d-----w- C:\ProgramData\GFI Software
2012-07-10 11:30:02 . 2012-07-10 11:30:02 -------- d-----w- C:\Users\Default\AppData\Roaming\IObit
2012-07-10 00:25:51 . 2012-07-10 00:25:51 -------- d-sh--w- C:\windows\system32\%APPDATA%
2012-07-06 11:29:15 . 2012-05-31 04:04:02 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2656AB82-F1B6-4D54-B309-47321C178E68}\mpengine.dll
2012-07-03 13:54:32 . 2012-07-09 13:27:59 -------- d-----r- C:\Program Files (x86)\Skype
2012-07-03 13:54:32 . 2012-07-03 13:54:32 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-07-26 20:58:28 . 2012-04-28 15:56:17 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 20:58:28 . 2012-04-28 15:56:17 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-08 12:22:46 . 2011-10-29 19:26:39 58957832 ----a-w- C:\windows\system32\MRT.exe
2012-06-02 22:19:46 . 2012-06-21 11:53:31 38424 ----a-w- C:\windows\system32\wups.dll
2012-06-02 22:19:43 . 2012-06-21 11:53:42 2428952 ----a-w- C:\windows\system32\wuaueng.dll
2012-06-02 22:19:42 . 2012-06-21 11:53:42 57880 ----a-w- C:\windows\system32\wuauclt.exe
2012-06-02 22:19:42 . 2012-06-21 11:53:42 44056 ----a-w- C:\windows\system32\wups2.dll
2012-06-02 22:19:23 . 2012-06-21 11:53:31 701976 ----a-w- C:\windows\system32\wuapi.dll
2012-06-02 22:15:31 . 2012-06-21 11:53:42 2622464 ----a-w- C:\windows\system32\wucltux.dll
2012-06-02 22:15:08 . 2012-06-21 11:53:31 99840 ----a-w- C:\windows\system32\wudriver.dll
2012-06-02 19:19:42 . 2012-06-21 11:53:22 186752 ----a-w- C:\windows\system32\wuwebv.dll
2012-06-02 19:15:12 . 2012-06-21 11:53:22 36864 ----a-w- C:\windows\system32\wuapp.exe
2012-05-15 01:32:33 . 2012-06-13 23:24:04 3146752 ----a-w- C:\windows\system32\win32k.sys
2012-05-04 11:06:22 . 2012-06-13 23:24:07 5559664 ----a-w- C:\windows\system32\ntoskrnl.exe
2012-05-04 10:03:53 . 2012-06-13 23:24:06 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 . 2012-06-13 23:24:06 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 . 2012-06-13 23:24:08 209920 ----a-w- C:\windows\system32\profsvc.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 08:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 08:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-28 05:40:59 39408]
"Advanced SystemCare 5"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 22:39:50 574296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 06:33:10 1155928]
"SSBkgdUpdate"="C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 16:03:38 210472]
"PaperPort PTD"="C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 06:07:00 29984]
"IndexSearch"="C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 06:05:10 46368]
"PPort11reminder"="C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 16:01:58 328992]
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-11-13 06:58:31 273528]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-11-30 01:38:18 421888]
"iTunesHelper"="D:\Program Files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 01:51:12 421160]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 18:02:04 254696]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 05:53:50 843712]
"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 14:26:54 114688]
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 20:43:16 2621440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 22:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 05:40:43 136176]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-07 23:12:14 160944]
R3 a2acc;a2acc;C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 22:45:28 66320]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 20:58:29 250056]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2010-01-25 12:22:56 245760]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 05:40:43 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 04:34:24 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 20:35:42 187392]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 16:06:08 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2011-10-29 19:22:35 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:39:20 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 09:10:10 57184]
S1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 18:10:34 23208]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\system32\Drivers\SABI.sys [2010-10-07 02:59:00 13824]
S1 SBRE;SBRE;C:\windows\system32\drivers\SBREdrv.sys [2012-07-14 23:12:09 55384]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 09:34:33 60416]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-06-17 19:44:46 3069752]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 05:53:50 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 21:38:14 913752]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 19:22:40 822624]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 13:30:18 508776]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 22:41:46 3048136]
S3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys [2010-04-01 00:25:14 136192]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 23:32:12 158976]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 11:17:36 289280]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 13:30:10 764264]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 13:30:18 268648]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 13:30:18 25960]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 13:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 13:30:22 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 09:22:00 395264]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - WS2IFSL
Contents of the 'Scheduled Tasks' folder
2012-07-27 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 00:22:40 . 2012-07-26 20:58:29]
2012-07-28 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 05:40:52 . 2011-10-28 05:40:43]
2012-07-28 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 05:40:52 . 2011-10-28 05:40:43]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 01:59:40 10144288]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2010-11-29 22:51:28 161304]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2010-11-29 22:51:16 386584]
"Persistence"="C:\windows\system32\igfxpers.exe" [2010-11-29 22:51:22 415256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
------- Supplementary Scan -------
uLocal Page = C:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-ETDWare - C:\Program Files (x86)\Elantech\ETDCtrl.exe

--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c4,b8,ad,39,66,21,cd,01
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-27 19:55:16 Run:1
Running from H:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
ff8dd40f59eeaad9 service deleted successfully.
C:\Windows\System32\Drivers\ff8dd40f59eeaad9.sys moved successfully.
C:\Windows\SysWOW64\shoC2A0.tmp moved successfully.
C:\Windows\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974} moved successfully.
C:\Users\bing\AppData\Local\{5d463ba7-dce0-4c6e-e783-06357ec45974} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====Microsoft\DbgagD\1*]

thank you

"value"="?\03\06\03\128\08?"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
------------------------ Other Running Processes ------------------------
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
**************************************************************************
Completion time: 2012-07-27 20:36:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 00:36:47


I thi
 
We have to fix this one first:
On my desktop it says Im still running in test mode
I missed one entry in FRST log.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart computer normally and see if the message is gone.
 

Attachments

  • fixlist.txt
    77 bytes · Views: 5
Back