TechSpot

0i763f66bz.exe

Inactive
By DrGreatJob
Jul 13, 2012
  1. Noticed a program running in my task manager - 0i763f66bz.exe "Quartermasters"
    After it hardlocked my PC, I restarted. It promptly shut my computer down after popping up a message stating that the driver for 0i763f66bz.exe is unsigned and can't be used. Subsequent restarts resulted in the same outcome, so I had to start in Safemode.

    Ran MWB, GMER, DDS, and attached logs in that order.
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.13.02

    Windows 7 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.7600.16385
    Sean :: SDMPC [administrator]

    7/13/2012 12:55:32 AM
    mbam-log-2012-07-13 (00-55-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219014
    Time elapsed: 2 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\Installer\{464ff724-9ef5-49e1-2ecb-409d16117d9b}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-13 01:34:56
    Windows 6.1.7600
    Running: w44rectk.exe


    ---- Services - GMER 1.0.15 ----

    Service C:\SystemRoot\System32\Drivers\d8c66226332738e5.sys (*** hidden *** ) [BOOT] d8c66226332738e5 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1
    Run by Sean at 1:37:16 on 2012-07-13
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4091.2407 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    D:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    D:\Dyyno\Dyyno Broadcaster\launcherd.exe
    D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    D:\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Sean\0i763f66bz.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    H:\Program Files\Winamp\winampa.exe
    C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Users\Sean\Desktop\w44rectk.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = ftp=210.107.100.251:8080;http=210.107.100.251:8080;https=210.107.100.251:8080
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    mURLSearchHooks: H - No File
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Steam] "D:\Steam\steam.exe" -silent
    uRun: [Google Update] "C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Dyyno Launcher] "D:\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [0i763f66bz] C:\Users\Sean\0i763f66bz.exe
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
    mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [Regedit32] C:\Windows\system32\regedit.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {74CAD4F9-5085-4F13-8CD5-7F96F4D0B768} - hxxps://rod.sedgwickcounty.org/inc/imgearv1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{C0113441-D76C-41AF-B18D-6AEAD8081676} : DhcpNameServer = 192.168.2.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
    BHO-X64: IDM Helper - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
    mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun-x64: [Regedit32] C:\Windows\system32\regedit.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\hkjgbq82.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    FF - plugin: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Sean\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\hkjgbq82.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - plugin: D:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
    FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: D:\Program Files\VideoLAN\VLC\npvlc.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;D:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-2-24 108289]
    R2 AntiVirService;Avira AntiVir Guard;D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-2-24 185089]
    R2 Dyyno Launcher;Dyyno Service;D:\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-8-31 415072]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;D:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-6 8704]
    R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-4-30 14088]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-1-18 6583160]
    R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-1-18 528760]
    R2 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Sean\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-3-16 14544]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 PaeFireStudio;PreSonus FireStudio;C:\Windows\system32\Drivers\PaeFireStudio.sys --> C:\Windows\system32\Drivers\PaeFireStudio.sys [?]
    R3 PaeFireStudioAudio;PreSonus FireStudio Audio;C:\Windows\system32\drivers\PaeFireStudioAudio.sys --> C:\Windows\system32\drivers\PaeFireStudioAudio.sys [?]
    R3 PaeFireStudioMidi;PreSonus FireStudio MIDI;C:\Windows\system32\drivers\PaeFireStudioMidi.sys --> C:\Windows\system32\drivers\PaeFireStudioMidi.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
    S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-6 1038088]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
    S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
    S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-12-27 219360]
    S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe --> d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-13 06:27:13 -------- d-----w- C:\Users\Sean\AppData\Roaming\LockHunter
    2012-07-13 06:26:56 -------- d-----w- C:\Program Files\LockHunter
    2012-07-13 03:24:46 -------- d-----w- C:\Users\Sean\AppData\Roaming\Unity
    2012-07-13 03:17:05 -------- d-----w- C:\Users\Sean\AppData\Roaming\PACE Anti-Piracy
    2012-07-13 03:17:05 -------- d-----w- C:\Users\Sean\AppData\Local\PACE Anti-Piracy
    2012-07-13 03:17:05 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
    2012-07-13 03:17:05 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
    2012-07-13 03:16:22 -------- d-----w- C:\Users\Sean\AppData\Local\Unity
    2012-07-10 05:28:24 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-07-08 20:38:18 -------- d-----w- C:\Users\Sean\AppData\Roaming\.techniclauncher
    2012-07-08 20:23:33 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-07-08 20:23:33 839112 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-07-06 13:35:27 -------- d-----w- C:\Users\Sean\AppData\Local\Chromium
    2012-07-06 13:26:34 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
    2012-07-06 13:22:18 -------- d-----w- C:\ProgramData\Hi-Rez Studios
    2012-06-23 08:50:19 -------- d-----w- C:\Users\Sean\AppData\Local\FlashDevelop
    2012-06-23 00:01:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-23 00:00:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-23 00:00:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-19 19:13:33 -------- d-----w- C:\Users\Sean\AppData\Local\Macromedia
    2012-06-19 18:43:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ==================== Find3M ====================
    .
    2012-07-13 05:02:26 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-13 05:02:26 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-13 05:01:57 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-07-08 04:38:03 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-19 18:43:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 1:38:20.63 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/27/2009 6:50:44 AM
    System Uptime: 7/13/2012 1:04:18 AM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | P55M-UD2
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | Socket 1156 | 2793/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 90 GiB total, 4.954 GiB free.
    D: is FIXED (NTFS) - 506 GiB total, 49.574 GiB free.
    E: is CDROM (UDF)
    F: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.
    H: is FIXED (NTFS) - 2795 GiB total, 2777.824 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VirtualBox Host-Only Ethernet Adapter
    Device ID: ROOT\NET\0001
    Manufacturer: Oracle Corporation
    Name: VirtualBox Host-Only Ethernet Adapter
    PNP Device ID: ROOT\NET\0001
    Service: VBoxNetAdp
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: USB Audio Device
    Device ID: USB\VID_1BAD&PID_F900&IA_01\6&41DB13A&0&01
    Manufacturer: (Generic USB Audio)
    Name: Headset (Afterglow Gamepad for Xbox 360)
    PNP Device ID: USB\VID_1BAD&PID_F900&IA_01\6&41DB13A&0&01
    Service: usbaudio
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: High Definition Audio Device
    Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&1D233200&0&0001
    Manufacturer: Microsoft
    Name: High Definition Audio Device
    PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&1D233200&0&0001
    Service: HdAudAddService
    .
    ==== System Restore Points ===================
    .
    RP300: 6/7/2012 4:36:59 PM - Installed Java(TM) 7 Update 4
    RP302: 6/7/2012 4:37:28 PM - Installed JavaFX 2.1.0
    RP304: 6/7/2012 5:43:54 PM - Installed Quake Live Mozilla Plugin
    RP305: 6/8/2012 5:02:43 PM - Installed DirectX
    RP307: 6/20/2012 6:52:21 AM - Scheduled Checkpoint
    RP309: 6/22/2012 7:00:35 PM - Windows Update
    RP311: 6/30/2012 3:32:47 PM - Windows Update
    RP312: 7/6/2012 8:21:57 AM - Installed Hi-Rez Studios Games
    RP313: 7/6/2012 8:26:15 AM - Installed DirectX
    RP315: 7/8/2012 3:22:58 PM - Installed Java(TM) 7 Update 4 (64-bit)
    RP317: 7/12/2012 11:05:39 PM - Installed TexturePacker
    .
    ==== Installed Programs ======================
    .
    µTorrent
    001 Game Creator 1.010.002
    6500_E709_eDocs
    6500_E709_Help
    6500_E709n
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.3
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Alien Swarm
    Alien Swarm - SDK
    Aliens vs. Predator
    Alpha Protocol
    APB Reloaded
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    AT&T Yahoo! Browser Configuration
    Audacity 1.3.11 (Unicode)
    Audiosurf
    Autodesk FBX Converter x64 2012.2
    Avira AntiVir Personal - Free Antivirus
    Bamboo Dock
    Bastion
    Batman: Arkham Asylum GOTY Edition
    Battlefield 3™
    Battlelog Web Plugins
    Borderlands
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    Browser Configuration Utility
    BufferChm
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    Call of Duty: Modern Warfare 3
    Call of Duty: Modern Warfare 3 - Multiplayer
    Camtasia Studio 6
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cheat Engine 6.1
    Combined Community Codec Pack 2009-09-09
    Connect
    Counter-Strike
    CryEngine(R)2 Sandbox(TM)2
    Crysis
    Crysis® 2
    DAEMON Tools Toolbar
    Darksiders
    DarksidersInstaller
    Dead Island
    Dead Space
    Defence Alliance 2
    Destinations
    Deus Ex: Human Revolution
    DeviceDiscovery
    Diablo III
    DigiTech RP500 Drivers
    DocMgr
    DocProc
    Dual-Core Optimizer
    Duke Nukem 3D HRP V 4.0 (321)
    Dungeon Defenders
    Dyyno Broadcaster
    ESN Sonar
    Facebook Plug-In
    Fallout 3 - Game of the Year Edition
    Fax
    ffdshow v1.1.3516 [2010-07-25]
    FL Studio 10
    FlashDevelop 4.0.0
    Fraps (remove only)
    GameSpy Comrade
    Garry's Mod
    GCFScape 1.7.5
    Gigabyte Raid Configurer
    GoldenEye: Source - HalfLife 2 Mod
    Google Chrome
    Google SketchUp 8
    GPBaseService2
    Grand Theft Auto IV
    Half-Life
    Half-Life 2: Episode Two
    Hi-Rez Studios Authenticate and Update Service
    HiJackThis
    HOARD
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    HP Update
    HPProductAssistant
    HPSSupply
    HydraVision
    IL Download Manager
    Internet Download Manager
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    Just Cause 2
    Killing Floor
    Killing Floor SDK
    kuler
    Left 4 Dead 2
    Left 4 Dead 2 Dedicated Server
    LIMBO
    LogMeIn Hamachi
    Lone Survivor
    Malwarebytes Anti-Malware version 1.62.0.1300
    ManiaPlanet
    MarketResearch
    Medal of Honor Beta
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Expression Blend 3 SDK
    Microsoft Expression Blend 4
    Microsoft Expression Blend 4 Add-in for Adobe FXG Import
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Expression Blend SDK for Windows Phone 7
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight Tools for Visual Studio 2010
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2010 Express for Windows Phone - ENU
    Microsoft Windows Phone 7 Developer Resources
    Microsoft Windows Phone Developer Tools - ENU
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Microsoft XNA Game Studio 4.0
    Microsoft XNA Game Studio 4.0 (ARP entry)
    Microsoft XNA Game Studio 4.0 (Redists)
    Microsoft XNA Game Studio 4.0 (Shared Components)
    Microsoft XNA Game Studio 4.0 (Visual Studio)
    Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
    Microsoft XNA Game Studio 4.0 Documentation
    Microsoft XNA Game Studio 4.0 Windows Phone Extensions
    Microsoft XNA Game Studio Platform Tools
    Mirror's Edge
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mumble 1.2.3
    Natural Selection 2
    Notepad++
    NVIDIA Photoshop Plug-ins 64 bit
    NVIDIA PhysX
    OpenOffice.org 3.1
    Origin
    oZone3D.Net FurMark v1.6.5
    Partition Wizard Home Edition 4.2.2
    PDF Settings CS4
    Peggle Deluxe
    Peggle Nights
    Photoshop Camera Raw
    Poker Night at the Inventory
    Portal 2
    Portal 2 Authoring Tools - Beta
    ProductContext
    Project64 1.6
    PunkBuster Services
    Quake Live Mozilla Plugin
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Respondus LockDown Browser
    RiffTrax DVD Player
    Riva FLV Encoder 2.0
    Scan
    Seagate Dashboard
    Section 8: Prejudice
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    SEGA Genesis & Mega Drive Classics
    Serious Sam 2
    sfArk
    SFPack
    SimCity 4 Deluxe
    Skype Toolbars
    Skype™ 4.2
    SmartWebPrinting
    SolutionCenter
    SONIC THE HEDGEHOG 4 Episode I
    Source SDK
    Source SDK Base 2007
    SQL Server System CLR Types
    Status
    Steam
    Suite Shared Configuration CS4
    Super Mario Bros. X version 1.3
    Super Meat Boy
    Super Meat Boy Editor
    System Requirements Lab
    System Requirements Lab CYRI
    Team Fortress 2
    Team Fortress Classic
    TeamSpeak 3 Client
    Terraria
    TexturePacker
    The Binding Of Isaac
    The Elder Scrolls IV: Oblivion
    The Elder Scrolls V: Skyrim
    The Traveler
    Toolbox
    TrackMania United
    TrayApp
    Tribes: Ascend
    Ubuntu
    Unity
    Unity Web Player
    Universe Sandbox
    Vectorian Giotto 3.0.0
    VLC media player 1.0.5
    VTFEdit 1.2.5
    WebReg
    WebTablet FB Plugin
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Winamp
    Winamp Detector Plug-in
    Windows Phone 7 Add-in for Visual Studio 2010 - ENU
    WPF Toolkit February 2010 (Version 3.5.50211.1)
    X-Edit
    XSplit
    Xvid 1.2.2 final uninstall
    Yahoo! Install Manager
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/9/2012 10:28:56 PM, Error: Application Popup [1060] - \??\C:\Users\Sean\AppData\Local\Temp\mc2561D.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/13/2012 12:50:02 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    7/13/2012 12:50:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/13/2012 12:50:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/13/2012 12:49:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/13/2012 12:49:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/13/2012 12:49:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr sptd TfFsMon TFSysMon VBoxDrv VBoxUSBMon vmm Wanarpv6
    7/13/2012 12:49:16 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/13/2012 12:47:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TFSysMon
    7/13/2012 1:29:37 AM, Error: Service Control Manager [7000] - The USR_Find_Handle service failed to start due to the following error: A device attached to the system is not functioning.
    7/13/2012 1:07:52 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    7/13/2012 1:05:56 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    7/13/2012 1:05:56 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    7/13/2012 1:05:46 AM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    7/13/2012 1:05:46 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/13/2012 1:05:25 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/13/2012 1:04:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd TfFsMon TFSysMon
    7/13/2012 1:04:49 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    7/13/2012 1:04:47 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    7/13/2012 1:04:46 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    7/13/2012 1:04:39 AM, Error: Service Control Manager [7000] - The avgntflt service failed to start due to the following error: A device attached to the system is not functioning.
    7/13/2012 1:04:19 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    7/12/2012 12:34:12 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ROUTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C0113441-D76C-41AF-B18D-6AEAD8081676}. The master browser is stopping or an election is being forced.
    7/10/2012 5:30:57 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    7/10/2012 5:30:57 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    7/10/2012 5:30:57 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    .
    ==== End Of File ===========================
  2. DrGreatJob

    DrGreatJob TS Rookie Topic Starter

    Accidentally posted the wrong MWB log, updated the original post with corrected log.
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
  4. DrGreatJob

    DrGreatJob TS Rookie Topic Starter

    Hi, thank you so much for your help. It is very much so appreciated.

    Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
    Ran by SYSTEM at 14-07-2012 04:02:46
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11464296 2010-09-03] (Realtek Semiconductor)
    HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [346320 2009-08-04] (DeviceVM, Inc.)
    HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
    HKLM-x32\...\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe" [x]
    HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-26] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
    HKLM-x32\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
    HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-01] (Avira Operations GmbH & Co. KG)
    HKU\Sean\...\Run: [Steam] "D:\Steam\steam.exe" -silent [x]
    HKU\Sean\...\Run: [Google Update] "C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-10] (Google Inc.)
    HKU\Sean\...\Run: [Dyyno Launcher] "D:\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104 [x]
    HKU\Sean\...\Run: [0i763f66bz] C:\Users\Sean\0i763f66bz.exe [x]
    HKU\Sean\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-09-23] (AMD)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    ==================== Services (Whitelisted) ======

    2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-01] (Avira Operations GmbH & Co. KG)
    2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-01] (Avira Operations GmbH & Co. KG)
    4 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [219360 2009-08-04] (DeviceVM, Inc.)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-07] ()
    4 DAUpdaterSvc; C:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
    2 Dyyno Launcher; C:\Dyyno\Dyyno Broadcaster\launcherd.exe [x]
    2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [x]
    2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [x]

    ========================== Drivers (Whitelisted) =============

    2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-04-24] (Avira GmbH)
    1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-04-27] (Avira GmbH)
    1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
    0 d8c66226332738e5; C:\Windows\System32\Drivers\d8c66226332738e5.sys [84928 2012-07-12] ()
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2010-02-03] (LogMeIn, Inc.)
    2 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [145008 2011-07-06] (Tonec Inc.)
    3 PaeFireStudio; C:\Windows\System32\Drivers\PaeFireStudio.sys [214776 2010-05-14] (PreSonus Audio Electronics)
    3 PaeFireStudioAudio; C:\Windows\System32\Drivers\PaeFireStudioAudio.sys [39032 2010-05-14] (PreSonus Audio Electronics)
    3 PaeFireStudioMidi; C:\Windows\System32\Drivers\PaeFireStudioMidi.sys [42616 2010-05-14] (PreSonus Audio Electronics)
    3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19912 2009-12-21] ()
    3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13264 2009-12-21] ()
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-09-11] (Duplex Secure Ltd.)
    2 WinRing0_1_2_0; \??\C:\Users\Sean\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [14544 2010-03-16] (OpenLibSys.org)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 gdrv; \??\C:\Windows\gdrv.sys [x]
    0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
    3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
    0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-13 02:09 - 2012-07-13 02:09 - 00000000 ____D C:\FRST
    2012-07-13 01:37 - 2012-07-13 01:37 - 00073732 ____A C:\Users\Sean\Desktop\Extras.Txt
    2012-07-13 01:36 - 2012-07-13 01:36 - 00107586 ____A C:\Users\Sean\Desktop\OTL.Txt
    2012-07-13 01:31 - 2012-07-13 01:31 - 00596480 ____A (OldTimer Tools) C:\Users\Sean\Desktop\OTL.exe
    2012-07-13 01:24 - 2012-07-13 01:24 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Avira
    2012-07-13 01:23 - 2012-07-13 01:23 - 00002001 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
    2012-07-13 01:23 - 2012-05-02 12:24 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
    2012-07-13 01:23 - 2012-04-27 07:20 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
    2012-07-13 01:23 - 2012-04-24 21:32 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
    2012-07-13 01:22 - 2012-07-13 01:22 - 00000000 ____D C:\Users\All Users\Avira
    2012-07-13 01:22 - 2012-07-13 01:22 - 00000000 ____D C:\Program Files (x86)\Avira
    2012-07-13 01:05 - 2012-07-13 01:05 - 00013350 ____A C:\Users\Sean\Desktop\cmd.exe - Shortcut.lnk
    2012-07-12 22:34 - 2012-07-12 22:34 - 00000318 ____A C:\Users\Sean\Desktop\gmer.log
    2012-07-12 22:32 - 2012-07-12 22:32 - 00302592 ____A C:\Users\Sean\Desktop\w44rectk.exe
    2012-07-12 22:27 - 2012-07-12 22:27 - 00000000 ____D C:\Users\Sean\AppData\Roaming\LockHunter
    2012-07-12 22:26 - 2012-07-12 22:26 - 00000000 ____D C:\Program Files\LockHunter
    2012-07-12 21:54 - 2012-07-12 21:54 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-12 21:46 - 2012-07-12 21:46 - 00084928 ____A C:\Windows\System32\Drivers\d8c66226332738e5.sys
    2012-07-12 21:45 - 2012-07-12 21:45 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT
    2012-07-12 21:45 - 2012-07-12 21:45 - 00000003 ____A C:\Windows\System32\HRUPPROG.DIE.NOW
    2012-07-12 20:06 - 2012-07-12 20:06 - 00002887 ____A C:\Users\Sean\Desktop\TexturePackerGUI.lnk
    2012-07-12 19:24 - 2012-07-12 19:56 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Unity
    2012-07-12 19:17 - 2012-07-12 19:24 - 00000000 ____D C:\Users\Sean\AppData\Roaming\PACE Anti-Piracy
    2012-07-12 19:17 - 2012-07-12 19:24 - 00000000 ____D C:\Users\All Users\PACE Anti-Piracy
    2012-07-12 19:17 - 2012-07-12 19:17 - 00000000 ____D C:\Users\Sean\AppData\Local\PACE Anti-Piracy
    2012-07-12 19:16 - 2012-07-12 19:24 - 00000000 ____D C:\Users\Sean\AppData\Local\Unity
    2012-07-12 19:15 - 2012-07-12 19:15 - 00000554 ____A C:\Users\Public\Desktop\Unity.lnk
    2012-07-12 19:15 - 2012-07-12 19:15 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
    2012-07-11 20:26 - 2012-07-11 20:34 - 00000000 ____D C:\Users\Sean\Desktop\Spelunky
    2012-07-09 21:28 - 2012-07-09 21:28 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-09 19:18 - 2012-07-09 19:18 - 00000201 ____A C:\Users\Sean\Desktop\Poker Night at the Inventory.url
    2012-07-09 19:09 - 2012-07-09 19:28 - 00000000 ____D C:\Users\Sean\Desktop\WORK DAMMIT
    2012-07-09 19:03 - 2006-02-26 01:43 - 00000000 ____D C:\Users\Sean\Desktop\DXWnd
    2012-07-09 18:54 - 2012-07-09 18:54 - 00000997 ____A C:\Users\Sean\Desktop\dxwnd - Shortcut.lnk
    2012-07-08 12:38 - 2012-07-08 14:33 - 00000000 ____D C:\Users\Sean\AppData\Roaming\.techniclauncher
    2012-07-08 12:37 - 2012-07-08 12:36 - 00052736 ____A (Technic) C:\Users\Sean\Desktop\TechnicLauncher.exe
    2012-07-08 12:23 - 2012-07-08 12:23 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-07-08 12:23 - 2012-07-08 12:23 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-07-08 12:23 - 2012-07-08 12:23 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-07-08 12:23 - 2012-07-08 12:23 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-07-08 12:23 - 2012-07-08 12:23 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-07-08 12:23 - 2012-07-08 12:23 - 00000000 ____D C:\Program Files\Java
    2012-07-07 21:00 - 2012-07-07 21:00 - 00014374 ____A C:\Users\Sean\Desktop\pbgame.htm
    2012-07-07 21:00 - 2012-07-07 21:00 - 00000063 ____A C:\Users\Sean\Desktop\pbuser.htm
    2012-07-06 05:35 - 2012-07-06 05:35 - 00000000 ____D C:\Users\Sean\AppData\Local\Chromium
    2012-07-06 05:26 - 2012-07-06 05:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls
    2012-07-06 05:22 - 2012-07-06 05:35 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
    2012-07-03 13:08 - 2012-07-03 13:08 - 00004422 ____A C:\Users\Sean\Downloads\wurmclient (1).jnlp
    2012-07-03 11:55 - 2012-07-03 11:55 - 00004422 ____A C:\Users\Sean\Downloads\wurmclient.jnlp
    2012-07-01 15:25 - 2012-07-02 15:52 - 00000030 ____A C:\Users\Sean\Desktop\diablo3.txt
    2012-06-23 00:50 - 2012-06-23 00:50 - 00000000 ____D C:\Users\Sean\AppData\Local\FlashDevelop
    2012-06-22 16:01 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-22 16:01 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-22 16:01 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-22 16:01 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-22 16:00 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-22 16:00 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-21 20:50 - 2012-06-21 20:49 - 00391987 ____A C:\Users\Sean\Desktop\Wrath of the Lamb Version 1.333 (CT Version 1.0 Final).CT
    2012-06-20 04:38 - 2012-06-20 04:38 - 00274304 ____A C:\Windows\Minidump\062012-16458-01.dmp
    2012-06-19 11:13 - 2012-06-19 11:13 - 00000000 ____D C:\Users\Sean\AppData\Local\Macromedia
    2012-06-19 10:43 - 2012-06-19 10:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    ============ 3 Months Modified Files ========================

    2012-07-14 00:08 - 2010-12-10 05:14 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2330434513-1487729799-360401493-1001UA.job
    2012-07-14 00:08 - 2010-12-10 05:14 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2330434513-1487729799-360401493-1001Core.job
    2012-07-13 01:37 - 2012-07-13 01:37 - 00073732 ____A C:\Users\Sean\Desktop\Extras.Txt
    2012-07-13 01:36 - 2012-07-13 01:36 - 00107586 ____A C:\Users\Sean\Desktop\OTL.Txt
    2012-07-13 01:31 - 2012-07-13 01:31 - 00596480 ____A (OldTimer Tools) C:\Users\Sean\Desktop\OTL.exe
    2012-07-13 01:29 - 2009-07-13 20:45 - 00010832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-13 01:29 - 2009-07-13 20:45 - 00010832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-13 01:27 - 2009-07-13 21:13 - 00792120 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-13 01:23 - 2012-07-13 01:23 - 00002001 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
    2012-07-13 01:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-13 01:21 - 2009-07-13 20:51 - 00090375 ____A C:\Windows\setupact.log
    2012-07-13 01:20 - 2010-05-01 06:56 - 00031056 ____A C:\Windows\PFRO.log
    2012-07-13 01:05 - 2012-07-13 01:05 - 00013350 ____A C:\Users\Sean\Desktop\cmd.exe - Shortcut.lnk
    2012-07-12 22:36 - 2011-10-08 21:57 - 00607260 ____R (Swearware) C:\Users\Sean\Desktop\dds.scr
    2012-07-12 22:34 - 2012-07-12 22:34 - 00000318 ____A C:\Users\Sean\Desktop\gmer.log
    2012-07-12 22:32 - 2012-07-12 22:32 - 00302592 ____A C:\Users\Sean\Desktop\w44rectk.exe
    2012-07-12 21:54 - 2012-07-12 21:54 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-12 21:46 - 2012-07-12 21:46 - 00084928 ____A C:\Windows\System32\Drivers\d8c66226332738e5.sys
    2012-07-12 21:45 - 2012-07-12 21:45 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT
    2012-07-12 21:45 - 2012-07-12 21:45 - 00000003 ____A C:\Windows\System32\HRUPPROG.DIE.NOW
    2012-07-12 21:02 - 2010-02-13 06:03 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-12 21:02 - 2010-02-13 06:02 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-12 21:01 - 2010-02-13 06:02 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-12 20:06 - 2012-07-12 20:06 - 00002887 ____A C:\Users\Sean\Desktop\TexturePackerGUI.lnk
    2012-07-12 19:15 - 2012-07-12 19:15 - 00000554 ____A C:\Users\Public\Desktop\Unity.lnk
    2012-07-11 23:10 - 2011-12-20 23:32 - 00000090 ____A C:\Users\Sean\mm.cfg
    2012-07-11 17:47 - 2009-12-27 06:39 - 01450467 ____A C:\Windows\WindowsUpdate.log
    2012-07-09 19:18 - 2012-07-09 19:18 - 00000201 ____A C:\Users\Sean\Desktop\Poker Night at the Inventory.url
    2012-07-09 18:54 - 2012-07-09 18:54 - 00000997 ____A C:\Users\Sean\Desktop\dxwnd - Shortcut.lnk
    2012-07-09 01:30 - 2011-12-27 11:27 - 00000277 ____A C:\Users\Sean\Desktop\APB Reloaded.url
    2012-07-08 12:36 - 2012-07-08 12:37 - 00052736 ____A (Technic) C:\Users\Sean\Desktop\TechnicLauncher.exe
    2012-07-08 12:23 - 2012-07-08 12:23 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-07-08 12:23 - 2012-07-08 12:23 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-07-08 12:23 - 2012-07-08 12:23 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-07-08 12:23 - 2012-07-08 12:23 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-07-08 12:23 - 2012-07-08 12:23 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-07-07 21:00 - 2012-07-07 21:00 - 00014374 ____A C:\Users\Sean\Desktop\pbgame.htm
    2012-07-07 21:00 - 2012-07-07 21:00 - 00000063 ____A C:\Users\Sean\Desktop\pbuser.htm
    2012-07-07 20:38 - 2010-02-13 06:02 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-07-06 05:26 - 2010-01-01 06:32 - 00804567 ____A C:\Windows\DirectX.log
    2012-07-03 13:08 - 2012-07-03 13:08 - 00004422 ____A C:\Users\Sean\Downloads\wurmclient (1).jnlp
    2012-07-03 11:55 - 2012-07-03 11:55 - 00004422 ____A C:\Users\Sean\Downloads\wurmclient.jnlp
    2012-07-03 10:46 - 2011-05-11 15:14 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 15:52 - 2012-07-01 15:25 - 00000030 ____A C:\Users\Sean\Desktop\diablo3.txt
    2012-06-21 20:49 - 2012-06-21 20:50 - 00391987 ____A C:\Users\Sean\Desktop\Wrath of the Lamb Version 1.333 (CT Version 1.0 Final).CT
    2012-06-20 04:38 - 2012-06-20 04:38 - 00274304 ____A C:\Windows\Minidump\062012-16458-01.dmp
    2012-06-19 10:43 - 2012-06-19 10:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-19 10:43 - 2011-06-10 05:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-07 13:37 - 2010-02-20 03:51 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-07 13:37 - 2010-02-20 03:51 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-07 12:47 - 2011-09-25 08:29 - 00002607 ____A C:\Windows\KB893803v2.log
    2012-06-04 18:26 - 2011-03-25 20:46 - 00007599 ____A C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
    2012-06-02 14:19 - 2012-06-22 16:01 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-22 16:01 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-22 16:01 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:15 - 2012-06-22 16:01 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 12:19 - 2012-06-22 16:00 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-06-22 16:00 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-28 11:36 - 2012-05-28 11:36 - 00000752 ____A C:\Users\Sean\Desktop\The Traveler.lnk
    2012-05-28 11:19 - 2012-05-28 11:19 - 00000628 ____A C:\Users\Sean\Desktop\001 Game Creator.lnk
    2012-05-26 11:37 - 2012-05-26 11:36 - 00000846 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-05-25 13:10 - 2012-05-25 13:10 - 00000199 ____A C:\Users\Sean\Desktop\Portal 2.url
    2012-05-18 14:42 - 2011-11-18 04:29 - 00000941 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2012-05-02 12:24 - 2012-07-13 01:23 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
    2012-04-27 07:20 - 2012-07-13 01:23 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
    2012-04-24 21:32 - 2012-07-13 01:23 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys

    ZeroAccess:
    C:\Windows\Installer\{464ff724-9ef5-49e1-2ecb-409d16117d9b}
    C:\Windows\Installer\{464ff724-9ef5-49e1-2ecb-409d16117d9b}\@
    C:\Windows\Installer\{464ff724-9ef5-49e1-2ecb-409d16117d9b}\L
    C:\Windows\Installer\{464ff724-9ef5-49e1-2ecb-409d16117d9b}\U
    C:\Windows\Installer\{464ff724-9ef5-49e1-2ecb-409d16117d9b}\U\00000001.@
    C:\Windows\Installer\{464ff724-9ef5-49e1-2ecb-409d16117d9b}\U\80000000.@
    C:\Windows\Installer\{464ff724-9ef5-49e1-2ecb-409d16117d9b}\U\800000cb.@

    ZeroAccess:
    C:\Users\Sean\AppData\Local\{464ff724-9ef5-49e1-2ecb-409d16117d9b}
    C:\Users\Sean\AppData\Local\{464ff724-9ef5-49e1-2ecb-409d16117d9b}\@
    C:\Users\Sean\AppData\Local\{464ff724-9ef5-49e1-2ecb-409d16117d9b}\L
    C:\Users\Sean\AppData\Local\{464ff724-9ef5-49e1-2ecb-409d16117d9b}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 4091.48 MB
    Available physical RAM: 3443.57 MB
    Total Pagefile: 4089.63 MB
    Available Pagefile: 3431.57 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Windows) (Fixed) (Total:90 GB) (Free:3.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (Programs) (Fixed) (Total:506.07 GB) (Free:49.71 GB) NTFS
    3 Drive f: (DVD1) (CDROM) (Total:0.73 GB) (Free:0 GB) UDF
    4 Drive g: () (Removable) (Total:7.45 GB) (Free:4.85 GB) FAT32
    5 Drive h: () (Fixed) (Total:2794.52 GB) (Free:2777.82 GB) NTFS
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 3072 KB
    Disk 1 Online 7633 MB 0 B
    Disk 2 Online 2794 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 89 GB 103 MB
    Partition 3 Primary 506 GB 90 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Windows NTFS Partition 89 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Programs NTFS Partition 506 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 7633 MB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 2794 GB 1024 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H NTFS Partition 2794 GB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-19 11:05

    ======================= End Of Log ==========================
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Additional FRST Scan
    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
  6. DrGreatJob

    DrGreatJob TS Rookie Topic Starter

    Didn't have one created on the C:\ drive, but there was one in G:\ (flash drive):

    Farbar Recovery Scan Tool Version: 11-07-2012
    Ran by SYSTEM at 2012-07-14 06:55:51
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows.old\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    C:\Windows\ERDNT\cache64\services.exe
    [2011-10-09 00:10] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  8. DrGreatJob

    DrGreatJob TS Rookie Topic Starter

    Sorry about the delay, got busy with work.

    Now it seems that I can no longer start Firefox or Steam, not sure if that's related or not. Also, all of my games require validating files. I think something serious is going on. Avira Real Time Protection cannot activate, and when I boot Windows, it starts with regedit open.

    Edit: Seems my PC was locking up on most internet related programs, except Chrome. I fixed my internet issues and everything started working again, except Avira.

    Log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
    Ran by SYSTEM at 2012-07-19 01:45:54 Run:1
    Running from H:\

    ==============================================

    C:\Windows\Installer\{464ff724-9ef5-49e1-2ecb-409d16117d9b} moved successfully.
    C:\Users\Sean\AppData\Local\{464ff724-9ef5-49e1-2ecb-409d16117d9b} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.