TechSpot

Sirefef/droppers

By DreamPhreak
Sep 20, 2012
  1. 00000004.@, 000000cb.@, 80000000.@, 80000032.@, 80000064.@, Dropper, Sirefef-PL, MalOb-GE, NSIS:Malware-Gen, Java:Agent-AMP, Java:Agent-AMQ, and also the services.exe is infected with Win32:patched-AKC, but services.exe is also a system thing so I cant disable it. These have been found using Avast. Malwarebytes is also constantly reporting that services.exe is trying to connect to a malware website.

    From the instructions in the 5-step topic:
    Malwarebytes Log:
    Malwarebytes Anti-Malware (PRO) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.20.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    David :: GRANDPA-LAPTOP [administrator]

    Protection: Enabled

    9/20/2012 1:07:50 AM
    mbam-log-2012-09-20 (01-07-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 279432
    Time elapsed: 8 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\Installer\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

    (end)​

    Also should note here that I did the instruction to Remove Selected, but when the computer restarted, it just came back.​

    GMER:
    In the instructions, it said to disable the Antivirus, but I didnt want to do that, I would REALLY not want to do that, since every minute or two, it blocks like 5 of those 0000000.@ things, and if I disabled it to scan the system, that would lose the only protection I have and ruin the system by letting it do what it wants.​

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-20 02:41:16
    Windows 6.1.7601 Service Pack 1
    Running: xx20b8my.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb0bb1
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb0bb1@002248d97934 0x61 0xD0 0xFD 0xB9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb0bb1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb0bb1@002248d97934 0x61 0xD0 0xFD 0xB9 ...

    ---- EOF - GMER 1.0.15 ----​

    DDS.txt
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by David at 2:42:12 on 2012-09-20
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2136 [GMT -5:00]
    .
    AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\Protector Suite\upeksvr.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Protector Suite\psqltray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\MediaMall\MediaMallServer.exe
    C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Pen_Tablet.exe
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Windows\system32\dmwu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mSearchAssistant =
    mURLSearchHooks: H - No File
    BHO: Show Naturalreader Bar: {127ad70f-b2b7-4f6a-acd9-c7b1fe48c8c0} - C:\Windows\syswow64\MsiExec.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Naturalsoft IE Bar V9: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    LSP: mswsock.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{38B03B5D-20B2-440A-BB88-131B492A4857} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B5E44F75-FD75-494A-AC8B-8049DB5011B3} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B5E44F75-FD75-494A-AC8B-8049DB5011B3}\7457562727166416D696C697 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B5E44F75-FD75-494A-AC8B-8049DB5011B3}\E4544574541425 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B5E44F75-FD75-494A-AC8B-8049DB5011B3}\E4544574541425D25374 : DhcpNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
    BHO-X64: Show Naturalreader Bar: {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - C:\Windows\syswow64\MsiExec.exe
    BHO-X64: {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: Naturalsoft IE Bar V9: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
    IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\b5l0590i.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
    R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\system32\DRIVERS\MxEFUF64.sys --> C:\Windows\system32\DRIVERS\MxEFUF64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
    R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-16 44808]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-9-16 133912]
    R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-1-28 32336]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-19 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-19 676936]
    R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2012-4-23 3057528]
    R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-11-2 87888]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2011-9-10 91848]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-30 1153368]
    R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
    R2 WebOptimizer;WebOptimizer;C:\Windows\system32\dmwu.exe --> C:\Windows\system32\dmwu.exe [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;C:\Windows\system32\DRIVERS\mstabbtn.sys --> C:\Windows\system32\DRIVERS\mstabbtn.sys [?]
    R3 NETwLv64; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwLv64.sys --> C:\Windows\system32\DRIVERS\NETwLv64.sys [?]
    R3 PGR1394b;PGR IEEE 1394 Bus host controllers;C:\Windows\system32\DRIVERS\PGR1394.sys --> C:\Windows\system32\DRIVERS\PGR1394.sys [?]
    R3 wisdpen;Wacom Penabled MiniDriver;C:\Windows\system32\DRIVERS\wisdpen.sys --> C:\Windows\system32\DRIVERS\wisdpen.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
    S2 Tmntsrv;Trend NT Realtime Service;"C:\Program Files (x86)\Trend Micro\PC-cillin 2002\Tmntsrv.exe" --> C:\Program Files (x86)\Trend Micro\PC-cillin 2002\Tmntsrv.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250568]
    S3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\Windows\system32\DRIVERS\Amps2x64.sys --> C:\Windows\system32\DRIVERS\Amps2x64.sys [?]
    S3 AQFileRestore;AQFileRestore;C:\Windows\system32\DRIVERS\AQFileRestore.sys --> C:\Windows\system32\DRIVERS\AQFileRestore.sys [?]
    S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
    S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 NWVMModem;Virgin Mobile USB Modem Driver;C:\Windows\system32\DRIVERS\nwvmmdm.sys --> C:\Windows\system32\DRIVERS\nwvmmdm.sys [?]
    S3 NWVMPort;Virgin Mobile USB Status Port Driver;C:\Windows\system32\DRIVERS\nwvmser.sys --> C:\Windows\system32\DRIVERS\nwvmser.sys [?]
    S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwvmser2.sys --> C:\Windows\system32\DRIVERS\nwvmser2.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PS3 Media Server;PS3 Media Server;"C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf" --> C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;C:\Windows\system32\Drivers\SmiUsbGrabber3C.sys --> C:\Windows\system32\Drivers\SmiUsbGrabber3C.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VAD_DEV;Virtual Audio Service;C:\Windows\system32\drivers\vad.sys --> C:\Windows\system32\drivers\vad.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-20 06:03:03 -------- d-----w- C:\Users\David\AppData\Roaming\Malwarebytes
    2012-09-20 06:02:27 -------- d-----w- C:\Users\David\AppData\Roaming\Protector Suite
    2012-09-20 05:58:48 -------- d-----w- C:\Users\David\AppData\Roaming\WTablet
    2012-09-20 05:47:19 -------- d-----w- C:\FRST
    2012-09-20 05:42:48 -------- d-----w- C:\Users\David\AppData\Local\Macromedia
    2012-09-20 05:40:07 -------- d-----w- C:\Users\David\AppData\Local\Mozilla
    2012-09-16 09:22:46 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-09-15 00:00:46 436344 ----a-w- C:\Windows\System32\dmwu.exe
    2012-09-15 00:00:46 35328 ----a-w- C:\Windows\System32\ImHttpComm.dll
    2012-09-15 00:00:46 -------- d-----w- C:\Windows\SysWow64\WNLT
    2012-09-15 00:00:46 -------- d-----w- C:\Windows\System32\ARFC
    2012-09-10 02:01:25 -------- d-----w- C:\Program Files\Common Files\SPBA
    2012-09-10 02:01:11 -------- d-----w- C:\Program Files (x86)\Common Files\SPBA
    2012-09-08 21:14:15 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2012-09-08 21:14:14 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-08 21:14:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-08 21:14:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-08 16:23:39 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
    2012-09-07 05:12:44 1918464 ----a-w- C:\Amazon Unbox Video.msi
    2012-09-02 23:25:09 -------- d-----w- C:\Program Files (x86)\Roxio 2011
    2012-09-02 23:21:56 -------- d-----w- C:\ProgramData\Axentra Corporation
    2012-08-23 05:50:44 21040 ------w- C:\Windows\System32\drivers\AQFileRestore.sys
    .
    ==================== Find3M ====================
    .
    2012-09-11 09:14:12 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2012-09-03 04:17:01 499712 ------w- C:\Windows\SysWow64\msvcp71.dll
    2012-09-03 04:17:01 348160 ------w- C:\Windows\SysWow64\msvcr71.dll
    2012-09-03 03:18:36 73416 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-03 03:18:36 696520 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-08-21 09:13:12 266776 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2012-08-21 09:13:11 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
    2012-08-21 09:13:11 142128 ----a-w- C:\Windows\System32\drivers\aswFW.sys
    2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
    2012-08-15 02:14:46 255352 ------w- C:\Windows\SysWow64\awrdscdc.ax
    2012-07-10 07:14:18 829264 ----a-w- C:\Windows\System32\msvcr100.dll
    2012-07-10 07:14:18 608080 ----a-w- C:\Windows\System32\msvcp100.dll
    2012-06-27 20:33:54 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
    .
    ============= FINISH: 2:43:35.31 ===============​

    DDS Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/29/2010 11:24:26 PM
    System Uptime: 9/20/2012 1:18:33 AM (1 hours ago)
    .
    Motherboard: Gateway | |
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | uFCPGA2 | 2001/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 228.686 GiB free.
    E: is FIXED (NTFS) - 0 GiB total, 0.014 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP525: 9/19/2012 9:45:15 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Amazon Add to Wish List IE Extension 1.1
    Amazon Cloud Drive
    Amazon Kindle
    Amazon MP3 Uploader
    Amazon Send to Kindle
    Amazon Unbox Video
    Apple Application Support
    Apple Software Update
    AudibleManager
    avast! Internet Security
    Broadband2Go
    calibre
    CameraHelperMsi
    CourseSmart Bookshelf
    D3DX10
    DC++ 0.750
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dragon NaturallySpeaking 10
    DYMO Label v.8
    erLT
    Freez Screen Video Capture v1.2
    Google Chrome
    Google Drive
    Google Earth Plug-in
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    IMinent Toolbar
    InstallVC90Support
    Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 6 Update 7
    Junk Mail filter update
    katevoice
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.65.0.1400
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Project Professional 2003
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Visio Professional 2003
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server PowerPivot for Excel (32-bit)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Natural Voice Mike16
    NaturalReader10
    NOOK Study
    Notepad++
    PaulVoice
    PC Pitstop Optimize3 3.0
    Pen Tablet
    PlayOn
    PTDD Super Fdisk 1.0
    QuickTime
    RealUpgrade 1.1
    ScanSoft OmniPage 16
    ScanSoft PaperPort 11
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    SHRM Learning System 2007
    SMI Grabber Device
    Spybot - Search & Destroy
    SpyHunter
    System Requirements Lab for Intel
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    USB2.0 ATV
    Virgin Mobile Broadband Modem Drivers
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    VLC media player 2.0.2
    VLC Setup Helper
    WhiteSmoke
    WhiteSmoke Translator
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    WinRAR archiver
    Wondershare PPT2Video Pro 6.1.10
    Xvid 1.2.2 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/20/2012 12:43:42 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/20/2012 12:39:08 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    9/20/2012 12:38:09 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    9/20/2012 12:38:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/20/2012 12:38:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/20/2012 12:38:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/20/2012 12:37:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/20/2012 12:37:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    9/20/2012 12:37:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache spldr Wanarpv6
    9/20/2012 12:34:35 AM, Error: Service Control Manager [7023] - The Internet Connection Sharing (ICS) service terminated with the following error: %%-2147467243
    9/20/2012 12:34:31 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/20/2012 12:34:31 AM, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/20/2012 12:34:31 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/20/2012 12:34:31 AM, Error: Service Control Manager [7038] - The ALG service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/20/2012 12:34:31 AM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
    9/20/2012 12:34:31 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    9/20/2012 12:34:31 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    9/20/2012 12:34:31 AM, Error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not start due to a logon failure.
    9/20/2012 12:34:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    9/20/2012 12:34:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/20/2012 12:34:16 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    9/20/2012 12:28:58 AM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259
    9/20/2012 1:21:13 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    9/20/2012 1:21:13 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.11, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    9/20/2012 1:20:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    9/20/2012 1:20:24 AM, Error: Service Control Manager [7000] - The Trend NT Realtime Service service failed to start due to the following error: The system cannot find the file specified.
    9/20/2012 1:20:22 AM, Error: Service Control Manager [7000] - The PC-Cillin Personal Firewall service failed to start due to the following error: The system cannot find the file specified.
    9/20/2012 1:19:03 AM, Error: Service Control Manager [7001] - The Tmfilter service depends on the Tmpreflt service which failed to start because of the following error: The system cannot find the file specified.
    9/20/2012 1:19:03 AM, Error: Service Control Manager [7000] - The Vsapint service failed to start due to the following error: The system cannot find the file specified.
    9/20/2012 1:19:03 AM, Error: Service Control Manager [7000] - The Tmpreflt service failed to start due to the following error: The system cannot find the file specified.
    9/19/2012 5:46:12 AM, Error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The system cannot find the path specified.
    9/19/2012 5:46:12 AM, Error: Service Control Manager [7000] - The PnP-X IP Bus Enumerator service failed to start due to the following error: The system cannot find the path specified.
    9/19/2012 5:43:38 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    9/19/2012 12:07:59 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    9/19/2012 12:07:44 AM, Error: Ntfs [137] - The default transaction resource manager on volume \Device\HarddiskVolume6 encountered a non-retryable error and could not start. The data contains the error code.
    9/19/2012 11:48:17 PM, Error: Service Control Manager [7031] - The MediaMall Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    9/19/2012 11:47:45 PM, Error: Service Control Manager [7031] - The MediaMall Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    9/19/2012 11:47:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MediaMall Server service.
    9/18/2012 6:37:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MediaMall Server service to connect.
    9/18/2012 5:16:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EventSystem service.
    9/18/2012 5:14:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WebOptimizer service to connect.
    9/18/2012 5:14:50 AM, Error: Service Control Manager [7000] - The WebOptimizer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/17/2012 6:09:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
    9/17/2012 6:07:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DYMO PnP Service service to connect.
    9/17/2012 6:07:20 PM, Error: Service Control Manager [7000] - The DYMO PnP Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/17/2012 6:06:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    9/17/2012 6:06:17 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/17/2012 5:08:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
    9/17/2012 2:53:17 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.11. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
    9/17/2012 2:22:17 AM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is AKIOLAPTOP.
    9/15/2012 5:49:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    9/15/2012 5:41:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
    9/14/2012 12:33:36 AM, Error: Ntfs [137] - The default transaction resource manager on volume \Device\HarddiskVolume5 encountered a non-retryable error and could not start. The data contains the error code.
    9/14/2012 12:13:13 AM, Error: Ntfs [137] - The default transaction resource manager on volume \Device\HarddiskVolume7 encountered a non-retryable error and could not start. The data contains the error code.
    9/13/2012 12:51:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    9/13/2012 12:28:47 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    9/13/2012 12:24:55 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    9/13/2012 12:24:30 AM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
    9/13/2012 12:22:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    9/13/2012 12:22:38 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/13/2012 12:21:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
    9/13/2012 12:21:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    9/13/2012 1:11:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WMI Performance Adapter service to connect.
    9/13/2012 1:11:24 AM, Error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  2. DreamPhreak

    DreamPhreak TS Rookie Topic Starter

    Installed MSE, detected all of the stuff as Sirefef, and quarantined all of the infected files. Now everything seems to have calmed down. Not saying this problem is fixed though, still might need to clean up registry and also that services.exe, I think it has still not been fixed. And of course, waiting for you, TechSpot experts, to take a look at this topic and tell me what to do next. ;) Computer is off for now, need sleep, 5:10am.
     
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  4. DreamPhreak

    DreamPhreak TS Rookie Topic Starter

    Thanks, instructions are very easy to follow. Here are the logs:

    FRST.txt:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-09-2012
    Ran by SYSTEM at 20-09-2012 14:05:12
    Running from E:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup [85320 2012-02-08] (Authentec Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKU\Cathyrn\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-30] (Google Inc.)
    HKU\Cathyrn\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKU\Grandpa\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-30] (Google Inc.)
    HKU\Grandpa\...\Run: [Google Update] "C:\Users\Grandpa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-30] (Google Inc.)
    HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-30] (Google Inc.)
    HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll

    ==================== Services (Whitelisted) ===================

    2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23] (Amazon.com)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
    2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [133912 2012-08-21] (AVAST Software)
    2 DymoPnpService; "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe" [32336 2011-01-28] (Sanford, L.P.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    2 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [3057528 2012-09-10] (MediaMall Technologies, Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 NvtlService; "C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe" [87888 2010-11-02] ()
    2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [91848 2012-05-16] (PC Pitstop LLC)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 WebOptimizer; C:\Windows\System32\dmwu.exe [436344 2012-08-16] ()
    3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]
    3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
    3 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf" [x]
    2 Tmntsrv; "C:\Program Files (x86)\Trend Micro\PC-cillin 2002\Tmntsrv.exe" [x]

    ==================== Drivers (Whitelisted) =====================

    1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
    3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2x64.sys [21504 2007-10-15] ((Standard mouse types))
    3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
    3 AQFileRestore; C:\Windows\System32\Drivers\AQFileRestore.sys [21040 2011-12-01] ()
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
    1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [142128 2012-08-21] (AVAST Software)
    1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
    0 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [12368 2012-06-27] (ALWIL Software)
    0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [266776 2012-08-21] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
    3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
    3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [301784 2012-03-07] (Intel Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
    3 moufiltr; C:\Windows\System32\Drivers\moufiltr.sys [7168 2006-12-26] (Chic)
    3 MSTabBtn; C:\Windows\System32\Drivers\MSTabBtn.sys [12928 2007-03-09] (Quanta Computer Inc.)
    3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-12-11] (MediaMall Technologies, Inc.)
    0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
    3 NWVMModem; C:\Windows\System32\DRIVERS\nwvmmdm.sys [213376 2009-05-15] (Novatel Wireless Inc.)
    3 NWVMPort; C:\Windows\System32\DRIVERS\nwvmser.sys [213376 2009-05-15] (Novatel Wireless Inc.)
    3 NWVMPort2; C:\Windows\System32\DRIVERS\nwvmser2.sys [213376 2009-05-15] (Novatel Wireless Inc.)
    3 PGR1394b; C:\Windows\System32\DRIVERS\PGR1394.sys [88064 2008-03-14] (Point Grey Research)
    3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [821888 2011-01-26] (Windows (R) Win 7 DDK provider)
    3 tifm21; C:\Windows\System32\Drivers\tifm21.sys [319488 2009-10-12] (Texas Instruments)
    3 VAD_DEV; C:\Windows\System32\drivers\vad.sys [24992 2010-11-18] (Windows (R) DDK provider)
    3 wisdpen; C:\Windows\System32\Drivers\wisdpen.sys [36648 2007-07-30] (Wacom Technology)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    2 PCC_PFW; C:\Windows\System32\Drivers\PCC_PFW.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    2 Tmfilter; C:\Windows\System32\drivers\TmXPFlt.sys [x]
    2 Tmpreflt; C:\Windows\System32\drivers\Tmpreflt.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    2 Vsapint; C:\Windows\System32\drivers\Vsapint.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-09-20 01:47 - 2012-09-20 01:46 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-09-20 01:46 - 2012-09-20 01:46 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-20 01:46 - 2012-09-20 01:46 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-20 01:46 - 2012-09-20 01:46 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-20 01:43 - 2012-09-20 01:43 - 00894952 ____A (Oracle Corporation) C:\Users\David\Downloads\jxpiinstall.exe
    2012-09-20 01:39 - 2012-09-20 01:39 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\David\Downloads\tdsskiller.exe
    2012-09-20 00:56 - 2012-09-20 00:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E75D464FB01C940
    2012-09-20 00:48 - 2012-09-20 00:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B633D1F53FD3F586
    2012-09-20 00:38 - 2012-09-20 00:39 - 00003235 ____A C:\Windows\WindowsUpdate.log
    2012-09-20 00:38 - 2012-09-20 00:38 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-20 00:38 - 2012-09-20 00:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-09-20 00:38 - 2012-09-20 00:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-09-20 00:37 - 2012-09-20 00:37 - 12621696 ____A (Microsoft Corporation) C:\Users\David\Downloads\mseinstall.exe
    2012-09-20 00:35 - 2012-09-20 00:48 - 00000000 ____D C:\Users\David\AppData\Roaming\Notepad++
    2012-09-20 00:34 - 2012-09-20 00:34 - 00000000 ____D C:\Users\David\AppData\Roaming\Zeon
    2012-09-19 23:41 - 2012-09-19 23:41 - 00000665 ____A C:\Users\David\Desktop\gmer.log
    2012-09-19 22:43 - 2012-09-19 22:43 - 00607260 ____R (Swearware) C:\Users\David\Downloads\dds.com
    2012-09-19 22:18 - 2012-09-19 22:18 - 00000904 ____A C:\Windows\PFRO.log
    2012-09-19 22:12 - 2012-09-19 22:12 - 00302592 ____A C:\Users\David\Downloads\xx20b8my.exe
    2012-09-19 22:04 - 2012-09-19 22:04 - 00000000 ____A C:\Users\David\Documents\test.txt
    2012-09-19 22:03 - 2012-09-19 22:03 - 00000000 ____D C:\Users\David\AppData\Roaming\Malwarebytes
    2012-09-19 22:02 - 2012-09-19 22:02 - 00113984 ____A C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-19 22:02 - 2012-09-19 22:02 - 00000000 ____D C:\Users\David\AppData\Roaming\Protector Suite
    2012-09-19 21:58 - 2012-09-20 01:57 - 00000000 ____D C:\Users\David\AppData\Roaming\WTablet
    2012-09-19 21:49 - 2012-09-19 21:50 - 00021555 ____A C:\Users\David\Downloads\FRST.txt
    2012-09-19 21:47 - 2012-09-19 21:47 - 00000000 ____D C:\FRST
    2012-09-19 21:46 - 2012-09-19 21:47 - 01454263 ____A (Farbar) C:\Users\David\Downloads\FRST64.exe
    2012-09-19 21:42 - 2012-09-19 21:42 - 00000000 ____D C:\Users\David\AppData\Local\Macromedia
    2012-09-19 21:40 - 2012-09-19 21:40 - 00000000 ____D C:\Users\David\AppData\Roaming\Mozilla
    2012-09-19 21:40 - 2012-09-19 21:40 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
    2012-09-19 21:40 - 2012-09-19 21:40 - 00000000 ____D C:\Users\David\AppData\Local\Mozilla
    2012-09-19 21:37 - 2012-09-19 22:00 - 00000000 ____D C:\users\David
    2012-09-19 21:37 - 2012-09-19 21:37 - 00000020 ___SH C:\Users\David\ntuser.ini
    2012-09-19 21:37 - 2012-08-03 02:24 - 00000000 ____D C:\Users\David\AppData\LocalGoogle
    2012-09-19 21:37 - 2012-08-03 02:24 - 00000000 ____D C:\Users\David\AppData\Local\Google
    2012-09-19 21:37 - 2012-04-11 11:22 - 00000000 ____D C:\Users\David\AppData\Local\Microsoft Help
    2012-09-19 21:37 - 2011-03-31 09:33 - 00000000 ____D C:\Users\David\AppData\Roaming\Macromedia
    2012-09-19 20:58 - 2012-09-19 20:58 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-19 14:35 - 2012-09-20 01:56 - 00000504 ____A C:\Windows\setupact.log
    2012-09-19 14:35 - 2012-09-19 14:35 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-17 03:02 - 2012-09-17 03:02 - 00439667 ____A C:\Users\Grandpa\Documents\Grandpabackupfinger.VTP
    2012-09-16 19:29 - 2012-09-14 20:37 - 785711408 ___RA C:\Users\Cathyrn\Desktop\The Warriors 1979 720p BRRip - zeberzee.mp4
    2012-09-16 19:29 - 2012-09-14 20:26 - 00047449 ___RA C:\Users\Cathyrn\Desktop\The Warriors 1979 720p BRRip.srt
    2012-09-16 15:04 - 2012-09-16 21:09 - 00000000 ____D C:\Users\Cathyrn\AppData\Roaming\vlc
    2012-09-16 14:27 - 2012-09-14 20:40 - 732973306 ___RA C:\Users\Cathyrn\Desktop\The.Road.2009.720p.BrRip.264.YIFY.mp4
    2012-09-16 14:08 - 2012-09-16 14:08 - 00000000 ____D C:\Users\Cathyrn\AppData\LocalGoogle
    2012-09-16 02:00 - 2012-09-18 03:28 - 00000000 ____D C:\Users\Grandpa\Downloads\Person.of.Interest.S01E23.HDTV.XviD
    2012-09-16 01:59 - 2012-09-18 03:29 - 00000000 ____D C:\Users\Grandpa\Downloads\Magic.City.S01
    2012-09-16 01:57 - 2012-09-18 03:28 - 00000000 ____D C:\Users\Grandpa\Downloads\Perception S01E08 HDTV x264-LOL[ettv]
    2012-09-14 16:00 - 2012-09-14 19:44 - 00000000 ____D C:\Windows\SysWOW64\WNLT
    2012-09-14 16:00 - 2012-09-14 16:00 - 00000000 ____D C:\Windows\System32\ARFC
    2012-09-14 16:00 - 2012-08-16 03:44 - 00436344 ____A C:\Windows\System32\dmwu.exe
    2012-09-14 16:00 - 2012-08-16 03:43 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
    2012-09-09 18:01 - 2012-09-09 18:01 - 00000000 ____D C:\Program Files\Common Files\SPBA
    2012-09-09 17:57 - 2012-09-09 17:58 - 56033319 ____A C:\Users\Grandpa\Downloads\PS_WBF5.9.6.7121-64bit.zip
    2012-09-08 16:49 - 2012-09-08 16:49 - 00000459 ___AH C:\Users\Grandpa\Documents\maxdesk.ini2
    2012-09-08 16:47 - 2012-09-08 17:57 - 00000210 ___AH C:\Users\Grandpa\Documents\PP11Thumbs.ptn2
    2012-09-08 16:46 - 2012-09-08 16:49 - 00002201 ___AH C:\Users\Grandpa\Documents\PP11Thumbs.ptn
    2012-09-08 13:14 - 2012-09-19 21:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-08 13:14 - 2012-09-08 13:14 - 00000000 ____D C:\Users\Grandpa\AppData\Roaming\Malwarebytes
    2012-09-08 13:14 - 2012-09-08 13:14 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-08 13:14 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-08 13:14 - 2010-11-29 14:42 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
    2012-09-08 08:23 - 2012-09-08 08:23 - 00001206 ____A C:\Users\Public\Desktop\SpyHunter.lnk
    2012-09-08 08:23 - 2012-09-08 08:23 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
    2012-09-08 06:02 - 2012-09-08 16:49 - 00000000 ____D C:\Users\Grandpa\Documents\Nuance Data Collector
    2012-09-06 21:13 - 2012-09-06 21:13 - 00001972 ____A C:\Users\Public\Desktop\Amazon Unbox.lnk
    2012-09-06 21:12 - 2012-09-06 21:12 - 01918464 ____A C:\Amazon Unbox Video.msi
    2012-09-06 21:12 - 2012-09-06 21:12 - 00006129 ____A C:\0x0409.ini
    2012-09-06 20:05 - 2012-09-06 20:05 - 00000000 ____D C:\Users\Grandpa\AppData\Local\IsolatedStorage
    2012-09-06 16:31 - 2012-09-06 16:31 - 00001922 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2012-09-04 19:04 - 2012-09-04 19:04 - 00000215 ____A C:\Users\Grandpa\Documents\docid=105133812&type=MonthlyStatement.log
    2012-09-03 14:32 - 2012-09-03 14:33 - 00000000 ____D C:\Users\Grandpa\AppData\Local\{49224168-B5E6-4EEE-AC18-AB00E077D52D}
    2012-09-03 09:59 - 2012-09-03 10:05 - 00040448 __ASH C:\Users\Grandpa\Thumbs.db
    2012-09-03 09:59 - 2012-09-03 09:59 - 00000546 ____A C:\Users\Grandpa\media - Shortcut.lnk
    2012-09-02 15:27 - 2012-09-08 16:49 - 00000000 ____D C:\Users\Grandpa\Documents\My PhotoShows
    2012-09-02 15:25 - 2012-09-08 05:04 - 00000000 ____D C:\Program Files (x86)\Roxio 2011
    2012-09-02 15:24 - 2012-09-08 04:49 - 00000000 ____D C:\Users\Public\Roxio Streamer
    2012-09-02 15:21 - 2012-09-02 15:21 - 00000000 ____D C:\Users\All Users\Axentra Corporation
    2012-09-02 14:05 - 2012-09-02 14:20 - 1383346176 ____A C:\Users\Grandpa\Documents\Roxio2011Content_J898AXD0SQA.exe
    2012-09-02 14:04 - 2012-09-02 14:05 - 330357232 ____A C:\Users\Grandpa\Documents\Roxio2011ProDisc2_J701AXD0FUL.exe
    2012-09-02 13:19 - 2012-09-08 16:49 - 00000000 ____D C:\Users\Grandpa\Documents\My Barnes & Noble eBooks
    2012-09-02 12:47 - 2012-09-08 16:49 - 00000000 ____D C:\Users\Grandpa\Documents\Touchstone
    2012-09-01 20:38 - 2012-09-01 20:38 - 00001156 ____A C:\Users\Grandpa\Desktop\Freez Screen Video Capture.lnk
    2012-09-01 14:56 - 2012-09-01 14:56 - 00013525 ____A C:\Users\Grandpa\Desktop\uTorrent - Shortcut.lnk
    2012-08-30 23:03 - 2012-08-30 23:03 - 00000000 ____D C:\Users\Grandpa\Documents\My Outlook Files
    2012-08-27 20:30 - 2012-08-27 20:30 - 00000314 ____A C:\Users\Grandpa\Documents\texas rebellion.log
    2012-08-27 08:53 - 2012-08-27 08:53 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Brother
    2012-08-27 08:51 - 2012-08-27 08:51 - 00000000 ____D C:\Users\Guest\AppData\LocalGoogle
    2012-08-22 22:27 - 2012-08-22 22:27 - 00000000 ____D C:\Users\Grandpa\AppData\Local\Avanquest_Software
    2012-08-22 21:50 - 2011-12-01 09:52 - 00021040 ____N C:\Windows\System32\Drivers\AQFileRestore.sys
    2012-08-22 21:46 - 2012-08-22 21:46 - 00000000 ____D C:\Users\Public\Documents\BVRP Software
    2012-08-21 00:38 - 2012-08-21 00:38 - 00000000 ___SD C:\Users\Grandpa\Documents\My Data Sources
    2012-08-21 00:26 - 2012-08-21 00:26 - 00007245 ____A C:\Users\Grandpa\Documents\Alpha Sort.txt


    ==================== 3 Months Modified Files ==================

    2012-09-20 01:59 - 2012-04-28 00:45 - 00196608 ____A C:\Windows\System32\Ikeext.etl
    2012-09-20 01:58 - 2012-02-01 09:01 - 00000440 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-09-20 01:57 - 2010-12-30 05:29 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-20 01:56 - 2012-09-19 14:35 - 00000504 ____A C:\Windows\setupact.log
    2012-09-20 01:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-20 01:46 - 2012-09-20 01:47 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-09-20 01:46 - 2012-09-20 01:47 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-09-20 01:46 - 2012-09-20 01:46 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-20 01:46 - 2012-09-20 01:46 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-20 01:46 - 2012-09-20 01:46 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-20 01:46 - 2011-08-29 16:43 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-09-20 01:43 - 2012-09-20 01:43 - 00894952 ____A (Oracle Corporation) C:\Users\David\Downloads\jxpiinstall.exe
    2012-09-20 01:39 - 2012-09-20 01:39 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\David\Downloads\tdsskiller.exe
    2012-09-20 01:29 - 2010-12-30 05:29 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-20 01:28 - 2011-02-08 12:39 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3148581682-600929351-1850680926-1000UA.job
    2012-09-20 01:16 - 2012-04-01 16:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-20 01:12 - 2009-07-13 20:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-20 01:12 - 2009-07-13 20:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-20 00:59 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-09-20 00:56 - 2012-09-20 00:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E75D464FB01C940
    2012-09-20 00:48 - 2012-09-20 00:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B633D1F53FD3F586
    2012-09-20 00:39 - 2012-09-20 00:38 - 00003235 ____A C:\Windows\WindowsUpdate.log
    2012-09-20 00:38 - 2012-09-20 00:38 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-20 00:37 - 2012-09-20 00:37 - 12621696 ____A (Microsoft Corporation) C:\Users\David\Downloads\mseinstall.exe
    2012-09-20 00:00 - 2011-04-28 12:48 - 00000530 ____A C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
    2012-09-19 23:41 - 2012-09-19 23:41 - 00000665 ____A C:\Users\David\Desktop\gmer.log
    2012-09-19 22:43 - 2012-09-19 22:43 - 00607260 ____R (Swearware) C:\Users\David\Downloads\dds.com
    2012-09-19 22:18 - 2012-09-19 22:18 - 00000904 ____A C:\Windows\PFRO.log
    2012-09-19 22:12 - 2012-09-19 22:12 - 00302592 ____A C:\Users\David\Downloads\xx20b8my.exe
    2012-09-19 22:04 - 2012-09-19 22:04 - 00000000 ____A C:\Users\David\Documents\test.txt
    2012-09-19 22:02 - 2012-09-19 22:02 - 00113984 ____A C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-19 21:50 - 2012-09-19 21:49 - 00021555 ____A C:\Users\David\Downloads\FRST.txt
    2012-09-19 21:47 - 2012-09-19 21:46 - 01454263 ____A (Farbar) C:\Users\David\Downloads\FRST64.exe
    2012-09-19 21:37 - 2012-09-19 21:37 - 00000020 ___SH C:\Users\David\ntuser.ini
    2012-09-19 20:58 - 2012-09-19 20:58 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-19 20:28 - 2011-02-08 12:39 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3148581682-600929351-1850680926-1000Core.job
    2012-09-19 14:35 - 2012-09-19 14:35 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-19 06:00 - 2011-04-28 12:47 - 00000422 ____A C:\Windows\Tasks\NatSpeak Periodic Data Collection.job
    2012-09-17 03:02 - 2012-09-17 03:02 - 00439667 ____A C:\Users\Grandpa\Documents\Grandpabackupfinger.VTP
    2012-09-17 03:01 - 2011-01-02 11:18 - 00439667 ____A C:\Users\Grandpa\AppData\Local\backup.vtp
    2012-09-16 23:01 - 2011-04-28 12:48 - 00000506 ____A C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
    2012-09-16 14:19 - 2011-05-20 16:58 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-09-16 14:08 - 2011-02-05 21:33 - 00113984 ____A C:\Users\Cathyrn\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-14 20:40 - 2012-09-16 14:27 - 732973306 ___RA C:\Users\Cathyrn\Desktop\The.Road.2009.720p.BrRip.264.YIFY.mp4
    2012-09-14 20:37 - 2012-09-16 19:29 - 785711408 ___RA C:\Users\Cathyrn\Desktop\The Warriors 1979 720p BRRip - zeberzee.mp4
    2012-09-14 20:26 - 2012-09-16 19:29 - 00047449 ___RA C:\Users\Cathyrn\Desktop\The Warriors 1979 720p BRRip.srt
    2012-09-11 01:14 - 2012-05-05 22:10 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2012-09-09 17:58 - 2012-09-09 17:57 - 56033319 ____A C:\Users\Grandpa\Downloads\PS_WBF5.9.6.7121-64bit.zip
    2012-09-08 17:57 - 2012-09-08 16:47 - 00000210 ___AH C:\Users\Grandpa\Documents\PP11Thumbs.ptn2
    2012-09-08 16:49 - 2012-09-08 16:49 - 00000459 ___AH C:\Users\Grandpa\Documents\maxdesk.ini2
    2012-09-08 16:49 - 2012-09-08 16:46 - 00002201 ___AH C:\Users\Grandpa\Documents\PP11Thumbs.ptn
    2012-09-08 08:23 - 2012-09-08 08:23 - 00001206 ____A C:\Users\Public\Desktop\SpyHunter.lnk
    2012-09-08 05:57 - 2009-07-13 20:45 - 00432376 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-08 05:08 - 2010-12-30 04:50 - 00113984 ____A C:\Users\Grandpa\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-07 14:04 - 2012-09-08 13:14 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-06 21:13 - 2012-09-06 21:13 - 00001972 ____A C:\Users\Public\Desktop\Amazon Unbox.lnk
    2012-09-06 21:12 - 2012-09-06 21:12 - 01918464 ____A C:\Amazon Unbox Video.msi
    2012-09-06 21:12 - 2012-09-06 21:12 - 00006129 ____A C:\0x0409.ini
    2012-09-06 16:31 - 2012-09-06 16:31 - 00001922 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2012-09-04 19:04 - 2012-09-04 19:04 - 00000215 ____A C:\Users\Grandpa\Documents\docid=105133812&type=MonthlyStatement.log
    2012-09-03 10:05 - 2012-09-03 09:59 - 00040448 __ASH C:\Users\Grandpa\Thumbs.db
    2012-09-03 09:59 - 2012-09-03 09:59 - 00000546 ____A C:\Users\Grandpa\media - Shortcut.lnk
    2012-09-02 20:17 - 2011-10-31 22:54 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2012-09-02 20:17 - 2011-10-31 22:54 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-09-02 20:17 - 2011-10-31 22:54 - 00272896 ____N (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-09-02 20:17 - 2011-10-31 22:54 - 00198864 ____N (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-09-02 20:17 - 2011-10-31 22:54 - 00006656 ____N (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-09-02 20:17 - 2011-10-31 22:54 - 00005632 ____N (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-09-02 19:18 - 2012-04-01 15:59 - 00696520 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-02 19:18 - 2011-05-18 08:14 - 00073416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-02 14:20 - 2012-09-02 14:05 - 1383346176 ____A C:\Users\Grandpa\Documents\Roxio2011Content_J898AXD0SQA.exe
    2012-09-02 14:05 - 2012-09-02 14:04 - 330357232 ____A C:\Users\Grandpa\Documents\Roxio2011ProDisc2_J701AXD0FUL.exe
    2012-09-02 11:24 - 2012-05-05 14:57 - 00113984 ____N C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2012-09-01 20:38 - 2012-09-01 20:38 - 00001156 ____A C:\Users\Grandpa\Desktop\Freez Screen Video Capture.lnk
    2012-09-01 14:56 - 2012-09-01 14:56 - 00013525 ____A C:\Users\Grandpa\Desktop\uTorrent - Shortcut.lnk
    2012-08-27 20:30 - 2012-08-27 20:30 - 00000314 ____A C:\Users\Grandpa\Documents\texas rebellion.log
    2012-08-27 08:52 - 2011-03-06 19:44 - 00113984 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-21 15:42 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-21 01:13 - 2012-07-13 20:24 - 00266776 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
    2012-08-21 01:13 - 2012-07-13 20:24 - 00142128 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
    2012-08-21 01:13 - 2012-07-13 20:24 - 00019600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
    2012-08-21 01:13 - 2012-07-13 20:12 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-08-21 01:13 - 2012-07-13 20:12 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-08-21 01:13 - 2012-07-13 20:12 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-08-21 01:13 - 2012-07-13 20:12 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-08-21 01:13 - 2012-07-13 20:12 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-08-21 01:13 - 2012-07-13 20:12 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-08-21 01:12 - 2012-07-13 20:12 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-08-21 01:12 - 2012-07-13 20:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-08-21 01:12 - 2011-05-20 16:58 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-21 00:26 - 2012-08-21 00:26 - 00007245 ____A C:\Users\Grandpa\Documents\Alpha Sort.txt
    2012-08-16 03:44 - 2012-09-14 16:00 - 00436344 ____A C:\Windows\System32\dmwu.exe
    2012-08-16 03:43 - 2012-09-14 16:00 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
    2012-08-15 04:18 - 2011-05-25 20:26 - 00007615 ____A C:\Users\Grandpa\AppData\Local\Resmon.ResmonCfg
    2012-08-14 19:11 - 2012-08-14 18:32 - 00001925 ____A C:\Users\Guest\Desktop\Audible Manager.lnk
    2012-08-14 19:11 - 2012-08-14 18:32 - 00001925 ____A C:\Users\Cathyrn\Desktop\Audible Manager.lnk
    2012-08-14 18:14 - 2012-08-14 18:14 - 00255352 ____N (Audible, Inc.) C:\Windows\SysWOW64\awrdscdc.ax
    2012-08-03 02:14 - 2011-01-04 16:56 - 00000034 ____N C:\Windows\SysWOW64\BD7340.DAT
    2012-07-22 15:56 - 2012-07-22 15:56 - 00016384 __ASH C:\Users\Grandpa\Downloads\Thumbs.db
    2012-07-22 15:54 - 2011-01-08 20:57 - 00000358 _RASH C:\Users\All Users\ntuser.pol
    2012-07-15 21:04 - 2010-12-29 21:44 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-15 21:03 - 2010-12-30 23:11 - 00000039 ____A C:\Windows\vbaddin.ini
    2012-07-14 09:33 - 2012-07-14 09:33 - 00041257 ____A C:\ComboFix.txt
    2012-07-14 09:20 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-07-14 09:07 - 2009-07-13 18:34 - 24903680 ____A C:\Windows\System32\config\SYSTEM.bak
    2012-07-14 09:07 - 2009-07-13 18:34 - 102760448 ____A C:\Windows\System32\config\SOFTWARE.bak
    2012-07-14 09:07 - 2009-07-13 18:34 - 05505024 ____A C:\Windows\System32\config\DEFAULT.bak
    2012-07-14 09:07 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
    2012-07-14 09:07 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
    2012-07-14 05:53 - 2012-07-14 05:53 - 00000524 ____A C:\Windows\wininit.ini
    2012-07-09 23:14 - 2010-03-18 06:36 - 00829264 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
    2012-07-09 23:14 - 2010-03-18 06:36 - 00608080 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
    2012-07-08 19:39 - 2012-07-08 19:39 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-07 22:02 - 2012-07-07 21:46 - 00000782 ____N C:\Windows\SysWOW64\shares.txt
    2012-07-07 21:47 - 2012-07-07 21:47 - 00000782 ____A C:\Users\Grandpa\shares.txt
    2012-07-04 16:19 - 2012-07-04 16:19 - 00000000 ___AH C:\Users\Grandpa\Documents\Default.rdp
    2012-06-27 12:33 - 2012-07-13 20:24 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys


    ZeroAccess:
    C:\Windows\Installer\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}
    C:\Windows\Installer\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\L
    C:\Windows\Installer\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\U

    ZeroAccess:
    C:\Users\Grandpa\AppData\Local\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}
    C:\Users\Grandpa\AppData\Local\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\@
    C:\Users\Grandpa\AppData\Local\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\L
    C:\Users\Grandpa\AppData\Local\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-19 06:46:37
    Restore point made on: 2012-09-20 01:45:45

    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 4094.43 MB
    Available physical RAM: 3416.21 MB
    Total Pagefile: 4092.58 MB
    Available Pagefile: 3424.2 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:227.68 GB) NTFS
    2 Drive e: () (Removable) (Total:7.52 GB) (Free:6.83 GB) FAT32
    3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    4 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 7702 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 465 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 465 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 7702 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    =========================================================

    Last Boot: 2012-09-19 06:37

    ==================== End Of Log =============================​

    Search.txt:
    Farbar Recovery Scan Tool (x64) Version: 19-09-2012
    Ran by SYSTEM at 2012-09-20 14:07:37
    Running from E:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-09-20 00:59] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======​
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi! Are you still with us?

    Update us on the status of your computer, we'd still like to help.

    Topic marked inactive.
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi! This is the last check-in for you. Please update us on your situation here. We'd love to help!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...