Hi, Avast seems to be protecting me well, but I think I'm being attacked by sirefef! The only symptom that indicates sirefef is attacking is a consistent "threat has been detected" by the av program, and a "sirefef" reference in the pop-up notification. I followed the 5-step instructions. Thanks so much for your help!!
MBAM log
(NOTE: I also have a 2012.7.9 log; it revealed "clickpotato" in several places. Let me know if this additional log would be helpful.)
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.10.14
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
amsplanner :: AMSPLANNER-PC [administrator]
Protection: Enabled
7/11/2012 11:44:39 PM
mbam-log-2012-07-11 (23-44-39).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191100
Time elapsed: 8 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Windows\Installer\{73d8f1d4-ac39-3749-fcb5-fac81d57b23d}\U\00000004.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{73d8f1d4-ac39-3749-fcb5-fac81d57b23d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
(end)
GMER log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-12 22:10:38
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2565GSX rev.GJ002J
Running: tuuwt73e.exe; Driver: C:\Users\AMSPLA~1\AppData\Local\Temp\awdcauob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8B6C5744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by amsplanner at 22:43:45 on 2012-07-12
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1771.818 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files\Synaptics\Scrybe\scrybe.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\amsplanner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
uRun: [Google Update] "c:\users\amsplanner\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sra.dot.gov/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{754FDD83-2B54-4669-A884-199EC1ED197E} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{754FDD83-2B54-4669-A884-199EC1ED197E}\14E64627F696461405 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{C203E804-0A84-4668-95A0-690341249771} : DhcpNameServer = 68.87.73.246 68.87.71.230
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-27 353688]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-5 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2010-11-18 284160]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-27 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-9 44808]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-12-9 311376]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-12-6 734592]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2009-11-12 132392]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-10 654408]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2011-3-4 260640]
R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-12-6 243232]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-4 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-12-5 6574080]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-12-5 229888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-5 102416]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-12-5 68208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-10 22344]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-3-4 30464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 26112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-5-30 301608]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-30 33320]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-12-5 82768]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
.
=============== Created Last 30 ================
.
2012-07-11 02:54:49--------d-----w-c:\users\amsplanner\appdata\roaming\Malwarebytes
2012-07-11 02:54:35--------d-----w-c:\programdata\Malwarebytes
2012-07-11 02:54:3122344----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-11 02:54:31--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-07-07 04:45:576762896----a-w-c:\programdata\microsoft\windows defender\definition updates\{c69f2b8b-4c20-476a-a9bf-bc7964c723b7}\mpengine.dll
2012-06-23 16:38:392422272----a-w-c:\windows\system32\wucltux.dll
2012-06-23 16:37:5088576----a-w-c:\windows\system32\wudriver.dll
2012-06-23 16:37:2233792----a-w-c:\windows\system32\wuapp.exe
2012-06-23 16:37:22171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-16 20:38:08--------d-----w-c:\windows\rescache
2012-06-14 02:11:072382848----a-w-c:\windows\system32\mshtml.tlb
2012-06-14 02:11:06140920----a-w-c:\program files\internet explorer\sqmapi.dll
2012-06-14 02:11:05194560----a-w-c:\program files\internet explorer\ieproxy.dll
2012-06-14 02:11:04194048----a-w-c:\program files\internet explorer\IEShims.dll
2012-06-14 02:11:02142848----a-w-c:\windows\system32\ieUnatt.exe
2012-06-14 02:11:011129472----a-w-c:\windows\system32\wininet.dll
2012-06-14 02:10:581800192----a-w-c:\windows\system32\jscript9.dll
2012-06-14 02:10:57748664----a-w-c:\program files\internet explorer\iexplore.exe
2012-06-14 02:10:56678912----a-w-c:\program files\internet explorer\iedvtool.dll
2012-06-14 02:10:56387584----a-w-c:\program files\internet explorer\jsdbgui.dll
2012-06-14 02:10:541427968----a-w-c:\windows\system32\inetcpl.cpl
.
==================== Find3M ====================
.
2012-07-03 16:21:53721000----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:5357656----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:5344784----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21:3241224----a-w-c:\windows\avastSS.scr
2012-05-31 03:50:1518728----a-w-c:\windows\system32\drivers\btwrchid.sys
2012-05-31 03:50:1433320----a-w-c:\windows\system32\drivers\btwl2cap.sys
2012-05-31 03:50:1420008----a-w-c:\windows\system32\btwcoins.dll
2012-05-31 03:50:14114728----a-w-c:\windows\system32\drivers\btwavdt.sys
2012-05-31 03:50:1393224----a-w-c:\windows\system32\drivers\btwaudio.sys
2012-05-31 03:50:13301608----a-w-c:\windows\system32\drivers\btwampfl.sys
2012-05-15 01:05:382343936----a-w-c:\windows\system32\win32k.sys
2012-05-01 04:44:12164352----a-w-c:\windows\system32\profsvc.dll
2012-04-28 03:17:07183808----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:5558880----a-w-c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54129536----a-w-c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:168192----a-w-c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42140288----a-w-c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:421158656----a-w-c:\windows\system32\crypt32.dll
2012-04-24 04:36:42103936----a-w-c:\windows\system32\cryptnet.dll
.
============= FINISH: 22:45:05.36 ===============
DDS "attach" log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 4/26/2011 8:44:59 AM
System Uptime: 7/12/2012 10:02:28 PM (0 hours ago)
.
Motherboard: Acer | | Aspire One 522
Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 117.492 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP146: 6/5/2012 11:08:02 PM - Windows Modules Installer
RP147: 6/8/2012 3:11:38 PM - Windows Update
RP148: 6/12/2012 9:48:45 PM - Windows Update
RP150: 6/13/2012 10:08:19 PM - Windows Modules Installer
RP151: 6/15/2012 11:06:40 PM - Windows Update
RP152: 6/19/2012 6:58:19 PM - Windows Update
RP153: 6/23/2012 12:35:51 PM - Windows Update
RP154: 6/23/2012 12:50:27 PM - Windows Update
RP155: 6/26/2012 10:31:46 PM - Windows Update
RP156: 7/3/2012 10:41:38 PM - Windows Update
RP157: 7/7/2012 12:44:37 AM - Windows Update
.
==== Installed Programs ======================
.
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1 MUI
Amazon Unbox Video
AMD Fuel
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
avast! Free Antivirus
Bing Bar
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Combined Community Codec Pack 2010-10-10
Conexant HD Audio
CutePDF Writer 2.8
DVD Shrink 3.2
ENE USB Card Reader Driver
Glary Utilities 2.42.0.1389
Google Chrome
Google Gmail Notifier
Google Talk Plugin
Google Update Helper
ICDL Book Reader
Identity Card
Java Auto Updater
Java(TM) 6 Update 30
Juniper Installer Service
Juniper Networks Cache Cleaner 6.5.0
Juniper Networks Host Checker
Juniper Networks, Inc. Setup Client
Juniper Terminal Services Client
Launch Manager
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MyWinLocker 4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 4.1
StreamTorrent 1.0
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Service
Welcome Center
WIDCOMM Bluetooth Software
Windows Essentials Media Codec Pack 3.5 [32-Bit]
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
7/8/2012 9:12:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.
7/12/2012 7:22:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/12/2012 10:03:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
7/12/2012 10:02:57 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/12/2012 10:02:56 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/12/2012 10:02:56 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================
MBAM log
(NOTE: I also have a 2012.7.9 log; it revealed "clickpotato" in several places. Let me know if this additional log would be helpful.)
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.10.14
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
amsplanner :: AMSPLANNER-PC [administrator]
Protection: Enabled
7/11/2012 11:44:39 PM
mbam-log-2012-07-11 (23-44-39).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191100
Time elapsed: 8 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Windows\Installer\{73d8f1d4-ac39-3749-fcb5-fac81d57b23d}\U\00000004.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{73d8f1d4-ac39-3749-fcb5-fac81d57b23d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
(end)
GMER log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-12 22:10:38
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2565GSX rev.GJ002J
Running: tuuwt73e.exe; Driver: C:\Users\AMSPLA~1\AppData\Local\Temp\awdcauob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8B6C5744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by amsplanner at 22:43:45 on 2012-07-12
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1771.818 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files\Synaptics\Scrybe\scrybe.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\amsplanner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
uRun: [Google Update] "c:\users\amsplanner\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sra.dot.gov/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{754FDD83-2B54-4669-A884-199EC1ED197E} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{754FDD83-2B54-4669-A884-199EC1ED197E}\14E64627F696461405 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{C203E804-0A84-4668-95A0-690341249771} : DhcpNameServer = 68.87.73.246 68.87.71.230
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-27 353688]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-5 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2010-11-18 284160]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-27 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-9 44808]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-12-9 311376]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-12-6 734592]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2009-11-12 132392]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-10 654408]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2011-3-4 260640]
R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-12-6 243232]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-4 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-12-5 6574080]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-12-5 229888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-5 102416]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-12-5 68208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-10 22344]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-3-4 30464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 26112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-5-30 301608]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-30 33320]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-12-5 82768]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
.
=============== Created Last 30 ================
.
2012-07-11 02:54:49--------d-----w-c:\users\amsplanner\appdata\roaming\Malwarebytes
2012-07-11 02:54:35--------d-----w-c:\programdata\Malwarebytes
2012-07-11 02:54:3122344----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-11 02:54:31--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-07-07 04:45:576762896----a-w-c:\programdata\microsoft\windows defender\definition updates\{c69f2b8b-4c20-476a-a9bf-bc7964c723b7}\mpengine.dll
2012-06-23 16:38:392422272----a-w-c:\windows\system32\wucltux.dll
2012-06-23 16:37:5088576----a-w-c:\windows\system32\wudriver.dll
2012-06-23 16:37:2233792----a-w-c:\windows\system32\wuapp.exe
2012-06-23 16:37:22171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-16 20:38:08--------d-----w-c:\windows\rescache
2012-06-14 02:11:072382848----a-w-c:\windows\system32\mshtml.tlb
2012-06-14 02:11:06140920----a-w-c:\program files\internet explorer\sqmapi.dll
2012-06-14 02:11:05194560----a-w-c:\program files\internet explorer\ieproxy.dll
2012-06-14 02:11:04194048----a-w-c:\program files\internet explorer\IEShims.dll
2012-06-14 02:11:02142848----a-w-c:\windows\system32\ieUnatt.exe
2012-06-14 02:11:011129472----a-w-c:\windows\system32\wininet.dll
2012-06-14 02:10:581800192----a-w-c:\windows\system32\jscript9.dll
2012-06-14 02:10:57748664----a-w-c:\program files\internet explorer\iexplore.exe
2012-06-14 02:10:56678912----a-w-c:\program files\internet explorer\iedvtool.dll
2012-06-14 02:10:56387584----a-w-c:\program files\internet explorer\jsdbgui.dll
2012-06-14 02:10:541427968----a-w-c:\windows\system32\inetcpl.cpl
.
==================== Find3M ====================
.
2012-07-03 16:21:53721000----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:5357656----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:5344784----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21:3241224----a-w-c:\windows\avastSS.scr
2012-05-31 03:50:1518728----a-w-c:\windows\system32\drivers\btwrchid.sys
2012-05-31 03:50:1433320----a-w-c:\windows\system32\drivers\btwl2cap.sys
2012-05-31 03:50:1420008----a-w-c:\windows\system32\btwcoins.dll
2012-05-31 03:50:14114728----a-w-c:\windows\system32\drivers\btwavdt.sys
2012-05-31 03:50:1393224----a-w-c:\windows\system32\drivers\btwaudio.sys
2012-05-31 03:50:13301608----a-w-c:\windows\system32\drivers\btwampfl.sys
2012-05-15 01:05:382343936----a-w-c:\windows\system32\win32k.sys
2012-05-01 04:44:12164352----a-w-c:\windows\system32\profsvc.dll
2012-04-28 03:17:07183808----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:5558880----a-w-c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54129536----a-w-c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:168192----a-w-c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42140288----a-w-c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:421158656----a-w-c:\windows\system32\crypt32.dll
2012-04-24 04:36:42103936----a-w-c:\windows\system32\cryptnet.dll
.
============= FINISH: 22:45:05.36 ===============
DDS "attach" log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 4/26/2011 8:44:59 AM
System Uptime: 7/12/2012 10:02:28 PM (0 hours ago)
.
Motherboard: Acer | | Aspire One 522
Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 117.492 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP146: 6/5/2012 11:08:02 PM - Windows Modules Installer
RP147: 6/8/2012 3:11:38 PM - Windows Update
RP148: 6/12/2012 9:48:45 PM - Windows Update
RP150: 6/13/2012 10:08:19 PM - Windows Modules Installer
RP151: 6/15/2012 11:06:40 PM - Windows Update
RP152: 6/19/2012 6:58:19 PM - Windows Update
RP153: 6/23/2012 12:35:51 PM - Windows Update
RP154: 6/23/2012 12:50:27 PM - Windows Update
RP155: 6/26/2012 10:31:46 PM - Windows Update
RP156: 7/3/2012 10:41:38 PM - Windows Update
RP157: 7/7/2012 12:44:37 AM - Windows Update
.
==== Installed Programs ======================
.
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1 MUI
Amazon Unbox Video
AMD Fuel
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
avast! Free Antivirus
Bing Bar
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Combined Community Codec Pack 2010-10-10
Conexant HD Audio
CutePDF Writer 2.8
DVD Shrink 3.2
ENE USB Card Reader Driver
Glary Utilities 2.42.0.1389
Google Chrome
Google Gmail Notifier
Google Talk Plugin
Google Update Helper
ICDL Book Reader
Identity Card
Java Auto Updater
Java(TM) 6 Update 30
Juniper Installer Service
Juniper Networks Cache Cleaner 6.5.0
Juniper Networks Host Checker
Juniper Networks, Inc. Setup Client
Juniper Terminal Services Client
Launch Manager
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MyWinLocker 4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 4.1
StreamTorrent 1.0
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Service
Welcome Center
WIDCOMM Bluetooth Software
Windows Essentials Media Codec Pack 3.5 [32-Bit]
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
7/8/2012 9:12:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.
7/12/2012 7:22:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/12/2012 10:03:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
7/12/2012 10:02:57 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/12/2012 10:02:56 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/12/2012 10:02:56 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================