Stomalesky
Posts: 11 +0
I saw a few threads like this one and I am another sad victim. There were a couple different solutions offered so I was hoping to get the best fix. MBAM will remove the virus, but it comes back at restart. Blue screen occurs at Windows log in if not in Safe Mode. Let me know if I left something off. Thanks!
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.09.01
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Sara :: SARA-PC [administrator]
10/9/2012 12:17:13 AM
mbam-log-2012-10-09 (00-17-13).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 734614
Time elapsed: 2 hour(s), 51 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-09 22:15:00
Windows 6.1.7601 Service Pack 1
Running: jwrbj095.exe
---- Files - GMER 1.0.15 ----
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PB3ORR\crossdomainCAX3Z07K.xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\B6311719[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\afrCABFPECO.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\afrCAETD5WZ.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\pdCAWPXPS4.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\pdCAZ7O4DA.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\front[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\afrCAR11XNB.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\9[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\ddcCAT22END.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\xd_arbiterCAKBS5FZ.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\pixel[10].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\pixel[9].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\998946705@x96[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\ajs[5].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\ddcCACYFSOB.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\ddcCAEMIVV2.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\ddcCAKU88YE.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\beaconCAT9ZA0Q.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\fashioningtech-319297-09-14-2012[1].mp4 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\fastbuttonCA09E59F.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\fastbuttonCAS90JPH.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\fw-nonplayer-banner[5].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\fw-nonplayer-banner[6].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\sed[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\hannah-montana-movie[1].htm 0 bytes
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Sara at 22:18:22 on 2012-10-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2113 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Sara\Downloads\jwrbj095.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://emachines.msn.com
uDefault_Page_URL = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [AdobeBridge]
uRun: [brvcks] "C:\Windows\System32\rundll32.exe" "C:\Users\Sara\AppData\Roaming\brvcks.dll",get_pCAL
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4D74A898-C1DF-4708-AB94-1E29C1E09FF3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4D74A898-C1DF-4708-AB94-1E29C1E09FF3}\86F6D65602E6564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A33A5EBA-624D-4058-B267-674F0FD4F2DB} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\xwg4xkhe.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111112.030\IDSviA64.sys [2011-11-14 488568]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
S2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-28 244624]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-09 04:15:25 20480 ----a-w- C:\Windows\svchost.exe
2012-10-09 01:34:30 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4487.tmp
2012-10-09 01:34:30 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4476.tmp
2012-10-03 19:04:54 -------- d-----w- C:\Users\Sara\AppData\Local\{358CA652-0D8D-11E2-8271-B8AC6F996F26}
2012-10-03 19:04:51 432640 ----a-w- C:\Users\Sara\AppData\Roaming\brvcks.dll
2012-10-02 18:37:26 -------- d-----w- C:\ProgramData\AVG2013
2012-10-02 14:32:56 -------- d-----w- C:\Users\Sara\AppData\Local\MFAData
2012-10-02 14:32:56 -------- d-----w- C:\Users\Sara\AppData\Local\Avg2013
.
==================== Find3M ====================
.
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 19:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-07-26 07:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 22:18:43.21 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/15/2011 2:06:11 PM
System Uptime: 10/9/2012 12:13:54 AM (22 hours ago)
.
Motherboard: eMachines | | EL1852
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 3192/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 612.19 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2C13614F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2C13614F&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP43: 9/26/2012 6:19:44 PM - Scheduled Checkpoint
RP44: 10/2/2012 2:36:45 PM - Installed AVG 2013
RP45: 10/2/2012 2:37:33 PM - Installed AVG 2013
RP46: 10/2/2012 2:39:07 PM - Removed AVG 2013
RP47: 10/2/2012 2:39:39 PM - Installed AVG 2012
.
==== Installed Programs ======================
.
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5.5 Design Premium
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2 MUI
Agatha Christie - 4:50 from Paddington
Bay Photo
Bay Photo Economy
Bay Photo Emerge
Bejeweled 2 Deluxe
Belkin USB Wireless Adaptor
Big Fish Games: Game Manager
Bing Bar
Build-a-lot 2
Chuzzle Deluxe
Color Efex Pro 3.0 Complete
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Final Drive: Nitro
Galerie de photos Windows Live
Hotkey Utility
Identity Card
IHMC CmapTools v5.05
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 31
Jewel Quest Heritage
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 10.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myPhotopipe ROES
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NETGEAR WG111v3 wireless USB 2.0 adapter
NirSoft BlueScreenView
NOOK for PC
Norton Internet Security
Norton Online Backup
onOne PerfectPresets
PDF Settings CS5
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Times Reader
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Web Album Generator 1.8.2
Welcome Center
WildTangent Games App (eMachines Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
10/9/2012 12:15:07 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/9/2012 12:15:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/9/2012 12:14:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/9/2012 12:14:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/9/2012 12:14:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
10/9/2012 12:14:33 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
10/9/2012 12:14:33 AM, Error: Service Control Manager [7001] - The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/9/2012 12:14:33 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The dependency service or group failed to start.
10/9/2012 12:14:28 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80057cabb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100912-26473-01.
10/9/2012 10:18:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/9/2012 10:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/9/2012 10:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/9/2012 1:43:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/8/2012 9:56:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/8/2012 9:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/8/2012 9:40:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000008000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d12435). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100812-27331-01.
10/8/2012 9:40:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:40:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2012 9:40:33 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2012 9:40:33 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2012 9:40:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2012 10:04:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb382f, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100812-27097-01.
10/7/2012 10:23:38 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.09.01
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Sara :: SARA-PC [administrator]
10/9/2012 12:17:13 AM
mbam-log-2012-10-09 (00-17-13).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 734614
Time elapsed: 2 hour(s), 51 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-09 22:15:00
Windows 6.1.7601 Service Pack 1
Running: jwrbj095.exe
---- Files - GMER 1.0.15 ----
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PB3ORR\crossdomainCAX3Z07K.xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\B6311719[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\afrCABFPECO.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\afrCAETD5WZ.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\pdCAWPXPS4.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\pdCAZ7O4DA.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\front[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\afrCAR11XNB.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EN2PA72\9[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\ddcCAT22END.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\xd_arbiterCAKBS5FZ.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\pixel[10].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\pixel[9].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\998946705@x96[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\ajs[5].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\ddcCACYFSOB.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\ddcCAEMIVV2.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\ddcCAKU88YE.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\beaconCAT9ZA0Q.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\fashioningtech-319297-09-14-2012[1].mp4 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\fastbuttonCA09E59F.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\fastbuttonCAS90JPH.htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\fw-nonplayer-banner[5].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\fw-nonplayer-banner[6].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\sed[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFZ34UO8\hannah-montana-movie[1].htm 0 bytes
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Sara at 22:18:22 on 2012-10-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2113 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Sara\Downloads\jwrbj095.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://emachines.msn.com
uDefault_Page_URL = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [AdobeBridge]
uRun: [brvcks] "C:\Windows\System32\rundll32.exe" "C:\Users\Sara\AppData\Roaming\brvcks.dll",get_pCAL
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4D74A898-C1DF-4708-AB94-1E29C1E09FF3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4D74A898-C1DF-4708-AB94-1E29C1E09FF3}\86F6D65602E6564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A33A5EBA-624D-4058-B267-674F0FD4F2DB} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\xwg4xkhe.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111112.030\IDSviA64.sys [2011-11-14 488568]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
S2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-28 244624]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-09 04:15:25 20480 ----a-w- C:\Windows\svchost.exe
2012-10-09 01:34:30 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4487.tmp
2012-10-09 01:34:30 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4476.tmp
2012-10-03 19:04:54 -------- d-----w- C:\Users\Sara\AppData\Local\{358CA652-0D8D-11E2-8271-B8AC6F996F26}
2012-10-03 19:04:51 432640 ----a-w- C:\Users\Sara\AppData\Roaming\brvcks.dll
2012-10-02 18:37:26 -------- d-----w- C:\ProgramData\AVG2013
2012-10-02 14:32:56 -------- d-----w- C:\Users\Sara\AppData\Local\MFAData
2012-10-02 14:32:56 -------- d-----w- C:\Users\Sara\AppData\Local\Avg2013
.
==================== Find3M ====================
.
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 19:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-07-26 07:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 22:18:43.21 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/15/2011 2:06:11 PM
System Uptime: 10/9/2012 12:13:54 AM (22 hours ago)
.
Motherboard: eMachines | | EL1852
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 3192/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 612.19 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2C13614F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2C13614F&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP43: 9/26/2012 6:19:44 PM - Scheduled Checkpoint
RP44: 10/2/2012 2:36:45 PM - Installed AVG 2013
RP45: 10/2/2012 2:37:33 PM - Installed AVG 2013
RP46: 10/2/2012 2:39:07 PM - Removed AVG 2013
RP47: 10/2/2012 2:39:39 PM - Installed AVG 2012
.
==== Installed Programs ======================
.
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5.5 Design Premium
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2 MUI
Agatha Christie - 4:50 from Paddington
Bay Photo
Bay Photo Economy
Bay Photo Emerge
Bejeweled 2 Deluxe
Belkin USB Wireless Adaptor
Big Fish Games: Game Manager
Bing Bar
Build-a-lot 2
Chuzzle Deluxe
Color Efex Pro 3.0 Complete
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Final Drive: Nitro
Galerie de photos Windows Live
Hotkey Utility
Identity Card
IHMC CmapTools v5.05
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 31
Jewel Quest Heritage
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 10.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myPhotopipe ROES
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NETGEAR WG111v3 wireless USB 2.0 adapter
NirSoft BlueScreenView
NOOK for PC
Norton Internet Security
Norton Online Backup
onOne PerfectPresets
PDF Settings CS5
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Times Reader
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Web Album Generator 1.8.2
Welcome Center
WildTangent Games App (eMachines Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
10/9/2012 12:15:07 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/9/2012 12:15:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/9/2012 12:14:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/9/2012 12:14:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/9/2012 12:14:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
10/9/2012 12:14:33 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
10/9/2012 12:14:33 AM, Error: Service Control Manager [7001] - The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/9/2012 12:14:33 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The dependency service or group failed to start.
10/9/2012 12:14:28 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80057cabb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100912-26473-01.
10/9/2012 10:18:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/9/2012 10:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/9/2012 10:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/9/2012 1:43:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/8/2012 9:56:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/8/2012 9:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/8/2012 9:40:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000008000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d12435). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100812-27331-01.
10/8/2012 9:40:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:40:34 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/8/2012 9:40:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2012 9:40:33 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2012 9:40:33 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2012 9:40:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/8/2012 10:04:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb382f, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100812-27097-01.
10/7/2012 10:23:38 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================