Inactive Win7 64-Bit infected by Sirefef.B and Sirefef.Y - laptop keeps restarting

Sora_strife

Sora_strife

Laptop keep restarting

This is my first scanusing Farbar

Scan result of Farbar Recovery Scan Tool Version: 31-08-2012 02
Ran by SYSTEM at 01-09-2012 13:14:13
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Tt eSPORTS THERON Gaming Mouse] "C:\Program Files (x86)\Tt eSPORTS\Tt eSPORTS THERON\THERON.exe" /Automation [19853312 2011-10-20] (Thermaltake)
HKU\Chin\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Chin\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-23] ()
HKU\Chin\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
Tcpip\..\Interfaces\{B91E79EE-AD3B-40B0-9457-950240984870}: [NameServer]8.8.8.8,8.8.4.4
IMEO\backitup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\cdspeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\coverdes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\dpdashboard.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\drivespeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\hpmediasmartwebcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\infotool.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\itunes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\nero.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\neroburnrights.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\nerohome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\neromediahome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\neroscoutoptions.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\nerostartsmart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\nerovision.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\photosnap.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\photosnapviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\recode.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\setupneromobile.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\setupx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\showtime.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\soundtrax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\waveedit.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\Chin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
4 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-26] (LogMeIn Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.)
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2143552 2012-02-05] (TuneUp Software)

==================== Drivers (Whitelisted) ===================

2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-05-10] (Windows (R) Win 7 DDK provider)
3 GT680x; C:\Windows\System32\Drivers\GT680x.sys [22528 2007-02-05] ( )
3 GT680x; C:\Windows\SysWow64\Drivers\GT680x.sys [22528 2007-02-05] ( )
3 Gun; \??\C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys [45176 2011-09-08] ()
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 Mkd2Nadr; C:\Windows\System32\Drivers\Mkd2Nadr.sys [106040 2008-10-17] (AhnLab, Inc.)
3 Mkd3kfNt; C:\Windows\System32\Drivers\Mkd3kfNt.sys [179768 2008-10-17] (AhnLab, Inc.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-08-25] (Duplex Secure Ltd.)
3 Thermnaltake MS6 Filter; C:\Windows\System32\Drivers\MS6Filter.sys [57200 2011-07-31] (Thermaltake)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-01-31] (TuneUp Software)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena\safedrv.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-01 13:14 - 2012-09-01 13:14 - 00000000 ____D C:\FRST
2012-08-31 21:07 - 2012-08-31 21:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFC5A9E814BDC8BC
2012-08-31 21:07 - 2012-08-31 21:07 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\iwprmfgy.sys
2012-08-31 21:04 - 2012-08-31 21:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.274D85DEC69B5D6E
2012-08-31 21:00 - 2012-08-31 21:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29FC90625173D941
2012-08-31 20:54 - 2012-08-31 20:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1BB2545C298349C5
2012-08-31 20:48 - 2012-08-31 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DFA979CE0E521B9C
2012-08-31 20:37 - 2012-08-31 20:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1701922B9302DA1
2012-08-31 20:35 - 2012-08-31 20:35 - 00001660 ____A C:\Windows\PFRO.log
2012-08-31 20:33 - 2012-08-31 20:33 - 00328704 ____A C:\Windows\System32\services.exe.01D52F42BC4EF827
2012-08-31 20:33 - 2012-08-31 20:33 - 00049872 ____A C:\Windows\System32\Drivers\gvlwqjct.sys
2012-08-31 20:28 - 2012-08-31 20:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D45F3F72D8C1D150
2012-08-31 20:23 - 2012-08-31 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6CA1484BF4D2EE83
2012-08-31 20:20 - 2012-08-31 20:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A947DADBDA7764E8
2012-08-31 20:14 - 2012-08-31 20:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B484BFF717A04FA0
2012-08-31 20:09 - 2012-08-31 20:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5ADFCC3A51638D14
2012-08-31 20:03 - 2012-08-31 20:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27183BCF1CD861B4
2012-08-31 19:59 - 2012-08-31 19:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13C5841471146EBF
2012-08-31 19:56 - 2012-08-31 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F8F13767E82C2DD
2012-08-31 19:53 - 2012-08-31 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9D3305B452B2BA3
2012-08-31 19:50 - 2012-08-31 19:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B638264F085930A8
2012-08-31 19:46 - 2012-08-31 19:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.443286B78DCD540D
2012-08-31 19:42 - 2012-08-31 19:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CDB4BA7402376B72
2012-08-31 19:41 - 2012-08-31 21:05 - 00000952 ____A C:\Windows\setupact.log
2012-08-31 19:07 - 2012-08-31 20:23 - 00002243 ____A C:\Windows\epplauncher.mif
2012-08-31 19:00 - 2012-08-31 19:00 - 00743856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-31 19:00 - 2012-08-31 19:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-31 18:59 - 2012-08-31 19:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-31 18:52 - 2012-08-31 18:53 - 12621696 ____A (Microsoft Corporation) C:\Users\Chin\Downloads\mseinstall.exe
2012-08-31 18:47 - 2012-02-05 22:25 - 00034624 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
2012-08-31 18:47 - 2012-02-05 22:25 - 00025920 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll
2012-08-31 18:47 - 2012-02-05 22:25 - 00021312 ____A (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2012-08-31 18:46 - 2012-08-31 18:46 - 00002209 ____A C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2012-08-31 18:46 - 2012-08-31 18:46 - 00002183 ____A C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
2012-08-31 18:45 - 2012-08-31 18:47 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2012-08-31 18:44 - 2012-08-31 18:44 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-31 18:38 - 2012-08-31 18:39 - 00000000 ____D C:\Users\Chin\AppData\Local\{496FA56B-64D5-4D0A-A6D7-BAC7159AAA23}
2012-08-28 05:34 - 2012-08-28 05:35 - 00000000 ____D C:\Users\Chin\AppData\Local\{D6C90752-75CB-4DE5-80C1-191BB641C6A5}
2012-08-27 05:54 - 2012-08-27 06:13 - 22085632 ____A (HUAWEI) C:\Users\Chin\Downloads\HUAWEI-WiMAX-Install-27-37_0.exe
2012-08-27 05:54 - 2012-08-27 06:04 - 10504346 ____A (HUAWEI) C:\Users\Chin\Downloads\HUAWEI-WiMAX-Install-27-37_0.exe.part
2012-08-27 02:26 - 2012-08-31 18:38 - 00000000 ____D C:\Program Files (x86)\Steam
2012-08-27 02:26 - 2012-08-27 02:26 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2012-08-27 02:24 - 2012-08-27 05:43 - 312724153 ____A C:\Users\Chin\Downloads\Suits.S02E10.HDTV.x264-ASAP.[VTV].mp4
2012-08-27 02:24 - 2012-08-27 02:24 - 01606656 ____A C:\Users\Chin\Downloads\SteamInstall.msi
2012-08-27 02:03 - 2012-08-27 02:42 - 00000000 ____D C:\Users\Chin\Downloads\MasterChef US S03E17 HDTV x264-LOL[ettv]
2012-08-26 16:00 - 2012-08-27 04:01 - 00000000 ____D C:\Users\Chin\AppData\Local\{D42E53CF-DADF-4B9B-9683-D657756E94C7}
2012-08-25 15:07 - 2012-08-26 03:08 - 00000000 ____D C:\Users\Chin\AppData\Local\{B8E8E033-AF36-418F-B400-063D2E387CDC}
2012-08-24 15:05 - 2012-08-25 03:06 - 00000000 ____D C:\Users\Chin\AppData\Local\{0DC1F411-7BDA-4C34-8396-FDF3B550F582}
2012-08-21 21:06 - 2012-08-21 21:06 - 00000000 ____D C:\Users\Chin\Desktop\CDs
2012-08-21 21:05 - 2012-08-21 21:17 - 00000000 ____D C:\Users\Chin\Desktop\Files
2012-08-21 11:03 - 2012-08-25 06:22 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2012-08-21 09:06 - 2012-08-26 19:16 - 00000000 ____D C:\Users\Chin\Documents\Guild Wars 2
2012-08-20 10:54 - 2012-08-21 08:10 - 00000000 ____D C:\Users\Chin\Downloads\Gotye- Somebody That I Used To Know DL
2012-08-19 23:01 - 2012-08-21 21:07 - 00000000 ____D C:\Users\Chin\Desktop\New Songs
2012-08-14 00:41 - 2012-08-14 00:44 - 00000000 ____D C:\Users\Chin\Documents\Shiner
2012-08-14 00:41 - 2012-08-14 00:41 - 00000000 ____D C:\Users\Chin\AppData\Local\FLT
2012-08-14 00:28 - 2012-08-14 00:33 - 00000000 ____D C:\Program Files (x86)\Orcs Must Die 2
2012-08-12 22:51 - 2012-08-12 22:51 - 00406127 ____A C:\Users\Chin\Downloads\LWB335 Admin.zip
2012-08-12 17:59 - 2012-08-12 18:00 - 00889416 ____A (Microsoft Corporation) C:\Users\Chin\Downloads\dotNetFx40_Full_setup.exe
2012-08-12 17:49 - 2012-08-12 17:49 - 02959376 ____A (Microsoft Corporation) C:\Users\Chin\Downloads\dotnetfx35setup(1).exe
2012-08-12 17:46 - 2012-08-12 17:47 - 02039808 ____A C:\Users\Chin\Downloads\RemoteHelper-4.2.9.msi
2012-08-11 01:50 - 2012-08-11 01:50 - 00000000 ____D C:\Users\Chin\AppData\Local\{F5076579-6F95-4763-9190-C201380E6325}
2012-08-11 01:49 - 2012-08-11 01:50 - 00000000 ____D C:\Users\Chin\AppData\Local\{3DA3A2AA-4FDF-460A-AA9F-18BB1EFB8247}
2012-08-11 01:41 - 2012-08-21 17:41 - 00000000 ____D C:\Users\Chin\Desktop\Interships
2012-08-06 06:14 - 2012-08-31 19:41 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549949599-1227762095-2554815981-1000UA.job
2012-08-06 06:14 - 2012-08-31 19:41 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549949599-1227762095-2554815981-1000Core.job
2012-08-06 06:14 - 2012-08-06 06:17 - 00000000 ____D C:\Users\Chin\AppData\Local\Facebook
2012-08-06 06:14 - 2012-08-06 06:14 - 00501248 ____A (Facebook Inc.) C:\Users\Chin\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2012-08-05 21:14 - 2012-08-05 21:14 - 00562492 ____A C:\Users\Chin\Downloads\LWB432 Evidence.zip
2012-08-05 19:58 - 2012-08-05 19:58 - 00578598 ____A C:\Users\Chin\Desktop\LWB432.zip
2012-08-05 10:56 - 2012-08-05 10:56 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-03 18:14 - 2012-08-03 18:33 - 69157112 ____A C:\Users\Chin\Downloads\The King 2 Hearts OST.zip
2012-08-02 22:09 - 2012-08-02 22:09 - 00413062 ____A C:\Users\Chin\Downloads\vsfilter.2.39_nt.exe
2012-08-02 22:09 - 2012-08-02 22:09 - 00000000 ____D C:\Program Files (x86)\DirectVobSub

==================== 3 Months Modified Files ================================

2012-08-31 21:07 - 2012-08-31 21:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFC5A9E814BDC8BC
2012-08-31 21:07 - 2012-08-31 21:07 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\iwprmfgy.sys
2012-08-31 21:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-31 21:05 - 2012-08-31 19:41 - 00000952 ____A C:\Windows\setupact.log
2012-08-31 21:04 - 2012-08-31 21:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.274D85DEC69B5D6E
2012-08-31 21:00 - 2012-08-31 21:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29FC90625173D941
2012-08-31 20:57 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-31 20:54 - 2012-08-31 20:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1BB2545C298349C5
2012-08-31 20:48 - 2012-08-31 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DFA979CE0E521B9C
2012-08-31 20:37 - 2012-08-31 20:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1701922B9302DA1
2012-08-31 20:35 - 2012-08-31 20:35 - 00001660 ____A C:\Windows\PFRO.log
2012-08-31 20:33 - 2012-08-31 20:33 - 00328704 ____A C:\Windows\System32\services.exe.01D52F42BC4EF827
2012-08-31 20:33 - 2012-08-31 20:33 - 00049872 ____A C:\Windows\System32\Drivers\gvlwqjct.sys
2012-08-31 20:28 - 2012-08-31 20:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D45F3F72D8C1D150
2012-08-31 20:25 - 2012-04-04 07:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-31 20:23 - 2012-08-31 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6CA1484BF4D2EE83
2012-08-31 20:23 - 2012-08-31 19:07 - 00002243 ____A C:\Windows\epplauncher.mif
2012-08-31 20:20 - 2012-08-31 20:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A947DADBDA7764E8
2012-08-31 20:14 - 2012-08-31 20:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B484BFF717A04FA0
2012-08-31 20:09 - 2012-08-31 20:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5ADFCC3A51638D14
2012-08-31 20:03 - 2012-08-31 20:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27183BCF1CD861B4
2012-08-31 19:59 - 2012-08-31 19:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13C5841471146EBF
2012-08-31 19:56 - 2012-08-31 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F8F13767E82C2DD
2012-08-31 19:53 - 2012-08-31 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9D3305B452B2BA3
2012-08-31 19:50 - 2012-08-31 19:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B638264F085930A8
2012-08-31 19:46 - 2012-08-31 19:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.443286B78DCD540D
2012-08-31 19:42 - 2012-08-31 19:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CDB4BA7402376B72
2012-08-31 19:41 - 2012-08-06 06:14 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549949599-1227762095-2554815981-1000UA.job
2012-08-31 19:41 - 2012-08-06 06:14 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549949599-1227762095-2554815981-1000Core.job
2012-08-31 19:41 - 2011-09-29 18:50 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-549949599-1227762095-2554815981-1000UA.job
2012-08-31 19:41 - 2011-09-29 18:50 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-549949599-1227762095-2554815981-1000Core.job
2012-08-31 19:01 - 2010-08-17 14:06 - 01523840 ____A C:\Windows\WindowsUpdate.log
2012-08-31 19:00 - 2012-08-31 19:00 - 00743856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-31 18:53 - 2012-08-31 18:52 - 12621696 ____A (Microsoft Corporation) C:\Users\Chin\Downloads\mseinstall.exe
2012-08-31 18:46 - 2012-08-31 18:46 - 00002209 ____A C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2012-08-31 18:46 - 2012-08-31 18:46 - 00002183 ____A C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
2012-08-31 18:46 - 2012-04-04 07:06 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-31 18:46 - 2011-05-28 16:52 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-31 18:45 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-31 18:44 - 2009-07-13 20:45 - 00017168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-31 18:44 - 2009-07-13 20:45 - 00017168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-27 06:13 - 2012-08-27 05:54 - 22085632 ____A (HUAWEI) C:\Users\Chin\Downloads\HUAWEI-WiMAX-Install-27-37_0.exe
2012-08-27 06:04 - 2012-08-27 05:54 - 10504346 ____A (HUAWEI) C:\Users\Chin\Downloads\HUAWEI-WiMAX-Install-27-37_0.exe.part
2012-08-27 05:43 - 2012-08-27 02:24 - 312724153 ____A C:\Users\Chin\Downloads\Suits.S02E10.HDTV.x264-ASAP.[VTV].mp4
2012-08-27 02:26 - 2012-08-27 02:26 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2012-08-27 02:24 - 2012-08-27 02:24 - 01606656 ____A C:\Users\Chin\Downloads\SteamInstall.msi
2012-08-18 11:52 - 2010-08-17 17:50 - 00000366 ____A C:\Windows\Tasks\Driver Robot.job
2012-08-12 22:51 - 2012-08-12 22:51 - 00406127 ____A C:\Users\Chin\Downloads\LWB335 Admin.zip
2012-08-12 18:00 - 2012-08-12 17:59 - 00889416 ____A (Microsoft Corporation) C:\Users\Chin\Downloads\dotNetFx40_Full_setup.exe
2012-08-12 17:49 - 2012-08-12 17:49 - 02959376 ____A (Microsoft Corporation) C:\Users\Chin\Downloads\dotnetfx35setup(1).exe
2012-08-12 17:47 - 2012-08-12 17:46 - 02039808 ____A C:\Users\Chin\Downloads\RemoteHelper-4.2.9.msi
2012-08-06 06:14 - 2012-08-06 06:14 - 00501248 ____A (Facebook Inc.) C:\Users\Chin\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2012-08-05 21:14 - 2012-08-05 21:14 - 00562492 ____A C:\Users\Chin\Downloads\LWB432 Evidence.zip
2012-08-05 19:58 - 2012-08-05 19:58 - 00578598 ____A C:\Users\Chin\Desktop\LWB432.zip
2012-08-03 18:33 - 2012-08-03 18:14 - 69157112 ____A C:\Users\Chin\Downloads\The King 2 Hearts OST.zip
2012-08-02 22:09 - 2012-08-02 22:09 - 00413062 ____A C:\Users\Chin\Downloads\vsfilter.2.39_nt.exe
2012-07-31 19:30 - 2012-07-31 19:30 - 00257484 ____A C:\Users\Chin\Downloads\LWB432 Notes Susan Hedge.zip
2012-07-29 17:58 - 2012-07-29 17:58 - 00739832 ____A (Google Inc.) C:\Users\Chin\Downloads\GoogleEarthPluginSetup.exe
2012-07-23 04:17 - 2009-07-13 20:45 - 00414656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-20 02:09 - 2010-08-21 22:44 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-16 09:00 - 2012-06-16 09:00 - 00241231 ____A C:\Users\Chin\Downloads\RIEDEL NOTES (LWB364).zip
2012-06-15 21:56 - 2012-06-15 21:56 - 00572850 ____A C:\Users\Chin\Downloads\LWB406 Public International Law Susan Hedge(2).zip
2012-06-14 22:03 - 2012-06-14 22:03 - 00572850 ____A C:\Users\Chin\Downloads\LWB406 Public International Law Susan Hedge(1).zip
2012-06-11 19:02 - 2012-07-20 02:12 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 00:23 - 2012-06-10 00:23 - 00484023 ____A C:\Users\Chin\Downloads\LWB334.zip
2012-06-08 21:30 - 2012-07-20 01:48 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-20 01:48 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 21:39 - 2012-06-07 21:39 - 00572850 ____A C:\Users\Chin\Downloads\LWB406 Public International Law Susan Hedge.zip
2012-06-05 21:50 - 2012-07-20 01:48 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-20 01:48 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-20 01:48 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-20 01:48 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll


ZeroAccess:
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@

ZeroAccess:
C:\Users\Chin\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Users\Chin\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Users\Chin\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Users\Chin\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4093.2 MB
Available physical RAM: 3486.08 MB
Total Pagefile: 4091.34 MB
Available Pagefile: 3496.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:153.52 GB) (Free:9.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (New Volume) (Fixed) (Total:133.89 GB) (Free:6.66 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:10.67 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (THEIA) (Removable) (Total:14.71 GB) (Free:1.25 GB) FAT32
6 Drive h: () (Removable) (Total:14.9 GB) (Free:3.34 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 3072 KB
Disk 1 Online 14 GB 0 B
Disk 2 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 153 GB 31 KB
Partition 2 Primary 133 GB 153 GB
Partition 3 Primary 10 GB 287 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 153 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D New Volume NTFS Partition 133 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 10 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 14 GB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 14 GB Healthy

==================================================================================

Last Boot: 2012-08-26 19:41

==================== End Of Log =============================

Please help
 

Attachments

  • FRST.txt
    28.4 KB · Views: 1
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

frst2.jpg


When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back