Inactive Sirefef/droppers

D

DreamPhreak

00000004.@, 000000cb.@, 80000000.@, 80000032.@, 80000064.@, Dropper, Sirefef-PL, MalOb-GE, NSIS:Malware-Gen, Java:Agent-AMP, Java:Agent-AMQ, and also the services.exe is infected with Win32:patched-AKC, but services.exe is also a system thing so I cant disable it. These have been found using Avast. Malwarebytes is also constantly reporting that services.exe is trying to connect to a malware website.

From the instructions in the 5-step topic:
Malwarebytes Log:
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: GRANDPA-LAPTOP [administrator]

Protection: Enabled

9/20/2012 1:07:50 AM
mbam-log-2012-09-20 (01-07-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279432
Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)​
Also should note here that I did the instruction to Remove Selected, but when the computer restarted, it just came back.​
GMER:
In the instructions, it said to disable the Antivirus, but I didnt want to do that, I would REALLY not want to do that, since every minute or two, it blocks like 5 of those 0000000.@ things, and if I disabled it to scan the system, that would lose the only protection I have and ruin the system by letting it do what it wants.​
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-20 02:41:16
Windows 6.1.7601 Service Pack 1
Running: xx20b8my.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb0bb1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb0bb1@002248d97934 0x61 0xD0 0xFD 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb0bb1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb0bb1@002248d97934 0x61 0xD0 0xFD 0xB9 ...

---- EOF - GMER 1.0.15 ----​
DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by David at 2:42:12 on 2012-09-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2136 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\dmwu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mSearchAssistant =
mURLSearchHooks: H - No File
BHO: Show Naturalreader Bar: {127ad70f-b2b7-4f6a-acd9-c7b1fe48c8c0} - C:\Windows\syswow64\MsiExec.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Naturalsoft IE Bar V9: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{38B03B5D-20B2-440A-BB88-131B492A4857} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5E44F75-FD75-494A-AC8B-8049DB5011B3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5E44F75-FD75-494A-AC8B-8049DB5011B3}\7457562727166416D696C697 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5E44F75-FD75-494A-AC8B-8049DB5011B3}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5E44F75-FD75-494A-AC8B-8049DB5011B3}\E4544574541425D25374 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
BHO-X64: Show Naturalreader Bar: {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - C:\Windows\syswow64\MsiExec.exe
BHO-X64: {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Naturalsoft IE Bar V9: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\b5l0590i.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\system32\DRIVERS\MxEFUF64.sys --> C:\Windows\system32\DRIVERS\MxEFUF64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-16 44808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-9-16 133912]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-1-28 32336]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-19 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-19 676936]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2012-4-23 3057528]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-11-2 87888]
R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2011-9-10 91848]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-30 1153368]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 WebOptimizer;WebOptimizer;C:\Windows\system32\dmwu.exe --> C:\Windows\system32\dmwu.exe [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;C:\Windows\system32\DRIVERS\mstabbtn.sys --> C:\Windows\system32\DRIVERS\mstabbtn.sys [?]
R3 NETwLv64; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwLv64.sys --> C:\Windows\system32\DRIVERS\NETwLv64.sys [?]
R3 PGR1394b;PGR IEEE 1394 Bus host controllers;C:\Windows\system32\DRIVERS\PGR1394.sys --> C:\Windows\system32\DRIVERS\PGR1394.sys [?]
R3 wisdpen;Wacom Penabled MiniDriver;C:\Windows\system32\DRIVERS\wisdpen.sys --> C:\Windows\system32\DRIVERS\wisdpen.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
S2 Tmntsrv;Trend NT Realtime Service;"C:\Program Files (x86)\Trend Micro\PC-cillin 2002\Tmntsrv.exe" --> C:\Program Files (x86)\Trend Micro\PC-cillin 2002\Tmntsrv.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250568]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\Windows\system32\DRIVERS\Amps2x64.sys --> C:\Windows\system32\DRIVERS\Amps2x64.sys [?]
S3 AQFileRestore;AQFileRestore;C:\Windows\system32\DRIVERS\AQFileRestore.sys --> C:\Windows\system32\DRIVERS\AQFileRestore.sys [?]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NWVMModem;Virgin Mobile USB Modem Driver;C:\Windows\system32\DRIVERS\nwvmmdm.sys --> C:\Windows\system32\DRIVERS\nwvmmdm.sys [?]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;C:\Windows\system32\DRIVERS\nwvmser.sys --> C:\Windows\system32\DRIVERS\nwvmser.sys [?]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwvmser2.sys --> C:\Windows\system32\DRIVERS\nwvmser2.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PS3 Media Server;PS3 Media Server;"C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf" --> C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;C:\Windows\system32\Drivers\SmiUsbGrabber3C.sys --> C:\Windows\system32\Drivers\SmiUsbGrabber3C.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VAD_DEV;Virtual Audio Service;C:\Windows\system32\drivers\vad.sys --> C:\Windows\system32\drivers\vad.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-20 06:03:03 -------- d-----w- C:\Users\David\AppData\Roaming\Malwarebytes
2012-09-20 06:02:27 -------- d-----w- C:\Users\David\AppData\Roaming\Protector Suite
2012-09-20 05:58:48 -------- d-----w- C:\Users\David\AppData\Roaming\WTablet
2012-09-20 05:47:19 -------- d-----w- C:\FRST
2012-09-20 05:42:48 -------- d-----w- C:\Users\David\AppData\Local\Macromedia
2012-09-20 05:40:07 -------- d-----w- C:\Users\David\AppData\Local\Mozilla
2012-09-16 09:22:46 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-15 00:00:46 436344 ----a-w- C:\Windows\System32\dmwu.exe
2012-09-15 00:00:46 35328 ----a-w- C:\Windows\System32\ImHttpComm.dll
2012-09-15 00:00:46 -------- d-----w- C:\Windows\SysWow64\WNLT
2012-09-15 00:00:46 -------- d-----w- C:\Windows\System32\ARFC
2012-09-10 02:01:25 -------- d-----w- C:\Program Files\Common Files\SPBA
2012-09-10 02:01:11 -------- d-----w- C:\Program Files (x86)\Common Files\SPBA
2012-09-08 21:14:15 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-09-08 21:14:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-08 21:14:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-08 21:14:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-08 16:23:39 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2012-09-07 05:12:44 1918464 ----a-w- C:\Amazon Unbox Video.msi
2012-09-02 23:25:09 -------- d-----w- C:\Program Files (x86)\Roxio 2011
2012-09-02 23:21:56 -------- d-----w- C:\ProgramData\Axentra Corporation
2012-08-23 05:50:44 21040 ------w- C:\Windows\System32\drivers\AQFileRestore.sys
.
==================== Find3M ====================
.
2012-09-11 09:14:12 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-09-03 04:17:01 499712 ------w- C:\Windows\SysWow64\msvcp71.dll
2012-09-03 04:17:01 348160 ------w- C:\Windows\SysWow64\msvcr71.dll
2012-09-03 03:18:36 73416 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-03 03:18:36 696520 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-21 09:13:12 266776 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-08-21 09:13:11 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-08-21 09:13:11 142128 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-15 02:14:46 255352 ------w- C:\Windows\SysWow64\awrdscdc.ax
2012-07-10 07:14:18 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2012-07-10 07:14:18 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2012-06-27 20:33:54 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
.
============= FINISH: 2:43:35.31 ===============​
DDS Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2010 11:24:26 PM
System Uptime: 9/20/2012 1:18:33 AM (1 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | uFCPGA2 | 2001/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 228.686 GiB free.
E: is FIXED (NTFS) - 0 GiB total, 0.014 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP525: 9/19/2012 9:45:15 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Amazon Add to Wish List IE Extension 1.1
Amazon Cloud Drive
Amazon Kindle
Amazon MP3 Uploader
Amazon Send to Kindle
Amazon Unbox Video
Apple Application Support
Apple Software Update
AudibleManager
avast! Internet Security
Broadband2Go
calibre
CameraHelperMsi
CourseSmart Bookshelf
D3DX10
DC++ 0.750
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon NaturallySpeaking 10
DYMO Label v.8
erLT
Freez Screen Video Capture v1.2
Google Chrome
Google Drive
Google Earth Plug-in
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
IMinent Toolbar
InstallVC90Support
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 7
Junk Mail filter update
katevoice
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server PowerPivot for Excel (32-bit)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Natural Voice Mike16
NaturalReader10
NOOK Study
Notepad++
PaulVoice
PC Pitstop Optimize3 3.0
Pen Tablet
PlayOn
PTDD Super Fdisk 1.0
QuickTime
RealUpgrade 1.1
ScanSoft OmniPage 16
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SHRM Learning System 2007
SMI Grabber Device
Spybot - Search & Destroy
SpyHunter
System Requirements Lab for Intel
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB2.0 ATV
Virgin Mobile Broadband Modem Drivers
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VLC media player 2.0.2
VLC Setup Helper
WhiteSmoke
WhiteSmoke Translator
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinRAR archiver
Wondershare PPT2Video Pro 6.1.10
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
9/20/2012 12:43:42 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/20/2012 12:39:08 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/20/2012 12:38:09 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/20/2012 12:38:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/20/2012 12:38:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/20/2012 12:38:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/20/2012 12:37:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/20/2012 12:37:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
9/20/2012 12:37:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache spldr Wanarpv6
9/20/2012 12:34:35 AM, Error: Service Control Manager [7023] - The Internet Connection Sharing (ICS) service terminated with the following error: %%-2147467243
9/20/2012 12:34:31 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/20/2012 12:34:31 AM, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/20/2012 12:34:31 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/20/2012 12:34:31 AM, Error: Service Control Manager [7038] - The ALG service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/20/2012 12:34:31 AM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
9/20/2012 12:34:31 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
9/20/2012 12:34:31 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
9/20/2012 12:34:31 AM, Error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not start due to a logon failure.
9/20/2012 12:34:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
9/20/2012 12:34:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/20/2012 12:34:16 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
9/20/2012 12:28:58 AM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259
9/20/2012 1:21:13 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
9/20/2012 1:21:13 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.11, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/20/2012 1:20:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
9/20/2012 1:20:24 AM, Error: Service Control Manager [7000] - The Trend NT Realtime Service service failed to start due to the following error: The system cannot find the file specified.
9/20/2012 1:20:22 AM, Error: Service Control Manager [7000] - The PC-Cillin Personal Firewall service failed to start due to the following error: The system cannot find the file specified.
9/20/2012 1:19:03 AM, Error: Service Control Manager [7001] - The Tmfilter service depends on the Tmpreflt service which failed to start because of the following error: The system cannot find the file specified.
9/20/2012 1:19:03 AM, Error: Service Control Manager [7000] - The Vsapint service failed to start due to the following error: The system cannot find the file specified.
9/20/2012 1:19:03 AM, Error: Service Control Manager [7000] - The Tmpreflt service failed to start due to the following error: The system cannot find the file specified.
9/19/2012 5:46:12 AM, Error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The system cannot find the path specified.
9/19/2012 5:46:12 AM, Error: Service Control Manager [7000] - The PnP-X IP Bus Enumerator service failed to start due to the following error: The system cannot find the path specified.
9/19/2012 5:43:38 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/19/2012 12:07:59 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
9/19/2012 12:07:44 AM, Error: Ntfs [137] - The default transaction resource manager on volume \Device\HarddiskVolume6 encountered a non-retryable error and could not start. The data contains the error code.
9/19/2012 11:48:17 PM, Error: Service Control Manager [7031] - The MediaMall Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/19/2012 11:47:45 PM, Error: Service Control Manager [7031] - The MediaMall Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/19/2012 11:47:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MediaMall Server service.
9/18/2012 6:37:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MediaMall Server service to connect.
9/18/2012 5:16:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EventSystem service.
9/18/2012 5:14:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WebOptimizer service to connect.
9/18/2012 5:14:50 AM, Error: Service Control Manager [7000] - The WebOptimizer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/17/2012 6:09:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
9/17/2012 6:07:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DYMO PnP Service service to connect.
9/17/2012 6:07:20 PM, Error: Service Control Manager [7000] - The DYMO PnP Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/17/2012 6:06:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
9/17/2012 6:06:17 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/17/2012 5:08:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
9/17/2012 2:53:17 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.11. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
9/17/2012 2:22:17 AM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is AKIOLAPTOP.
9/15/2012 5:49:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
9/15/2012 5:41:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
9/14/2012 12:33:36 AM, Error: Ntfs [137] - The default transaction resource manager on volume \Device\HarddiskVolume5 encountered a non-retryable error and could not start. The data contains the error code.
9/14/2012 12:13:13 AM, Error: Ntfs [137] - The default transaction resource manager on volume \Device\HarddiskVolume7 encountered a non-retryable error and could not start. The data contains the error code.
9/13/2012 12:51:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
9/13/2012 12:28:47 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
9/13/2012 12:24:55 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/13/2012 12:24:30 AM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
9/13/2012 12:22:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
9/13/2012 12:22:38 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/13/2012 12:21:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
9/13/2012 12:21:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
9/13/2012 1:11:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WMI Performance Adapter service to connect.
9/13/2012 1:11:24 AM, Error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Installed MSE, detected all of the stuff as Sirefef, and quarantined all of the infected files. Now everything seems to have calmed down. Not saying this problem is fixed though, still might need to clean up registry and also that services.exe, I think it has still not been fixed. And of course, waiting for you, TechSpot experts, to take a look at this topic and tell me what to do next. ;) Computer is off for now, need sleep, 5:10am.
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
Thanks, instructions are very easy to follow. Here are the logs:

FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-09-2012
Ran by SYSTEM at 20-09-2012 14:05:12
Running from E:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup [85320 2012-02-08] (Authentec Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Cathyrn\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-30] (Google Inc.)
HKU\Cathyrn\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Grandpa\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-30] (Google Inc.)
HKU\Grandpa\...\Run: [Google Update] "C:\Users\Grandpa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-30] (Google Inc.)
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-30] (Google Inc.)
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll

==================== Services (Whitelisted) ===================

2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23] (Amazon.com)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [133912 2012-08-21] (AVAST Software)
2 DymoPnpService; "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe" [32336 2011-01-28] (Sanford, L.P.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [3057528 2012-09-10] (MediaMall Technologies, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NvtlService; "C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe" [87888 2010-11-02] ()
2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [91848 2012-05-16] (PC Pitstop LLC)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 WebOptimizer; C:\Windows\System32\dmwu.exe [436344 2012-08-16] ()
3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
3 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf" [x]
2 Tmntsrv; "C:\Program Files (x86)\Trend Micro\PC-cillin 2002\Tmntsrv.exe" [x]

==================== Drivers (Whitelisted) =====================

1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2x64.sys [21504 2007-10-15] ((Standard mouse types))
3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
3 AQFileRestore; C:\Windows\System32\Drivers\AQFileRestore.sys [21040 2011-12-01] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [142128 2012-08-21] (AVAST Software)
1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
0 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [12368 2012-06-27] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [266776 2012-08-21] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [301784 2012-03-07] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 moufiltr; C:\Windows\System32\Drivers\moufiltr.sys [7168 2006-12-26] (Chic)
3 MSTabBtn; C:\Windows\System32\Drivers\MSTabBtn.sys [12928 2007-03-09] (Quanta Computer Inc.)
3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-12-11] (MediaMall Technologies, Inc.)
0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
3 NWVMModem; C:\Windows\System32\DRIVERS\nwvmmdm.sys [213376 2009-05-15] (Novatel Wireless Inc.)
3 NWVMPort; C:\Windows\System32\DRIVERS\nwvmser.sys [213376 2009-05-15] (Novatel Wireless Inc.)
3 NWVMPort2; C:\Windows\System32\DRIVERS\nwvmser2.sys [213376 2009-05-15] (Novatel Wireless Inc.)
3 PGR1394b; C:\Windows\System32\DRIVERS\PGR1394.sys [88064 2008-03-14] (Point Grey Research)
3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [821888 2011-01-26] (Windows (R) Win 7 DDK provider)
3 tifm21; C:\Windows\System32\Drivers\tifm21.sys [319488 2009-10-12] (Texas Instruments)
3 VAD_DEV; C:\Windows\System32\drivers\vad.sys [24992 2010-11-18] (Windows (R) DDK provider)
3 wisdpen; C:\Windows\System32\Drivers\wisdpen.sys [36648 2007-07-30] (Wacom Technology)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
2 PCC_PFW; C:\Windows\System32\Drivers\PCC_PFW.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
2 Tmfilter; C:\Windows\System32\drivers\TmXPFlt.sys [x]
2 Tmpreflt; C:\Windows\System32\drivers\Tmpreflt.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
2 Vsapint; C:\Windows\System32\drivers\Vsapint.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-20 01:47 - 2012-09-20 01:46 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-20 01:46 - 2012-09-20 01:46 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-20 01:46 - 2012-09-20 01:46 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-20 01:46 - 2012-09-20 01:46 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-20 01:43 - 2012-09-20 01:43 - 00894952 ____A (Oracle Corporation) C:\Users\David\Downloads\jxpiinstall.exe
2012-09-20 01:39 - 2012-09-20 01:39 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\David\Downloads\tdsskiller.exe
2012-09-20 00:56 - 2012-09-20 00:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E75D464FB01C940
2012-09-20 00:48 - 2012-09-20 00:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B633D1F53FD3F586
2012-09-20 00:38 - 2012-09-20 00:39 - 00003235 ____A C:\Windows\WindowsUpdate.log
2012-09-20 00:38 - 2012-09-20 00:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-20 00:38 - 2012-09-20 00:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-20 00:38 - 2012-09-20 00:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-20 00:37 - 2012-09-20 00:37 - 12621696 ____A (Microsoft Corporation) C:\Users\David\Downloads\mseinstall.exe
2012-09-20 00:35 - 2012-09-20 00:48 - 00000000 ____D C:\Users\David\AppData\Roaming\Notepad++
2012-09-20 00:34 - 2012-09-20 00:34 - 00000000 ____D C:\Users\David\AppData\Roaming\Zeon
2012-09-19 23:41 - 2012-09-19 23:41 - 00000665 ____A C:\Users\David\Desktop\gmer.log
2012-09-19 22:43 - 2012-09-19 22:43 - 00607260 ____R (Swearware) C:\Users\David\Downloads\dds.com
2012-09-19 22:18 - 2012-09-19 22:18 - 00000904 ____A C:\Windows\PFRO.log
2012-09-19 22:12 - 2012-09-19 22:12 - 00302592 ____A C:\Users\David\Downloads\xx20b8my.exe
2012-09-19 22:04 - 2012-09-19 22:04 - 00000000 ____A C:\Users\David\Documents\test.txt
2012-09-19 22:03 - 2012-09-19 22:03 - 00000000 ____D C:\Users\David\AppData\Roaming\Malwarebytes
2012-09-19 22:02 - 2012-09-19 22:02 - 00113984 ____A C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-19 22:02 - 2012-09-19 22:02 - 00000000 ____D C:\Users\David\AppData\Roaming\Protector Suite
2012-09-19 21:58 - 2012-09-20 01:57 - 00000000 ____D C:\Users\David\AppData\Roaming\WTablet
2012-09-19 21:49 - 2012-09-19 21:50 - 00021555 ____A C:\Users\David\Downloads\FRST.txt
2012-09-19 21:47 - 2012-09-19 21:47 - 00000000 ____D C:\FRST
2012-09-19 21:46 - 2012-09-19 21:47 - 01454263 ____A (Farbar) C:\Users\David\Downloads\FRST64.exe
2012-09-19 21:42 - 2012-09-19 21:42 - 00000000 ____D C:\Users\David\AppData\Local\Macromedia
2012-09-19 21:40 - 2012-09-19 21:40 - 00000000 ____D C:\Users\David\AppData\Roaming\Mozilla
2012-09-19 21:40 - 2012-09-19 21:40 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2012-09-19 21:40 - 2012-09-19 21:40 - 00000000 ____D C:\Users\David\AppData\Local\Mozilla
2012-09-19 21:37 - 2012-09-19 22:00 - 00000000 ____D C:\users\David
2012-09-19 21:37 - 2012-09-19 21:37 - 00000020 ___SH C:\Users\David\ntuser.ini
2012-09-19 21:37 - 2012-08-03 02:24 - 00000000 ____D C:\Users\David\AppData\LocalGoogle
2012-09-19 21:37 - 2012-08-03 02:24 - 00000000 ____D C:\Users\David\AppData\Local\Google
2012-09-19 21:37 - 2012-04-11 11:22 - 00000000 ____D C:\Users\David\AppData\Local\Microsoft Help
2012-09-19 21:37 - 2011-03-31 09:33 - 00000000 ____D C:\Users\David\AppData\Roaming\Macromedia
2012-09-19 20:58 - 2012-09-19 20:58 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-19 14:35 - 2012-09-20 01:56 - 00000504 ____A C:\Windows\setupact.log
2012-09-19 14:35 - 2012-09-19 14:35 - 00000000 ____A C:\Windows\setuperr.log
2012-09-17 03:02 - 2012-09-17 03:02 - 00439667 ____A C:\Users\Grandpa\Documents\Grandpabackupfinger.VTP
2012-09-16 19:29 - 2012-09-14 20:37 - 785711408 ___RA C:\Users\Cathyrn\Desktop\The Warriors 1979 720p BRRip - zeberzee.mp4
2012-09-16 19:29 - 2012-09-14 20:26 - 00047449 ___RA C:\Users\Cathyrn\Desktop\The Warriors 1979 720p BRRip.srt
2012-09-16 15:04 - 2012-09-16 21:09 - 00000000 ____D C:\Users\Cathyrn\AppData\Roaming\vlc
2012-09-16 14:27 - 2012-09-14 20:40 - 732973306 ___RA C:\Users\Cathyrn\Desktop\The.Road.2009.720p.BrRip.264.YIFY.mp4
2012-09-16 14:08 - 2012-09-16 14:08 - 00000000 ____D C:\Users\Cathyrn\AppData\LocalGoogle
2012-09-16 02:00 - 2012-09-18 03:28 - 00000000 ____D C:\Users\Grandpa\Downloads\Person.of.Interest.S01E23.HDTV.XviD
2012-09-16 01:59 - 2012-09-18 03:29 - 00000000 ____D C:\Users\Grandpa\Downloads\Magic.City.S01
2012-09-16 01:57 - 2012-09-18 03:28 - 00000000 ____D C:\Users\Grandpa\Downloads\Perception S01E08 HDTV x264-LOL[ettv]
2012-09-14 16:00 - 2012-09-14 19:44 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2012-09-14 16:00 - 2012-09-14 16:00 - 00000000 ____D C:\Windows\System32\ARFC
2012-09-14 16:00 - 2012-08-16 03:44 - 00436344 ____A C:\Windows\System32\dmwu.exe
2012-09-14 16:00 - 2012-08-16 03:43 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2012-09-09 18:01 - 2012-09-09 18:01 - 00000000 ____D C:\Program Files\Common Files\SPBA
2012-09-09 17:57 - 2012-09-09 17:58 - 56033319 ____A C:\Users\Grandpa\Downloads\PS_WBF5.9.6.7121-64bit.zip
2012-09-08 16:49 - 2012-09-08 16:49 - 00000459 ___AH C:\Users\Grandpa\Documents\maxdesk.ini2
2012-09-08 16:47 - 2012-09-08 17:57 - 00000210 ___AH C:\Users\Grandpa\Documents\PP11Thumbs.ptn2
2012-09-08 16:46 - 2012-09-08 16:49 - 00002201 ___AH C:\Users\Grandpa\Documents\PP11Thumbs.ptn
2012-09-08 13:14 - 2012-09-19 21:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-08 13:14 - 2012-09-08 13:14 - 00000000 ____D C:\Users\Grandpa\AppData\Roaming\Malwarebytes
2012-09-08 13:14 - 2012-09-08 13:14 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-08 13:14 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-08 13:14 - 2010-11-29 14:42 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2012-09-08 08:23 - 2012-09-08 08:23 - 00001206 ____A C:\Users\Public\Desktop\SpyHunter.lnk
2012-09-08 08:23 - 2012-09-08 08:23 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2012-09-08 06:02 - 2012-09-08 16:49 - 00000000 ____D C:\Users\Grandpa\Documents\Nuance Data Collector
2012-09-06 21:13 - 2012-09-06 21:13 - 00001972 ____A C:\Users\Public\Desktop\Amazon Unbox.lnk
2012-09-06 21:12 - 2012-09-06 21:12 - 01918464 ____A C:\Amazon Unbox Video.msi
2012-09-06 21:12 - 2012-09-06 21:12 - 00006129 ____A C:\0x0409.ini
2012-09-06 20:05 - 2012-09-06 20:05 - 00000000 ____D C:\Users\Grandpa\AppData\Local\IsolatedStorage
2012-09-06 16:31 - 2012-09-06 16:31 - 00001922 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2012-09-04 19:04 - 2012-09-04 19:04 - 00000215 ____A C:\Users\Grandpa\Documents\docid=105133812&type=MonthlyStatement.log
2012-09-03 14:32 - 2012-09-03 14:33 - 00000000 ____D C:\Users\Grandpa\AppData\Local\{49224168-B5E6-4EEE-AC18-AB00E077D52D}
2012-09-03 09:59 - 2012-09-03 10:05 - 00040448 __ASH C:\Users\Grandpa\Thumbs.db
2012-09-03 09:59 - 2012-09-03 09:59 - 00000546 ____A C:\Users\Grandpa\media - Shortcut.lnk
2012-09-02 15:27 - 2012-09-08 16:49 - 00000000 ____D C:\Users\Grandpa\Documents\My PhotoShows
2012-09-02 15:25 - 2012-09-08 05:04 - 00000000 ____D C:\Program Files (x86)\Roxio 2011
2012-09-02 15:24 - 2012-09-08 04:49 - 00000000 ____D C:\Users\Public\Roxio Streamer
2012-09-02 15:21 - 2012-09-02 15:21 - 00000000 ____D C:\Users\All Users\Axentra Corporation
2012-09-02 14:05 - 2012-09-02 14:20 - 1383346176 ____A C:\Users\Grandpa\Documents\Roxio2011Content_J898AXD0SQA.exe
2012-09-02 14:04 - 2012-09-02 14:05 - 330357232 ____A C:\Users\Grandpa\Documents\Roxio2011ProDisc2_J701AXD0FUL.exe
2012-09-02 13:19 - 2012-09-08 16:49 - 00000000 ____D C:\Users\Grandpa\Documents\My Barnes & Noble eBooks
2012-09-02 12:47 - 2012-09-08 16:49 - 00000000 ____D C:\Users\Grandpa\Documents\Touchstone
2012-09-01 20:38 - 2012-09-01 20:38 - 00001156 ____A C:\Users\Grandpa\Desktop\Freez Screen Video Capture.lnk
2012-09-01 14:56 - 2012-09-01 14:56 - 00013525 ____A C:\Users\Grandpa\Desktop\uTorrent - Shortcut.lnk
2012-08-30 23:03 - 2012-08-30 23:03 - 00000000 ____D C:\Users\Grandpa\Documents\My Outlook Files
2012-08-27 20:30 - 2012-08-27 20:30 - 00000314 ____A C:\Users\Grandpa\Documents\texas rebellion.log
2012-08-27 08:53 - 2012-08-27 08:53 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Brother
2012-08-27 08:51 - 2012-08-27 08:51 - 00000000 ____D C:\Users\Guest\AppData\LocalGoogle
2012-08-22 22:27 - 2012-08-22 22:27 - 00000000 ____D C:\Users\Grandpa\AppData\Local\Avanquest_Software
2012-08-22 21:50 - 2011-12-01 09:52 - 00021040 ____N C:\Windows\System32\Drivers\AQFileRestore.sys
2012-08-22 21:46 - 2012-08-22 21:46 - 00000000 ____D C:\Users\Public\Documents\BVRP Software
2012-08-21 00:38 - 2012-08-21 00:38 - 00000000 ___SD C:\Users\Grandpa\Documents\My Data Sources
2012-08-21 00:26 - 2012-08-21 00:26 - 00007245 ____A C:\Users\Grandpa\Documents\Alpha Sort.txt


==================== 3 Months Modified Files ==================

2012-09-20 01:59 - 2012-04-28 00:45 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2012-09-20 01:58 - 2012-02-01 09:01 - 00000440 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-09-20 01:57 - 2010-12-30 05:29 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-20 01:56 - 2012-09-19 14:35 - 00000504 ____A C:\Windows\setupact.log
2012-09-20 01:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-20 01:46 - 2012-09-20 01:47 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-20 01:46 - 2012-09-20 01:47 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-20 01:46 - 2012-09-20 01:46 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-20 01:46 - 2012-09-20 01:46 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-20 01:46 - 2012-09-20 01:46 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-20 01:46 - 2011-08-29 16:43 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-20 01:43 - 2012-09-20 01:43 - 00894952 ____A (Oracle Corporation) C:\Users\David\Downloads\jxpiinstall.exe
2012-09-20 01:39 - 2012-09-20 01:39 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\David\Downloads\tdsskiller.exe
2012-09-20 01:29 - 2010-12-30 05:29 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-20 01:28 - 2011-02-08 12:39 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3148581682-600929351-1850680926-1000UA.job
2012-09-20 01:16 - 2012-04-01 16:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-20 01:12 - 2009-07-13 20:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-20 01:12 - 2009-07-13 20:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-20 00:59 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-09-20 00:56 - 2012-09-20 00:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E75D464FB01C940
2012-09-20 00:48 - 2012-09-20 00:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B633D1F53FD3F586
2012-09-20 00:39 - 2012-09-20 00:38 - 00003235 ____A C:\Windows\WindowsUpdate.log
2012-09-20 00:38 - 2012-09-20 00:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-20 00:37 - 2012-09-20 00:37 - 12621696 ____A (Microsoft Corporation) C:\Users\David\Downloads\mseinstall.exe
2012-09-20 00:00 - 2011-04-28 12:48 - 00000530 ____A C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
2012-09-19 23:41 - 2012-09-19 23:41 - 00000665 ____A C:\Users\David\Desktop\gmer.log
2012-09-19 22:43 - 2012-09-19 22:43 - 00607260 ____R (Swearware) C:\Users\David\Downloads\dds.com
2012-09-19 22:18 - 2012-09-19 22:18 - 00000904 ____A C:\Windows\PFRO.log
2012-09-19 22:12 - 2012-09-19 22:12 - 00302592 ____A C:\Users\David\Downloads\xx20b8my.exe
2012-09-19 22:04 - 2012-09-19 22:04 - 00000000 ____A C:\Users\David\Documents\test.txt
2012-09-19 22:02 - 2012-09-19 22:02 - 00113984 ____A C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-19 21:50 - 2012-09-19 21:49 - 00021555 ____A C:\Users\David\Downloads\FRST.txt
2012-09-19 21:47 - 2012-09-19 21:46 - 01454263 ____A (Farbar) C:\Users\David\Downloads\FRST64.exe
2012-09-19 21:37 - 2012-09-19 21:37 - 00000020 ___SH C:\Users\David\ntuser.ini
2012-09-19 20:58 - 2012-09-19 20:58 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-19 20:28 - 2011-02-08 12:39 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3148581682-600929351-1850680926-1000Core.job
2012-09-19 14:35 - 2012-09-19 14:35 - 00000000 ____A C:\Windows\setuperr.log
2012-09-19 06:00 - 2011-04-28 12:47 - 00000422 ____A C:\Windows\Tasks\NatSpeak Periodic Data Collection.job
2012-09-17 03:02 - 2012-09-17 03:02 - 00439667 ____A C:\Users\Grandpa\Documents\Grandpabackupfinger.VTP
2012-09-17 03:01 - 2011-01-02 11:18 - 00439667 ____A C:\Users\Grandpa\AppData\Local\backup.vtp
2012-09-16 23:01 - 2011-04-28 12:48 - 00000506 ____A C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
2012-09-16 14:19 - 2011-05-20 16:58 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-16 14:08 - 2011-02-05 21:33 - 00113984 ____A C:\Users\Cathyrn\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-14 20:40 - 2012-09-16 14:27 - 732973306 ___RA C:\Users\Cathyrn\Desktop\The.Road.2009.720p.BrRip.264.YIFY.mp4
2012-09-14 20:37 - 2012-09-16 19:29 - 785711408 ___RA C:\Users\Cathyrn\Desktop\The Warriors 1979 720p BRRip - zeberzee.mp4
2012-09-14 20:26 - 2012-09-16 19:29 - 00047449 ___RA C:\Users\Cathyrn\Desktop\The Warriors 1979 720p BRRip.srt
2012-09-11 01:14 - 2012-05-05 22:10 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-09-09 17:58 - 2012-09-09 17:57 - 56033319 ____A C:\Users\Grandpa\Downloads\PS_WBF5.9.6.7121-64bit.zip
2012-09-08 17:57 - 2012-09-08 16:47 - 00000210 ___AH C:\Users\Grandpa\Documents\PP11Thumbs.ptn2
2012-09-08 16:49 - 2012-09-08 16:49 - 00000459 ___AH C:\Users\Grandpa\Documents\maxdesk.ini2
2012-09-08 16:49 - 2012-09-08 16:46 - 00002201 ___AH C:\Users\Grandpa\Documents\PP11Thumbs.ptn
2012-09-08 08:23 - 2012-09-08 08:23 - 00001206 ____A C:\Users\Public\Desktop\SpyHunter.lnk
2012-09-08 05:57 - 2009-07-13 20:45 - 00432376 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-08 05:08 - 2010-12-30 04:50 - 00113984 ____A C:\Users\Grandpa\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-07 14:04 - 2012-09-08 13:14 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 21:13 - 2012-09-06 21:13 - 00001972 ____A C:\Users\Public\Desktop\Amazon Unbox.lnk
2012-09-06 21:12 - 2012-09-06 21:12 - 01918464 ____A C:\Amazon Unbox Video.msi
2012-09-06 21:12 - 2012-09-06 21:12 - 00006129 ____A C:\0x0409.ini
2012-09-06 16:31 - 2012-09-06 16:31 - 00001922 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2012-09-04 19:04 - 2012-09-04 19:04 - 00000215 ____A C:\Users\Grandpa\Documents\docid=105133812&type=MonthlyStatement.log
2012-09-03 10:05 - 2012-09-03 09:59 - 00040448 __ASH C:\Users\Grandpa\Thumbs.db
2012-09-03 09:59 - 2012-09-03 09:59 - 00000546 ____A C:\Users\Grandpa\media - Shortcut.lnk
2012-09-02 20:17 - 2011-10-31 22:54 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-09-02 20:17 - 2011-10-31 22:54 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-09-02 20:17 - 2011-10-31 22:54 - 00272896 ____N (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-09-02 20:17 - 2011-10-31 22:54 - 00198864 ____N (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-09-02 20:17 - 2011-10-31 22:54 - 00006656 ____N (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-09-02 20:17 - 2011-10-31 22:54 - 00005632 ____N (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-09-02 19:18 - 2012-04-01 15:59 - 00696520 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-02 19:18 - 2011-05-18 08:14 - 00073416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-02 14:20 - 2012-09-02 14:05 - 1383346176 ____A C:\Users\Grandpa\Documents\Roxio2011Content_J898AXD0SQA.exe
2012-09-02 14:05 - 2012-09-02 14:04 - 330357232 ____A C:\Users\Grandpa\Documents\Roxio2011ProDisc2_J701AXD0FUL.exe
2012-09-02 11:24 - 2012-05-05 14:57 - 00113984 ____N C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-01 20:38 - 2012-09-01 20:38 - 00001156 ____A C:\Users\Grandpa\Desktop\Freez Screen Video Capture.lnk
2012-09-01 14:56 - 2012-09-01 14:56 - 00013525 ____A C:\Users\Grandpa\Desktop\uTorrent - Shortcut.lnk
2012-08-27 20:30 - 2012-08-27 20:30 - 00000314 ____A C:\Users\Grandpa\Documents\texas rebellion.log
2012-08-27 08:52 - 2011-03-06 19:44 - 00113984 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-21 15:42 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-21 01:13 - 2012-07-13 20:24 - 00266776 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2012-08-21 01:13 - 2012-07-13 20:24 - 00142128 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2012-08-21 01:13 - 2012-07-13 20:24 - 00019600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2012-08-21 01:13 - 2012-07-13 20:12 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-21 01:13 - 2012-07-13 20:12 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-21 01:13 - 2012-07-13 20:12 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 01:13 - 2012-07-13 20:12 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-21 01:13 - 2012-07-13 20:12 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-21 01:13 - 2012-07-13 20:12 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-21 01:12 - 2012-07-13 20:12 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-21 01:12 - 2012-07-13 20:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-21 01:12 - 2011-05-20 16:58 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-21 00:26 - 2012-08-21 00:26 - 00007245 ____A C:\Users\Grandpa\Documents\Alpha Sort.txt
2012-08-16 03:44 - 2012-09-14 16:00 - 00436344 ____A C:\Windows\System32\dmwu.exe
2012-08-16 03:43 - 2012-09-14 16:00 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2012-08-15 04:18 - 2011-05-25 20:26 - 00007615 ____A C:\Users\Grandpa\AppData\Local\Resmon.ResmonCfg
2012-08-14 19:11 - 2012-08-14 18:32 - 00001925 ____A C:\Users\Guest\Desktop\Audible Manager.lnk
2012-08-14 19:11 - 2012-08-14 18:32 - 00001925 ____A C:\Users\Cathyrn\Desktop\Audible Manager.lnk
2012-08-14 18:14 - 2012-08-14 18:14 - 00255352 ____N (Audible, Inc.) C:\Windows\SysWOW64\awrdscdc.ax
2012-08-03 02:14 - 2011-01-04 16:56 - 00000034 ____N C:\Windows\SysWOW64\BD7340.DAT
2012-07-22 15:56 - 2012-07-22 15:56 - 00016384 __ASH C:\Users\Grandpa\Downloads\Thumbs.db
2012-07-22 15:54 - 2011-01-08 20:57 - 00000358 _RASH C:\Users\All Users\ntuser.pol
2012-07-15 21:04 - 2010-12-29 21:44 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-15 21:03 - 2010-12-30 23:11 - 00000039 ____A C:\Windows\vbaddin.ini
2012-07-14 09:33 - 2012-07-14 09:33 - 00041257 ____A C:\ComboFix.txt
2012-07-14 09:20 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-14 09:07 - 2009-07-13 18:34 - 24903680 ____A C:\Windows\System32\config\SYSTEM.bak
2012-07-14 09:07 - 2009-07-13 18:34 - 102760448 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-07-14 09:07 - 2009-07-13 18:34 - 05505024 ____A C:\Windows\System32\config\DEFAULT.bak
2012-07-14 09:07 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-07-14 09:07 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-07-14 05:53 - 2012-07-14 05:53 - 00000524 ____A C:\Windows\wininit.ini
2012-07-09 23:14 - 2010-03-18 06:36 - 00829264 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2012-07-09 23:14 - 2010-03-18 06:36 - 00608080 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
2012-07-08 19:39 - 2012-07-08 19:39 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-07 22:02 - 2012-07-07 21:46 - 00000782 ____N C:\Windows\SysWOW64\shares.txt
2012-07-07 21:47 - 2012-07-07 21:47 - 00000782 ____A C:\Users\Grandpa\shares.txt
2012-07-04 16:19 - 2012-07-04 16:19 - 00000000 ___AH C:\Users\Grandpa\Documents\Default.rdp
2012-06-27 12:33 - 2012-07-13 20:24 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys


ZeroAccess:
C:\Windows\Installer\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}
C:\Windows\Installer\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\L
C:\Windows\Installer\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\U

ZeroAccess:
C:\Users\Grandpa\AppData\Local\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}
C:\Users\Grandpa\AppData\Local\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\@
C:\Users\Grandpa\AppData\Local\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\L
C:\Users\Grandpa\AppData\Local\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-19 06:46:37
Restore point made on: 2012-09-20 01:45:45

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4094.43 MB
Available physical RAM: 3416.21 MB
Total Pagefile: 4092.58 MB
Available Pagefile: 3424.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:227.68 GB) NTFS
2 Drive e: () (Removable) (Total:7.52 GB) (Free:6.83 GB) FAT32
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
4 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7702 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7702 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-09-19 06:37

==================== End Of Log =============================​
Search.txt:
Farbar Recovery Scan Tool (x64) Version: 19-09-2012
Ran by SYSTEM at 2012-09-20 14:07:37
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-09-20 00:59] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======​
 
FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}
C:\Users\Grandpa\AppData\Local\{9e655f96-09b0-d241-755f-1bc9cdfd1fcf}
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Hi! Are you still with us?

Update us on the status of your computer, we'd still like to help.

Topic marked inactive.
 
Hi! This is the last check-in for you. Please update us on your situation here. We'd love to help!
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back