Jump to content

Trojan.dropper.BCMiner


Recommended Posts

I see that several others have had the same issue with this. It also said that instructions were for specific computers, so I will start my own.

I have had this issue for a while now. I purchased the full version of MB in hopes that it would help.... it has not. I can't get rid of this thing. It is always accompanied by 2 other issues, One is a file and the other a memory process, both svchost.

I am not big on reformatting etc, not even sure I have a disk anymore. I am running Win 7 64bit.

All help and suggestions are appreciated.

Thanks,

Morisk

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Owner at 11:29:25 on 2012-07-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.6901 [GMT -4:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://mail.hortech.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,

BHO: {0FF1C4C3-343F-49B0-B613-557EFD390574} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"

mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-explorer: HideSCAHealth = 1 (0x1)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: mswsock.dll

Trusted Zone: $talisma_url$

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{8EE4E723-D9AA-4617-9744-B7141FED3950} : DhcpNameServer = 192.168.1.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {0FF1C4C3-343F-49B0-B613-557EFD390574} - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

BHO-X64: Panda Security Toolbar - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"

mRun-x64: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]

R1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-22 44808]

R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]

R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-5-6 1047336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 655944]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-7-24 517632]

R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-4-28 140608]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-23 2253120]

R2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]

R2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]

R2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]

R2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]

R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys --> C:\Windows\system32\drivers\hcw18bda.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-26 136176]

S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-5-6 1047336]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-22 1153368]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 250056]

S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-26 136176]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-07-21 00:56:37 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-07-20 14:51:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-20 14:51:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

.

============= FINISH: 11:31:59.61 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/15/2011 2:25:20 PM

System Uptime: 7/22/2012 10:10:21 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | CG5290

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 679.481 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Android Phone

Device ID: USB\VID_0BB4&PID_0CBA&MI_01\6&58649D0&0&0001

Manufacturer:

Name: Android Phone

PNP Device ID: USB\VID_0BB4&PID_0CBA&MI_01\6&58649D0&0&0001

Service:

.

==== System Restore Points ===================

.

RP181: 7/8/2012 - Scheduled Checkpoint

RP182: 7/15/2012 12:00:05 AM - Scheduled Checkpoint

RP183: 7/21/2012 5:24:09 PM - Windows Live Essentials

RP184: 7/22/2012 9:30:58 AM - avast! Free Antivirus Setup

RP185: 7/22/2012 9:32:05 AM - avast! Free Antivirus Setup

RP186: 7/22/2012 9:57:44 AM - avast! Free Antivirus Setup

RP187: 7/22/2012 10:02:29 AM - Windows Live Essentials

RP188: 7/22/2012 10:03:03 AM - Installed DirectX

RP189: 7/22/2012 10:03:21 AM - Installed DirectX

RP190: 7/22/2012 10:04:05 AM - WLSetup

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.5

Amazon MP3 Downloader 1.0.12

Apple Application Support

Apple Software Update

avast! Free Antivirus

Bing Desktop

Curse Client

D3DX10

Dropbox

eReg

Facebook Photo Uploader

Facebook Video Calling 1.2.0.159

Google Chrome

Google Earth

Google Update Helper

HP Officejet Pro 8500 A910 Help

HP Update

Hulu Desktop

I.R.I.S. OCR

Internet TV for Windows Media Center

iolo technologies' System Mechanic

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

K-Lite Codec Pack 7.0.0 (Standard)

LeapFrog Connect

LeapFrog LeapPad Explorer Plugin

LeapFrog Tag Plugin

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Mumble 1.2.3

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

Octoshape add-in for Adobe Flash Player

Panda Cloud Antivirus

Panda Security Toolbar

Panda Security URL Filtering

Picasa 3

QuickTime

Remote Control USB Driver

Rootkit Unhooker Uninstall

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Spotify

Spybot - Search & Destroy

TERA

Toolbar Cleaner 1.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Center Add-in for Silverlight

World of Warcraft

World of Warcraft Beta

.

==== Event Viewer Messages From Past Week ========

.

7/22/2012 9:13:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Portable Device Enumerator Service service, but this action failed with the following error: An instance of the service is already running.

7/22/2012 9:13:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Human Interface Device Access service, but this action failed with the following error: An instance of the service is already running.

7/22/2012 9:12:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: Circular service dependency was specified.

7/22/2012 9:12:45 AM, Error: Service Control Manager [7019] - The Windows Audio Endpoint Builder service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.

7/22/2012 9:12:45 AM, Error: Service Control Manager [7017] - Detected circular dependencies demand starting Windows Audio Endpoint Builder. Check the service dependency tree.

7/22/2012 9:12:33 AM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

7/22/2012 9:12:29 AM, Error: Service Control Manager [7034] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 5 time(s).

7/22/2012 9:12:29 AM, Error: Service Control Manager [7001] - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The pipe has been ended.

7/22/2012 9:12:29 AM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The operation completed successfully.

7/22/2012 9:12:29 AM, Error: Service Control Manager [7000] - The Remote Procedure Call (RPC) service failed to start due to the following error: The pipe has been ended.

7/22/2012 9:12:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DHCP Client service to connect.

7/22/2012 9:12:22 AM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:12:21 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

7/22/2012 9:12:15 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

7/22/2012 9:12:15 AM, Error: Service Control Manager [7024] - The Remote Procedure Call (RPC) service terminated with service-specific error Access is denied..

7/22/2012 9:12:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Connections service to connect.

7/22/2012 9:12:15 AM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:12:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DNS Client service to connect.

7/22/2012 9:12:10 AM, Error: Service Control Manager [7000] - The DNS Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:12:07 AM, Error: Service Control Manager [7034] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 4 time(s).

7/22/2012 9:12:07 AM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

7/22/2012 9:11:53 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:11:45 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:11:45 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:11:45 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:11:45 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:11:45 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:11:45 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

7/22/2012 9:11:45 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:11:45 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:11:45 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:11:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.

7/22/2012 9:11:44 AM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:30 AM, Error: Service Control Manager [7034] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 3 time(s).

7/22/2012 9:11:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Update service to connect.

7/22/2012 9:11:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.

7/22/2012 9:11:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Shell Hardware Detection service to connect.

7/22/2012 9:11:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.

7/22/2012 9:11:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Experience service to connect.

7/22/2012 9:11:29 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:29 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:29 AM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:29 AM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:29 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect.

7/22/2012 9:11:28 AM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Policy Service service to connect.

7/22/2012 9:11:27 AM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.

7/22/2012 9:11:22 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:22 AM, Error: Service Control Manager [7000] - The Plug and Play service failed to start due to the following error: The pipe has been ended.

7/22/2012 9:11:22 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:20 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error: An instance of the service is already running.

7/22/2012 9:11:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cryptographic Services service to connect.

7/22/2012 9:11:17 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:17 AM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Remote Desktop Services service to connect.

7/22/2012 9:11:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DCOM Server Process Launcher service to connect.

7/22/2012 9:11:16 AM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:16 AM, Error: Service Control Manager [7000] - The DCOM Server Process Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:11:07 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 9:10:49 AM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:10:28 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:22 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:22 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:22 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

7/22/2012 9:10:22 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:10:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.

7/22/2012 9:10:22 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:10:10 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:10 AM, Error: Service Control Manager [7031] - The Remote Desktop Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:10 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

7/22/2012 9:10:10 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:10:10 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:10:10 AM, Error: Service Control Manager [7024] - The Remote Procedure Call (RPC) service terminated with service-specific error The type universal unique identifier (UUID) has already been registered..

7/22/2012 9:10:10 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.

7/22/2012 9:09:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.

7/22/2012 9:09:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.

7/22/2012 9:09:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.

7/22/2012 9:09:56 AM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

7/22/2012 9:09:56 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

7/22/2012 9:09:50 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/22/2012 9:09:46 AM, Error: Service Control Manager [7001] - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.

7/22/2012 9:09:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WinHTTP Web Proxy Auto-Discovery Service service to connect.

7/22/2012 9:09:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network List Service service to connect.

7/22/2012 9:09:45 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:09:45 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:09:43 AM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 9:09:43 AM, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

7/22/2012 9:09:43 AM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:09:43 AM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

7/22/2012 9:09:43 AM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

7/22/2012 9:09:27 AM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:09:20 AM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/22/2012 9:09:15 AM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 9:04:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

7/22/2012 9:04:10 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/22/2012 9:04:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/22/2012 9:04:01 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

7/22/2012 9:04:01 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

7/22/2012 12:41:21 AM, Error: Service Control Manager [7001] - The Windows Driver Foundation - User-mode Driver Framework service depends on the Plug and Play service which failed to start because of the following error: A system shutdown is in progress.

7/22/2012 12:41:21 AM, Error: Service Control Manager [7000] - The Plug and Play service failed to start due to the following error: A system shutdown is in progress.

7/22/2012 12:41:21 AM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.

7/22/2012 12:41:21 AM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: A system shutdown is in progress.

7/22/2012 12:41:21 AM, Error: Service Control Manager [7000] - The Desktop Window Manager Session Manager service failed to start due to the following error: A system shutdown is in progress.

7/22/2012 12:39:21 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 11:26:20 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {88F5E7B2-09B9-471E-895A-25247585905C} and APPID Unavailable to the user Owner-PC\UpdatusUser SID (S-1-5-21-2064912402-3754680767-1499082353-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/22/2012 11:21:19 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

7/22/2012 11:21:19 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

7/22/2012 11:16:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv

7/22/2012 11:15:55 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

7/22/2012 11:15:55 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/22/2012 11:15:51 AM, Error: Service Control Manager [7000] - The iolo FileInfoList Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

7/22/2012 11:15:45 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/22/2012 11:15:38 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/21/2012 5:27:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

7/21/2012 2:06:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

7/19/2012 11:00:12 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

7/19/2012 10:41:05 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

.

==== End Of File ===========================

Link to post
Share on other sites

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 07/22/2012 11:40:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 10 ¤¤¤

[Rans.Gendarm] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\iolo\iolo\yvfpemrj.dll",DllRegisterServer) -> FOUND

[Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\iolo\iolo\yvfpemrj.dll",DllRegisterServer) -> FOUND

[Rans.Gendarm] HKUS\S-1-5-21-2064912402-3754680767-1499082353-1003[...]\Run : Update (rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\iolo\iolo\yvfpemrj.dll",DllRegisterServer) -> FOUND

[sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++

--- User ---

[MBR] caa0e4f9b86e472ab2695c4a79329e44

[bSP] 81010de7eee2a39357903369d8d12b73 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 22-07-2012 12:07:22

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)

HKLM-x32\...\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [217256 2012-03-19] (Panda Security)

HKLM-x32\...\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar [439616 2011-04-28] (Panda Security, S.L.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)

HKU\Owner\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKU\Owner\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-23] (Apple Inc.)

HKU\Owner\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\UpdatusUser\...\Run: [update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\iolo\iolo\yvfpemrj.dll",DllRegisterServer [x]

HKLM-x32\...\Winlogon: [userinit] c:\windows\syswow64\userinit.exe, [x]

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)

2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)

2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [6684304 2012-03-16] (Carbonite, Inc. (www.carbonite.com))

2 ioloFileInfoList; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1047336 2012-04-17] (iolo technologies, LLC)

2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1047336 2012-04-17] (iolo technologies, LLC)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2011-06-30] (Alcatel-Lucent)

2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140608 2011-04-28] (Panda Security, S.L.)

2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

========================== Drivers (Whitelisted) =============

3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [475136 2009-06-05] (Analog Devices, Inc.)

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)

1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)

3 FlyUsb; C:\Windows\System32\Drivers\FlyUsb.sys [24576 2008-04-01] (LeapFrog)

3 hcw18bda; C:\Windows\System32\Drivers\hcw18bda.sys [509056 2009-05-28] (Hauppauge Computer Works, Inc)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()

2 PSINAflt; C:\Windows\System32\Drivers\PSINAflt.sys [161032 2012-01-05] (Panda Security, S.L.)

2 PSINFile; C:\Windows\System32\Drivers\PSINFile.sys [114760 2011-04-28] (Panda Security, S.L.)

1 PSINKNC; C:\Windows\System32\Drivers\PSINKNC.sys [149768 2011-11-23] (Panda Security, S.L.)

2 PSINProc; C:\Windows\System32\Drivers\PSINProc.sys [121928 2011-04-28] (Panda Security, S.L.)

2 PSINProt; C:\Windows\System32\Drivers\PSINProt.sys [128264 2011-11-30] (Panda Security, S.L.)

3 rkhdrv40; C:\Windows\SysWow64\Drivers\rkhdrv40.sys [24448 2012-03-28] ()

3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [x]

3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]

3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [x]

3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-22 12:07 - 2012-07-22 12:07 - 00000000 ____D C:\FRST

2012-07-22 07:57 - 2012-07-22 07:57 - 01437781 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe

2012-07-22 07:40 - 2012-07-22 07:40 - 01552384 ____A C:\Users\Owner\Downloads\RogueKiller.exe

2012-07-22 07:40 - 2012-07-22 07:40 - 00003181 ____A C:\Users\Owner\Desktop\RKreport[1].txt

2012-07-22 07:40 - 2012-07-22 07:40 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine

2012-07-22 07:35 - 2012-07-22 07:35 - 00033234 ____A C:\Users\Owner\Desktop\Attach.txt

2012-07-22 07:35 - 2012-07-22 07:35 - 00016255 ____A C:\Users\Owner\Desktop\DDS.txt

2012-07-22 07:29 - 2012-07-22 07:29 - 00000000 ____D C:\avast! sandbox

2012-07-22 07:28 - 2012-07-22 07:28 - 00607260 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr

2012-07-22 06:06 - 2012-07-22 06:06 - 00000000 ____D C:\Windows\en

2012-07-22 06:04 - 2012-07-22 06:04 - 00000000 ____D C:\Program Files\Windows Live

2012-07-22 06:03 - 2012-07-22 06:03 - 00000380 ____A C:\Windows\DirectX.log

2012-07-22 06:01 - 2012-07-22 06:01 - 00000000 ____D C:\Users\Owner\AppData\Local\{5FBBC42B-C96B-49A1-84F6-9054E9A4FF89}

2012-07-22 06:00 - 2012-07-22 06:01 - 00000000 ____D C:\Users\Owner\AppData\Local\{48839BB2-B6E6-4C29-BEB6-FD5062DDA27B}

2012-07-22 06:00 - 2012-07-22 06:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{D98C2AB7-D16F-4064-B8F9-DECC7A3E6201}

2012-07-22 06:00 - 2012-07-22 06:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{509F6C97-D93A-40EC-93FD-0444AA4396D3}

2012-07-22 06:00 - 2012-07-22 06:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{23BC7DB4-9E7C-481A-913F-757E7D46E826}

2012-07-22 05:59 - 2012-07-22 07:22 - 00002091 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-07-22 05:59 - 2012-07-22 06:00 - 00000000 ____D C:\Users\Owner\AppData\Local\{7C18DAFB-3603-4A0E-B9D6-3CF8C8046D3E}

2012-07-22 05:59 - 2012-07-22 05:59 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-07-22 05:59 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-07-22 05:59 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-07-22 05:59 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-07-22 05:59 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-07-22 05:59 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-07-22 05:59 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-07-22 05:59 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-07-22 05:58 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-07-22 05:58 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-07-22 05:50 - 2011-12-22 12:11 - 00000833 ____A C:\Windows\System32\Drivers\etc\hosts.20120722-095005.backup

2012-07-22 05:31 - 2012-07-22 05:57 - 00000000 ____D C:\Users\All Users\AVAST Software

2012-07-22 05:31 - 2012-07-22 05:57 - 00000000 ____D C:\Program Files\AVAST Software

2012-07-22 05:30 - 2012-07-22 05:57 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy

2012-07-22 05:30 - 2012-07-22 05:36 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2012-07-22 05:30 - 2012-07-22 05:30 - 00001262 ____A C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk

2012-07-22 05:27 - 2012-07-22 05:29 - 89340632 ____A C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe

2012-07-22 05:27 - 2012-07-22 05:27 - 16409960 ____A (Safer Networking Limited ) C:\Users\Owner\Downloads\spybotsd162.exe

2012-07-22 05:03 - 2012-07-22 07:15 - 00000168 ____A C:\Windows\setupact.log

2012-07-22 05:03 - 2012-07-22 05:03 - 00000712 ____A C:\Windows\PFRO.log

2012-07-22 05:03 - 2012-07-22 05:03 - 00000000 ____A C:\Windows\setuperr.log

2012-07-21 22:04 - 2012-07-21 22:04 - 03889704 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup320.exe

2012-07-21 20:19 - 2012-07-21 20:19 - 00000000 ____D C:\Windows\Hewlett-Packard

2012-07-21 10:51 - 2012-07-21 10:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{AA546CA1-9F58-43B8-866E-B1BD2E877BB3}

2012-07-21 10:38 - 2012-07-21 10:46 - 00000000 ____D C:\Users\Owner\My Movies

2012-07-21 10:35 - 2012-07-21 10:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HandBrake

2012-07-21 10:19 - 2012-07-21 10:19 - 07210075 ____A C:\Users\Owner\Downloads\HandBrake-0.9.8-x86_64-Win_GUI.exe

2012-07-20 20:44 - 2012-07-20 20:44 - 00016600 ____A C:\Users\Owner\Documents\cc_20120721_004442.reg

2012-07-20 20:39 - 2012-07-20 20:39 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-20 20:39 - 2012-07-20 20:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-20 20:39 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-20 20:38 - 2012-07-20 20:38 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.62.0.1300.exe

2012-07-20 16:56 - 2012-07-20 16:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Logishrd

2012-07-20 16:55 - 2012-07-20 16:55 - 00000000 ____D C:\Program Files\Logitech

2012-07-20 13:39 - 2012-07-20 13:39 - 00000000 ____D C:\Users\Owner\AppData\Local\Macromedia

2012-07-19 19:32 - 2012-07-19 19:32 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-06-30 06:51 - 2012-07-07 08:37 - 00000804 ____A C:\Windows\Tasks\hpwebreg_CN14LBK29F.job

2012-06-30 06:25 - 2012-07-21 20:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate

2012-06-30 06:25 - 2012-06-30 06:25 - 00002224 ____A C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk

2012-06-30 06:25 - 2012-06-30 06:25 - 00001896 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk

2012-06-30 06:25 - 2012-06-30 06:25 - 00001224 ____A C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk

2012-06-30 06:25 - 2012-06-30 06:25 - 00001187 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8500 A910.lnk

2012-06-30 06:25 - 2010-11-16 17:24 - 00750440 ____N (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPM5312.dll

2012-06-30 06:24 - 2012-06-30 06:52 - 00000000 ____D C:\Users\Owner\AppData\Local\HP

2012-06-30 06:23 - 2012-06-30 06:23 - 01450884 ____A C:\Users\Owner\Downloads\HP_Officejet_Pro_8500_A910g_productname_patch.exe

2012-06-30 06:22 - 2012-06-30 06:23 - 37106248 ____A (Hewlett-Packard Company / Igor Pavlov) C:\Users\Owner\Downloads\HPPV-3_0_0-x64.exe

2012-06-30 06:11 - 2012-06-30 06:13 - 122098432 ____A C:\Users\Owner\Downloads\OJ8500_A910_231.exe

2012-06-24 09:24 - 2012-06-24 09:24 - 00000318 ____A C:\Users\Owner\Desktop\Curse Client.appref-ms

2012-06-24 09:19 - 2012-06-24 09:19 - 00000000 ____D C:\Users\Owner\Documents\My Curse

2012-06-22 09:07 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-22 09:07 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-22 09:07 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-22 09:07 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-22 09:07 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-22 09:07 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-22 09:07 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-22 09:06 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-22 09:06 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-22 08:02 - 2012-03-24 12:24 - 01336566 ____A C:\Windows\WindowsUpdate.log

2012-07-22 07:58 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-22 07:57 - 2012-07-22 07:57 - 01437781 ____A (Farbar) C:\Users\Owner\Downloads\FRST64.exe

2012-07-22 07:52 - 2012-01-26 16:32 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-22 07:51 - 2012-04-08 06:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-22 07:40 - 2012-07-22 07:40 - 01552384 ____A C:\Users\Owner\Downloads\RogueKiller.exe

2012-07-22 07:40 - 2012-07-22 07:40 - 00003181 ____A C:\Users\Owner\Desktop\RKreport[1].txt

2012-07-22 07:35 - 2012-07-22 07:35 - 00033234 ____A C:\Users\Owner\Desktop\Attach.txt

2012-07-22 07:35 - 2012-07-22 07:35 - 00016255 ____A C:\Users\Owner\Desktop\DDS.txt

2012-07-22 07:28 - 2012-07-22 07:28 - 00607260 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr

2012-07-22 07:23 - 2009-07-13 20:45 - 00015024 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-22 07:23 - 2009-07-13 20:45 - 00015024 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-22 07:22 - 2012-07-22 05:59 - 00002091 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-07-22 07:22 - 2011-01-15 11:43 - 00000991 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-22 07:21 - 2012-01-26 16:32 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-22 07:16 - 2011-01-19 09:31 - 00026934 ____A C:\Windows\SysWOW64\temp.txt

2012-07-22 07:15 - 2012-07-22 05:03 - 00000168 ____A C:\Windows\setupact.log

2012-07-22 07:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-22 06:03 - 2012-07-22 06:03 - 00000380 ____A C:\Windows\DirectX.log

2012-07-22 05:59 - 2012-07-22 05:59 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-07-22 05:30 - 2012-07-22 05:30 - 00001262 ____A C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk

2012-07-22 05:29 - 2012-07-22 05:27 - 89340632 ____A C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe

2012-07-22 05:27 - 2012-07-22 05:27 - 16409960 ____A (Safer Networking Limited ) C:\Users\Owner\Downloads\spybotsd162.exe

2012-07-22 05:10 - 2009-07-13 21:08 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-22 05:03 - 2012-07-22 05:03 - 00000712 ____A C:\Windows\PFRO.log

2012-07-22 05:03 - 2012-07-22 05:03 - 00000000 ____A C:\Windows\setuperr.log

2012-07-22 03:31 - 2011-07-11 07:54 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2064912402-3754680767-1499082353-1000UA.job

2012-07-21 22:04 - 2012-07-21 22:04 - 03889704 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup320.exe

2012-07-21 20:40 - 2011-01-17 06:33 - 00007605 ____A C:\Users\Owner\AppData\Local\resmon.resmoncfg

2012-07-21 15:31 - 2011-07-11 07:54 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2064912402-3754680767-1499082353-1000Core.job

2012-07-21 10:19 - 2012-07-21 10:19 - 07210075 ____A C:\Users\Owner\Downloads\HandBrake-0.9.8-x86_64-Win_GUI.exe

2012-07-20 20:44 - 2012-07-20 20:44 - 00016600 ____A C:\Users\Owner\Documents\cc_20120721_004442.reg

2012-07-20 20:39 - 2012-07-20 20:39 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-20 20:38 - 2012-07-20 20:38 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.62.0.1300.exe

2012-07-20 16:56 - 2011-09-30 18:14 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys

2012-07-20 06:51 - 2012-04-08 06:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-20 06:51 - 2011-08-18 12:22 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-12 11:53 - 2012-05-06 14:05 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-07-07 08:37 - 2012-06-30 06:51 - 00000804 ____A C:\Windows\Tasks\hpwebreg_CN14LBK29F.job

2012-07-03 09:46 - 2012-07-20 20:39 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 08:21 - 2012-07-22 05:59 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-07-03 08:21 - 2012-07-22 05:59 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-07-03 08:21 - 2012-07-22 05:59 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-07-03 08:21 - 2012-07-22 05:59 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-07-03 08:21 - 2012-07-22 05:59 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-07-03 08:21 - 2012-07-22 05:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-07-03 08:21 - 2012-07-22 05:59 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-07-03 08:21 - 2012-07-22 05:58 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-07-03 08:21 - 2012-07-22 05:58 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-06-30 06:56 - 2011-01-17 15:51 - 00129536 __ASH C:\Users\Owner\Thumbs.db

2012-06-30 06:25 - 2012-06-30 06:25 - 00002224 ____A C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk

2012-06-30 06:25 - 2012-06-30 06:25 - 00001896 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk

2012-06-30 06:25 - 2012-06-30 06:25 - 00001224 ____A C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk

2012-06-30 06:25 - 2012-06-30 06:25 - 00001187 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8500 A910.lnk

2012-06-30 06:23 - 2012-06-30 06:23 - 01450884 ____A C:\Users\Owner\Downloads\HP_Officejet_Pro_8500_A910g_productname_patch.exe

2012-06-30 06:23 - 2012-06-30 06:22 - 37106248 ____A (Hewlett-Packard Company / Igor Pavlov) C:\Users\Owner\Downloads\HPPV-3_0_0-x64.exe

2012-06-30 06:13 - 2012-06-30 06:11 - 122098432 ____A C:\Users\Owner\Downloads\OJ8500_A910_231.exe

2012-06-24 09:24 - 2012-06-24 09:24 - 00000318 ____A C:\Users\Owner\Desktop\Curse Client.appref-ms

2012-06-15 18:47 - 2012-06-15 18:47 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-15 18:43 - 2012-06-15 18:43 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-06-02 14:19 - 2012-06-22 09:07 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-22 09:07 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-22 09:07 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-22 09:07 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-22 09:07 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-22 09:07 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-22 09:07 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-06-22 09:06 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:15 - 2012-06-22 09:06 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-01 21:18 - 2012-03-25 15:56 - 00000129 ____A C:\Windows\System32\MRT.INI

2012-06-01 21:00 - 2012-06-01 21:00 - 00000250 ____A C:\Users\Owner\Documents\cc_20120602_010023.reg

2012-06-01 20:58 - 2012-06-01 20:58 - 03862112 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup319.exe

2012-05-25 14:24 - 2012-05-25 14:24 - 00000902 ____A C:\Users\Owner\Desktop\soccer.txt

2012-05-24 18:31 - 2011-12-20 12:19 - 00002052 ____A C:\Users\Owner\Documents\Default.rdp

2012-05-19 20:36 - 2012-05-19 20:34 - 143194861 ____A C:\Users\Owner\Downloads\HangoutMusicFest2012Sampler.zip

2012-05-06 14:12 - 2012-05-06 14:12 - 00032260 ____A C:\Users\Owner\Documents\cc_20120506_181155.reg

2012-05-06 14:01 - 2012-05-06 14:01 - 03654896 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup318.exe

2012-05-06 13:58 - 2012-05-06 13:58 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg

2012-05-06 13:53 - 2011-01-22 12:29 - 00002223 ____A C:\Users\Owner\Desktop\System Mechanic.lnk

2012-05-01 17:59 - 2011-08-13 08:42 - 00005632 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-04-26 16:03 - 2011-01-15 12:24 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

ZeroAccess:

C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00}

C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\@

C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\L

C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\U

C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\L\00000004.@

C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\L\1afb2d56

C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\L\201d3dde

C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\U\00000008.@

C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%

Total physical RAM: 9207.12 MB

Available physical RAM: 8336.49 MB

Total Pagefile: 9205.27 MB

Available Pagefile: 8320.49 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:679.33 GB) NTFS

4 Drive g: (PROJECTDISK) (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 1968 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1967 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G PROJECTDISK FAT32 Removable 1967 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-17 20:13

======================= End Of Log ==========================

Link to post
Share on other sites

Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-22 12:20:41

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\system64\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-22 12:38:46 Run:1

Running from G:\

==============================================

C:\Windows\Installer\{fbaf559b-3908-fc78-3976-dced04d04f00} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

I am no longer getting any messages saying something is amiss. No audio randomly playing. You could very well be my new hero. I am thankful you are playing for the good guys.

Is there something I should be doing differently, or running to prevent this in the future. I am always careful, in my opinion, but maybe not as much as I need to be. Any advice is appreciated.

Mo

Link to post
Share on other sites

I'll give you some advice when we are done, just one more scan to run.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-07-21.01 - Owner 07/22/2012 14:01:08.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.6866 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\windows

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\extensions\{2caa185e-1460-4aea-8ef8-df88379fbdcb}

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\extensions\{2caa185e-1460-4aea-8ef8-df88379fbdcb}\chrome.manifest

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\extensions\{2caa185e-1460-4aea-8ef8-df88379fbdcb}\chrome\xulcache.jar

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\extensions\{2caa185e-1460-4aea-8ef8-df88379fbdcb}\defaults\preferences\xulcache.js

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\extensions\{2caa185e-1460-4aea-8ef8-df88379fbdcb}\install.rdf

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\extensions\{e93aedb9-8514-4e05-a4c4-70b58e181614}

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\extensions\{e93aedb9-8514-4e05-a4c4-70b58e181614}\chrome.manifest

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\extensions\{e93aedb9-8514-4e05-a4c4-70b58e181614}\chrome\xulcache.jar

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\extensions\{e93aedb9-8514-4e05-a4c4-70b58e181614}\defaults\preferences\xulcache.js

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\extensions\{e93aedb9-8514-4e05-a4c4-70b58e181614}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))

.

.

2012-07-22 20:07 . 2012-07-22 20:07 -------- d-----w- C:\FRST

2012-07-22 14:06 . 2012-07-22 14:06 -------- d-----w- c:\windows\en

2012-07-22 14:04 . 2012-07-22 14:04 -------- d-----w- c:\program files\Windows Live

2012-07-22 14:04 . 2012-07-22 14:04 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-22 13:59 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-22 13:59 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-22 13:59 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-22 13:59 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-07-22 13:59 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-22 13:59 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-22 13:59 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-22 13:58 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-07-22 13:58 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-22 13:31 . 2012-07-22 13:57 -------- d-----w- c:\programdata\AVAST Software

2012-07-22 13:31 . 2012-07-22 13:57 -------- d-----w- c:\program files\AVAST Software

2012-07-22 13:30 . 2012-07-22 13:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-22 13:30 . 2012-07-22 13:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-07-22 04:19 . 2012-07-22 04:19 -------- d-----w- c:\windows\Hewlett-Packard

2012-07-21 21:24 . 2012-07-21 21:24 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\272d60e91cd678702\DSETUP.dll

2012-07-21 21:24 . 2012-07-21 21:24 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\272d60e91cd678702\DXSETUP.exe

2012-07-21 21:24 . 2012-07-21 21:24 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\272d60e91cd678702\dsetup32.dll

2012-07-21 18:38 . 2012-07-21 18:46 -------- d-----w- c:\users\Owner\My Movies

2012-07-21 18:35 . 2012-07-21 18:44 -------- d-----w- c:\users\Owner\AppData\Roaming\HandBrake

2012-07-21 04:39 . 2012-07-21 04:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-21 04:39 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-21 00:56 . 2012-07-21 00:56 53248 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-07-21 00:56 . 2012-07-21 00:56 -------- d-----w- c:\users\Owner\AppData\Local\Logishrd

2012-07-21 00:55 . 2012-07-21 00:55 -------- d-----w- c:\program files\Logitech

2012-07-20 21:39 . 2012-07-20 21:39 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia

2012-07-20 03:32 . 2012-07-20 03:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-06-30 14:25 . 2012-07-22 04:19 -------- d-----w- c:\users\Owner\AppData\Roaming\HpUpdate

2012-06-30 14:25 . 2010-11-17 01:24 750440 ------w- c:\windows\system32\HPDiscoPM5312.dll

2012-06-30 14:24 . 2012-06-30 14:52 -------- d-----w- c:\users\Owner\AppData\Local\HP

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-21 00:56 . 2011-10-01 02:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-07-20 14:51 . 2012-04-08 14:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-20 14:51 . 2011-08-18 20:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2012-06-22 17:07 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 17:07 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 17:07 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 17:07 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 17:07 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 17:07 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 17:07 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 17:06 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 17:06 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-04-27 00:03 . 2011-01-15 20:24 57848688 ----a-w- c:\windows\system32\MRT.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]

2012-01-31 20:59 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-01-31 86696]

.

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]

"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 136176]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 250056]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-04-01 24576]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 136176]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2010-01-20 40320]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 rkhdrv40;Rootkit Unhooker Driver; [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-16 1255736]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 23464]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 149768]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-06-30 517632]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 161032]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 114760]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 121928]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 128264]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 509056]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 14:51]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 00:32]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 00:32]

.

2012-07-07 c:\windows\Tasks\hpwebreg_CN14LBK29F.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-17 01:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]

@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"

[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]

2011-05-09 15:45 436040 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]

@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"

[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]

2011-05-09 15:45 436040 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://mail.hortech.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Trusted Zone: $talisma_url$

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kqtb4nb4.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=

FF - prefs.js: network.proxy.type - 0

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0FF1C4C3-343F-49B0-B613-557EFD390574} - (no file)

Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

Notify-LBTWlgn - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2064912402-3754680767-1499082353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2064912402-3754680767-1499082353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

.

**************************************************************************

.

Completion time: 2012-07-22 14:22:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-22 18:22

.

Pre-Run: 728,985,849,856 bytes free

Post-Run: 728,590,598,144 bytes free

.

- - End Of File - - 9934F70AC81DCBB14A28B6ECF2738202

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.22.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

Protection: Enabled

7/22/2012 2:51:23 PM

mbam-log-2012-07-22 (14-51-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230644

Time elapsed: 1 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Now may I call you my hero?? I have got some nasty stuff over the years on computers, this was by all accounts the worst. When I started hearing advertisements when nothing was open, I knew I was in for it. It was also the easiest to remedy with your expertise. I think I am going to put you on speed dial if that is ok.... Any advice to keep everything running smoothly? Any programs etc that you would suggest? Is there a way to give you a thumbs up, gold star, and or big tip??

Forever in debt.

Mo

Link to post
Share on other sites

Great thumbsup.gif and Thank You :)

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.