Jump to content

Trojan BCminer, need help with removal.


Recommended Posts

Hello,

I've been having a very hard time removing this trojan BCminer from my computer. I have the DDS and Attach information listed below. I'd really appreciate some help.

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Chris at 17:26:06 on 2012-07-23

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6495 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\CSHelper.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe

C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe

C:\Program Files (x86)\Razer\Lachesis\OSD.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe

C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Razer\Lachesis\razertra.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files (x86)\Razer\Lachesis\razerofa.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Lachesis] "C:\Program Files (x86)\Razer\Lachesis\razerhid.exe"

mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"

mRun: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Wireless Connection Manager.lnk - C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: NoFileAssociate = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB

DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - C:\Program Files (x86)\Yahoo!\common\yucconfig.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

TCP: Interfaces\{3C9ECADA-8A0F-4B68-AB7F-A9A06AEFE76D} : DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

TCP: Interfaces\{876486E6-3EE4-4004-A94C-23DD4AA479D4} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{93C129FE-423E-4021-B9C0-B9DD65E2B0C8} : DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun-x64: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Lachesis] "C:\Program Files (x86)\Razer\Lachesis\razerhid.exe"

mRun-x64: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"

mRun-x64: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c11ho0f1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll

FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c11ho0f1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c11ho0f1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 250

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys --> C:\Windows\system32\DRIVERS\rtlprot.sys [?]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 CSHelper;CopySafe Helper Service;C:\Windows\SysWOW64\CSHelper.exe [2010-8-29 266240]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-23 655944]

R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-12-21 109168]

R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [2012-3-3 167936]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Arctosa;Arctosa Keyboard;C:\Windows\system32\drivers\Arctosa.sys --> C:\Windows\system32\drivers\Arctosa.sys [?]

S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2010-9-18 544768]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]

S3 STSService;STSService;"C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" --> C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-23 257224]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-07-24 00:53:20 -------- d-----w- C:\FRST

2012-07-23 22:26:47 426616 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2012-07-23 22:26:46 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-07-23 22:26:46 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-07-23 22:26:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\TestApp

2012-07-23 22:26:21 -------- d-----w- C:\ProgramData\PC Tools

2012-07-23 21:49:11 -------- d-----w- C:\Users\Chris\AppData\Roaming\QuickScan

2012-07-23 21:40:45 -------- d-----w- C:\ProgramData\SUPERSetup

2012-07-23 21:06:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-23 20:11:56 -------- d-----w- C:\Program Files\CCleaner

2012-07-23 20:01:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-23 18:55:10 -------- d-----w- C:\Program Files\Enigma Software Group

2012-07-23 18:54:42 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-07-23 18:52:03 -------- d--h--w- C:\Users\Chris\AppData\Roaming\SpeedyPC Software

2012-07-23 18:52:03 -------- d--h--w- C:\Users\Chris\AppData\Roaming\DriverCure

2012-07-23 18:51:56 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-07-23 10:09:14 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-20 01:38:49 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{984D4AE0-4F11-4F73-A566-5E4BB102C9EA}\mpengine.dll

2012-07-15 10:01:48 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-07-14 04:33:34 -------- d--h--w- C:\Users\Chris\AppData\Local\SniperV2 Demo

2012-07-14 03:40:18 -------- d-----w- C:\Program Files (x86)\Games

2012-07-09 09:08:41 -------- d--h--w- C:\Users\Chris\AppData\Roaming\AVG

2012-07-01 23:31:40 -------- d--h--w- C:\Users\Chris\AppData\Local\LIMBO

.

==================== Find3M ====================

.

2012-07-23 21:06:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

.

============= FINISH: 17:26:26.88 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/25/2009 3:41:56 PM

System Uptime: 7/23/2012 5:20:27 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | STRIKER II NSE

Processor: Intel® Core2 Quad CPU Q9400 @ 2.66GHz | Socket 775 | 3304/413mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 311.636 GiB free.

D: is CDROM (UDF)

E: is CDROM ()

G: is FIXED (NTFS) - 75 GiB total, 59.308 GiB free.

H: is FIXED (NTFS) - 149 GiB total, 79.179 GiB free.

I: is FIXED (NTFS) - 75 GiB total, 69.488 GiB free.

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ROOT\MEDIA\0000

Manufacturer:

Name:

PNP Device ID: ROOT\MEDIA\0000

Service:

.

==== System Restore Points ===================

.

RP840: 7/20/2012 4:59:07 PM - Scheduled Checkpoint

RP841: 7/21/2012 3:00:11 AM - Windows Update

RP842: 7/21/2012 10:31:22 PM - Scheduled Checkpoint

RP843: 7/23/2012 12:39:34 PM - Removed SpyHunter

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2Wire Wireless Client

Acer eDisplay Management

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

AI Suite

Any Video Converter 3.0.7

Apple Application Support

Apple Software Update

ArtistScope Plugin FX

Ashampoo Burning Studio 2010 Advanced

Ashampoo Home Designer1.0.0

Ashampoo Photo Commander 7.60

Ashampoo Snap 3.50

Ashampoo WinOptimizer 6.60

ASUSUpdate

AT&T Yahoo! High Speed Internet Home Networking Installer

BioShock 2

Call of Duty® - World at War 1.2 Patch

Call of Duty® - World at War 1.3 Patch

Call of Duty® - World at War 1.4 Patch

Call of Duty® - World at War 1.5 Patch

Call of Duty® - World at War 1.6 Patch

Call of Duty® - World at War 1.7 Patch

Celtx (2.9.1)

Command & Conquer Generals

Command and ConquerTM Generals Zero Hour

Company of Heroes - FAKEMSI

Computer Time Lock

Computer Time Lock (C:\Program Files (x86)\Computer Time Lock\)

Conduit Engine

Convert X to DVD 3.4.7.121

Counter-Strike: Source

D-Link DWA-130 Wireless N USB Adapter

DivX Plus DirectShow Filters

DivX Setup

DVDFab 8.0.2.2 (01/10/2010)

EPSON Scan

ExpressFiles

Flash Movie Player 1.5

Free NaturalReader

Free Video to MP3 Converter version 4.1

Garmin Communicator Plugin

Garmin USB Drivers

Google Chrome

Google Updater

GuideWire

HijackThis 1.99.1

Host OpenAL (ADI)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java Auto Updater

Java 6 Update 31

JMB36X Raid Configurer

K-Lite Codec Pack 5.8.3 (Full)

Linksys WUSB100 RangePlus Wireless USB Adapter

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Security Scan Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office XP Media Content

Microsoft Silverlight

Microsoft Student Graphing Calculator

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XML Parser

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

neroxml

OpenAL

Pivot Software

PunkBuster Services

QuickTime

Razer Lachesis

RealPlayer

SDK

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB979332)

Sins of a Solar Empire

Smart Defrag 2

SoundMAX

SoundTaxi 3.9.8

Source Filmmaker

Steam

swMSM

System Requirements Lab

Ultra Video Splitter 6.0.1201

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

VCRedistSetup

Vista Codec Package

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

VLC media player 0.9.9

vShare.tv plugin 1.3

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

Worms Armageddon - New Edition

Xilisoft Video to Audio Converter

.

==== Event Viewer Messages From Past Week ========

.

7/23/2012 5:22:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/23/2012 5:22:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep

7/23/2012 5:22:31 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/23/2012 5:22:31 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/23/2012 5:22:31 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/23/2012 5:21:37 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp psc 1200 series with shared resource name hp psc 1200 series. Error 1753. The printer cannot be used by others on the network.

7/23/2012 5:21:37 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer EPSON Stylus NX400 Series with shared resource name EPSON Stylus NX400 Series. Error 1753. The printer cannot be used by others on the network.

7/23/2012 5:20:54 PM, Error: volmgr [46] - Crash dump initialization failed!

7/23/2012 5:14:49 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

7/23/2012 5:14:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/23/2012 5:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/23/2012 5:14:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO Avgldx64 Avgmfx64 Avgtdia Beep DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss RtlProt Smb spldr sptd tdx Wanarpv6

7/23/2012 5:14:00 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/23/2012 5:14:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/23/2012 5:14:00 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/23/2012 5:14:00 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/23/2012 5:14:00 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/23/2012 5:14:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

7/23/2012 5:14:00 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/23/2012 5:14:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/23/2012 5:14:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/23/2012 5:14:00 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/23/2012 5:13:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/23/2012 5:13:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/23/2012 5:13:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

7/23/2012 5:13:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/23/2012 5:13:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/23/2012 5:12:04 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

7/23/2012 3:53:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

7/23/2012 3:21:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO Avgldx64 Avgmfx64 Beep spldr sptd Wanarpv6

7/23/2012 3:20:17 PM, Error: EventLog [6008] - The previous system shutdown at 2:53:23 PM on 7/23/2012 was unexpected.

7/19/2012 9:53:38 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

7/19/2012 6:00:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

7/19/2012 6:00:15 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/19/2012 6:00:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/18/2012 11:30:39 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

7/17/2012 11:11:50 PM, Error: EventLog [6008] - The previous system shutdown at 10:57:54 PM on 7/17/2012 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: Chris [Admin rights]

Mode: Scan -- Date: 07/23/2012 17:45:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Chris\AppData\Local\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\chris\appdata\local\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\chris\appdata\local\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\chris\appdata\local\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800BB-00JHA0 ATA Device +++++

--- User ---

[MBR] d6ab345cb3405202d30cac70c130b460

[bSP] 01ef3edfe8bcd65619f3d444e5ed41d3 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] bc51a6671ae1ce24e40518476eccdf38

[bSP] bf9bbf133cf51b68130a3bd875eba224 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD50 00AAKS-22A7B SCSI Disk Device +++++

--- User ---

[MBR] be1c427e220bc2305cd8e2ee2faf24f5

[bSP] 9c8cc87a3e23ef0eb11f54a2c4ab695f : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD16 00JS-60NCB1 SCSI Disk Device +++++

--- User ---

[MBR] 5ade1a7b83c04e5e6071dfbd73c9074d

[bSP] 8e653cedd81a63c25e3af80ad5cf8e6c : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Being you have Vista, you may not be able to carry out this procedure, but please give it a try.

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 23-07-2012 18:07:07

Running from H:\

Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [53248 2007-09-27] (Sonic Focus, Inc.)

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [Lachesis] "C:\Program Files (x86)\Razer\Lachesis\razerhid.exe" [172032 2007-09-12] ()

HKLM-x32\...\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1302528 2007-10-25] (Analog Devices, Inc.)

HKLM-x32\...\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [694008 2007-02-09] ()

HKLM-x32\...\Run: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR [121456 2010-06-30] ()

HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [x]

HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\Chris\...\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-05] (Google Inc.)

HKU\Default\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)

HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)

HKU\Default User\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)

HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 71.9.127.107 68.190.192.35 24.205.224.36

Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk

ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)

==================== Services (Whitelisted) ======

2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [89600 2007-10-19] (Andrea Electronics Corporation)

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

2 CSHelper; C:\Windows\SysWOW64\CSHelper.exe [266240 2010-08-29] ()

3 DfSdkS; "C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe" [544768 2009-08-24] (mst software GmbH, Germany)

2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [121456 2010-06-30] ()

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)

2 PdiService; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2010-04-16] (Portrait Displays, Inc.)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2009-02-18] ()

2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [215152 2010-10-28] ()

2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] ()

3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

3 STSService; "C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" [x]

========================== Drivers (Whitelisted) =============

3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [444928 2007-10-25] (Analog Devices, Inc.)

3 Arctosa; C:\Windows\System32\Drivers\Arctosa.sys [20480 2008-09-12] (Razer USA Ltd.)

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [14392 2007-12-17] ()

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )

3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )

0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )

1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)

1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)

0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)

1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()

3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [688640 2007-08-15] (Ralink Technology Corp.)

0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)

3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [20592 2010-04-16] (Portrait Displays, Inc.)

1 RtlProt; C:\Windows\System32\Drivers\RtlProt.sys [31016 2007-04-23] (Windows ® Codename Longhorn DDK provider)

0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()

0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-02] (Duplex Secure Ltd.)

3 uisp; C:\Windows\System32\Drivers\usbicp.sys [19200 2005-10-21] (Motorola)

3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd)

1 Beep; [x]

3 catchme; \??\C:\comfix11831c\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 MSJDrvr; \??\C:\Users\Chris\AppData\Local\Temp\MSJDrvr.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]

3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-23 16:53 - 2012-07-23 16:53 - 00000000 ____D C:\FRST

2012-07-23 16:45 - 2012-07-23 16:45 - 00003173 ____A C:\Users\Chris\Desktop\RKreport[1].txt

2012-07-23 16:44 - 2012-07-23 16:45 - 00000000 ____D C:\Users\Chris\Desktop\RK_Quarantine

2012-07-23 16:18 - 2012-07-23 16:17 - 00607260 ____R (Swearware) C:\Users\Chris\Desktop\dds.scr

2012-07-23 15:34 - 2012-07-23 14:58 - 01552384 ____A C:\Users\Chris\Desktop\RogueKiller.exe

2012-07-23 15:34 - 2012-07-23 14:55 - 01437781 ____A (Farbar) C:\Users\Chris\Desktop\FRST64.exe

2012-07-23 14:47 - 2012-07-23 15:28 - 00008152 ____A C:\Users\Chris\Desktop\avgrep.txt

2012-07-23 14:26 - 2012-07-23 14:26 - 04183000 ____A (PC Tools) C:\Users\Chris\Downloads\sdsetup.exe

2012-07-23 14:26 - 2012-07-23 14:26 - 00000000 ____D C:\Users\Chris\AppData\Roaming\TestApp

2012-07-23 14:26 - 2012-07-23 14:26 - 00000000 ____D C:\Users\All Users\PC Tools

2012-07-23 14:26 - 2012-05-11 10:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys

2012-07-23 14:26 - 2012-04-23 11:36 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys

2012-07-23 14:24 - 2012-07-23 14:25 - 04986272 ____A (SpeedyPC Software) C:\Users\Chris\Downloads\SpeedyPC Pro Installer (1).exe

2012-07-23 14:24 - 2012-07-23 14:24 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer (1).exe

2012-07-23 14:24 - 2012-07-23 14:24 - 00001205 ____A C:\Users\Chris\Downloads\FixNCR (1).reg

2012-07-23 14:11 - 2012-07-23 14:11 - 00000000 ____D C:\Users\Chris\Desktop\backups

2012-07-23 14:06 - 2012-07-23 14:11 - 00011132 ____A C:\Users\Chris\Desktop\hijackthis.log

2012-07-23 14:05 - 2012-07-23 14:05 - 00000000 ____D C:\Program Files\HijackThis

2012-07-23 13:58 - 2012-07-23 13:59 - 18738128 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Downloads\SUPERAntiSpyware (3).exe

2012-07-23 13:49 - 2012-07-23 13:49 - 00000000 ____D C:\Users\Chris\AppData\Roaming\QuickScan

2012-07-23 13:43 - 2012-07-23 13:43 - 17162336 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Downloads\SUPERAntiSpyware (2).exe

2012-07-23 13:41 - 2012-07-23 13:42 - 18738128 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Downloads\SUPERAntiSpyware (1).exe

2012-07-23 13:40 - 2012-07-23 13:40 - 00000000 ____D C:\Users\All Users\SUPERSetup

2012-07-23 13:06 - 2012-07-23 13:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-23 13:06 - 2012-07-23 13:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-23 13:06 - 2012-07-23 13:06 - 00000000 ____D C:\Windows\System32\Macromed

2012-07-23 12:22 - 2012-07-23 12:21 - 00251392 ____A C:\Users\Chris\Desktop\hijackthis_sfx.exe

2012-07-23 12:22 - 2012-07-23 12:19 - 00735039 ____A C:\Users\Chris\Desktop\afrcfree.exe

2012-07-23 12:22 - 2012-07-23 12:16 - 18737384 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Desktop\SUPERAntiSpyware.exe

2012-07-23 12:12 - 2012-07-23 12:13 - 18737384 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Downloads\SUPERAntiSpyware.exe

2012-07-23 12:11 - 2012-07-23 12:11 - 00000732 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-23 12:11 - 2012-07-23 12:11 - 00000000 ____D C:\Program Files\CCleaner

2012-07-23 12:03 - 2012-07-23 12:03 - 00000926 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-23 12:01 - 2012-07-23 14:46 - 00000000 ___SD C:\32788R22FWJFW

2012-07-23 12:01 - 2012-07-23 12:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-23 12:01 - 2011-11-23 23:30 - 03511776 ____A (Piriform Ltd) C:\Users\Chris\Desktop\ccsetup312.exe

2012-07-23 12:01 - 2011-11-23 23:29 - 09852544 ____A (Malwarebytes Corporation ) C:\Users\Chris\Desktop\mbam-setup-1.51.2.1300.exe

2012-07-23 12:01 - 2011-11-23 23:29 - 01008092 ____A C:\Users\Chris\Desktop\rkill.com

2012-07-23 12:01 - 2011-11-23 23:28 - 00001134 ____A C:\Users\Chris\Desktop\FixNCR.reg

2012-07-23 12:01 - 2011-11-23 23:26 - 04306022 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe

2012-07-23 10:55 - 2012-07-23 10:55 - 00000000 ____D C:\Program Files\Enigma Software Group

2012-07-23 10:54 - 2012-07-23 11:40 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-07-23 10:52 - 2012-07-23 10:52 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer.exe

2012-07-23 10:52 - 2012-07-23 10:52 - 00000000 ___HD C:\Users\Chris\AppData\Roaming\SpeedyPC Software

2012-07-23 10:52 - 2012-07-23 10:52 - 00000000 ___HD C:\Users\Chris\AppData\Roaming\DriverCure

2012-07-23 10:51 - 2012-07-23 11:42 - 00000000 ____D C:\Users\All Users\SpeedyPC Software

2012-07-23 10:51 - 2012-07-23 10:51 - 04986272 ____A (SpeedyPC Software) C:\Users\Chris\Downloads\SpeedyPC Pro Installer.exe

2012-07-23 10:51 - 2012-07-23 10:51 - 00000998 ____A C:\Users\Chris\Desktop\SpeedyPC Pro.lnk

2012-07-23 10:50 - 2012-07-23 10:50 - 00001205 ____A C:\Users\Chris\Downloads\FixNCR.reg

2012-07-23 10:27 - 2012-07-23 14:38 - 00007508 ____A C:\Windows\PFRO.log

2012-07-23 02:09 - 2012-07-23 02:09 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-19 17:36 - 2012-07-19 18:29 - 00009429 ____A C:\Users\Chris\Desktop\tv.xlsx

2012-07-19 16:37 - 2012-07-23 10:55 - 00000762 ____A C:\Users\Chris\Desktop\Journal.lnk

2012-07-19 14:44 - 2012-07-19 14:43 - 00000712 ____A C:\Users\Chris\Desktop\Worms.lnk

2012-07-19 14:40 - 2012-07-19 14:40 - 00000375 ____A C:\Users\Chris\Desktop\movies.lnk

2012-07-19 14:39 - 2012-07-19 14:39 - 00000368 ____A C:\Users\Chris\Desktop\Games.lnk

2012-07-17 20:22 - 2012-07-17 20:22 - 00000220 ____A C:\Users\Chris\Desktop\Source Filmmaker.url

2012-07-15 02:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-15 02:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-15 02:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-15 02:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-15 02:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-15 02:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-15 02:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-15 02:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-15 02:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-15 02:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-15 02:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-15 02:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-15 02:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-15 02:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-15 02:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-15 02:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-15 02:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-15 02:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-15 02:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-15 02:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-15 02:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-15 02:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-15 02:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-15 02:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-15 02:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-15 02:01 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-15 02:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-15 02:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-15 02:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-14 18:29 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-14 18:29 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-14 18:29 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-14 18:29 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-14 18:29 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-14 18:29 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-14 18:29 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-14 18:29 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-14 18:29 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-14 18:29 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-14 18:29 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-14 18:29 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-13 20:33 - 2012-07-13 20:33 - 00000000 ___HD C:\Users\Chris\AppData\Local\SniperV2 Demo

2012-07-13 20:29 - 2012-07-13 20:29 - 00362946 ___AH C:\Users\Chris\AppData\Local\dd_vcredistMSI32AA.txt

2012-07-13 20:29 - 2012-07-13 20:29 - 00013050 ___AH C:\Users\Chris\AppData\Local\dd_vcredistUI32AA.txt

2012-07-13 19:40 - 2012-07-14 01:33 - 00000000 ____D C:\Program Files (x86)\Games

2012-07-09 01:08 - 2012-07-09 01:12 - 00000000 ___HD C:\Users\Chris\AppData\Roaming\AVG

2012-07-09 00:48 - 2012-07-09 00:48 - 00100939 ____A C:\Users\Chris\Documents\bookmarks-2012-07-09.json

2012-07-07 18:37 - 2012-07-07 18:37 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-07-01 15:31 - 2012-07-01 15:31 - 00000000 ___HD C:\Users\Chris\AppData\Local\LIMBO

2012-06-28 22:07 - 2012-06-28 22:07 - 00900130 ____A C:\Windows\Minidump\Mini062912-01.dmp

2012-06-24 11:11 - 2012-07-15 16:50 - 00000000 ____D C:\Users\Chris\Documents\Command and Conquer Generals Zero Hour Data

2012-06-23 15:00 - 2012-06-23 15:00 - 00001761 ____A C:\Users\Public\Desktop\Command & Conquer Generals Zero Hour .lnk

2012-06-23 14:50 - 2012-06-23 14:59 - 00000000 ____D C:\Program Files (x86)\EA Games

2012-06-23 14:50 - 2012-06-23 14:50 - 00001701 ____A C:\Users\Public\Desktop\Command & Conquer Generals.lnk

============ 3 Months Modified Files ========================

2012-07-23 16:58 - 2006-11-02 07:42 - 00032650 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-23 16:58 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-23 16:58 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-23 16:58 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-23 16:49 - 2006-11-02 04:46 - 00006964 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-23 16:45 - 2012-07-23 16:45 - 00003173 ____A C:\Users\Chris\Desktop\RKreport[1].txt

2012-07-23 16:21 - 2011-05-20 15:47 - 00000306 ____A C:\Windows\Tasks\hlifhcayys.job

2012-07-23 16:17 - 2012-07-23 16:18 - 00607260 ____R (Swearware) C:\Users\Chris\Desktop\dds.scr

2012-07-23 15:38 - 2006-11-02 07:21 - 05024960 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-23 15:28 - 2012-07-23 14:47 - 00008152 ____A C:\Users\Chris\Desktop\avgrep.txt

2012-07-23 15:21 - 2011-11-24 01:50 - 01612961 ____A C:\Windows\WindowsUpdate.log

2012-07-23 14:58 - 2012-07-23 15:34 - 01552384 ____A C:\Users\Chris\Desktop\RogueKiller.exe

2012-07-23 14:55 - 2012-07-23 15:34 - 01437781 ____A (Farbar) C:\Users\Chris\Desktop\FRST64.exe

2012-07-23 14:38 - 2012-07-23 10:27 - 00007508 ____A C:\Windows\PFRO.log

2012-07-23 14:26 - 2012-07-23 14:26 - 04183000 ____A (PC Tools) C:\Users\Chris\Downloads\sdsetup.exe

2012-07-23 14:25 - 2012-07-23 14:24 - 04986272 ____A (SpeedyPC Software) C:\Users\Chris\Downloads\SpeedyPC Pro Installer (1).exe

2012-07-23 14:24 - 2012-07-23 14:24 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer (1).exe

2012-07-23 14:24 - 2012-07-23 14:24 - 00001205 ____A C:\Users\Chris\Downloads\FixNCR (1).reg

2012-07-23 14:11 - 2012-07-23 14:06 - 00011132 ____A C:\Users\Chris\Desktop\hijackthis.log

2012-07-23 13:59 - 2012-07-23 13:58 - 18738128 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Downloads\SUPERAntiSpyware (3).exe

2012-07-23 13:43 - 2012-07-23 13:43 - 17162336 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Downloads\SUPERAntiSpyware (2).exe

2012-07-23 13:42 - 2012-07-23 13:41 - 18738128 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Downloads\SUPERAntiSpyware (1).exe

2012-07-23 13:06 - 2012-07-23 13:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-23 13:06 - 2012-07-23 13:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-23 13:06 - 2011-06-11 10:15 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-23 12:21 - 2012-07-23 12:22 - 00251392 ____A C:\Users\Chris\Desktop\hijackthis_sfx.exe

2012-07-23 12:19 - 2012-07-23 12:22 - 00735039 ____A C:\Users\Chris\Desktop\afrcfree.exe

2012-07-23 12:16 - 2012-07-23 12:22 - 18737384 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Desktop\SUPERAntiSpyware.exe

2012-07-23 12:13 - 2012-07-23 12:12 - 18737384 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Downloads\SUPERAntiSpyware.exe

2012-07-23 12:11 - 2012-07-23 12:11 - 00000732 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-23 12:03 - 2012-07-23 12:03 - 00000926 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-23 10:58 - 2009-02-05 14:48 - 00002611 ____A C:\Users\Chris\Desktop\Microsoft Office Word 2007.lnk

2012-07-23 10:55 - 2012-07-19 16:37 - 00000762 ____A C:\Users\Chris\Desktop\Journal.lnk

2012-07-23 10:52 - 2012-07-23 10:52 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer.exe

2012-07-23 10:51 - 2012-07-23 10:51 - 04986272 ____A (SpeedyPC Software) C:\Users\Chris\Downloads\SpeedyPC Pro Installer.exe

2012-07-23 10:51 - 2012-07-23 10:51 - 00000998 ____A C:\Users\Chris\Desktop\SpeedyPC Pro.lnk

2012-07-23 10:50 - 2012-07-23 10:50 - 00001205 ____A C:\Users\Chris\Downloads\FixNCR.reg

2012-07-23 02:18 - 2011-11-05 10:56 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-19141258-2573716613-985753063-1000UA.job

2012-07-21 16:18 - 2011-11-05 10:56 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-19141258-2573716613-985753063-1000Core.job

2012-07-19 18:29 - 2012-07-19 17:36 - 00009429 ____A C:\Users\Chris\Desktop\tv.xlsx

2012-07-19 17:36 - 2009-01-27 19:42 - 00095744 ___AH C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-07-19 15:18 - 2011-12-23 22:40 - 00000671 ___AH C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml

2012-07-19 14:43 - 2012-07-19 14:44 - 00000712 ____A C:\Users\Chris\Desktop\Worms.lnk

2012-07-19 14:40 - 2012-07-19 14:40 - 00000375 ____A C:\Users\Chris\Desktop\movies.lnk

2012-07-19 14:39 - 2012-07-19 14:39 - 00000368 ____A C:\Users\Chris\Desktop\Games.lnk

2012-07-17 20:22 - 2012-07-17 20:22 - 00000220 ____A C:\Users\Chris\Desktop\Source Filmmaker.url

2012-07-17 11:11 - 2011-10-02 18:47 - 00000832 ____A C:\Users\Public\Desktop\AVG 2012.lnk

2012-07-15 02:05 - 2006-11-02 04:34 - 00000219 ____A C:\Windows\win.ini

2012-07-15 02:03 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-07-15 00:15 - 2011-11-05 11:10 - 00002042 ____A C:\Users\Chris\Desktop\Google Chrome.lnk

2012-07-14 10:33 - 2006-11-02 04:33 - 87556096 ____A C:\Windows\System32\config\software_previous

2012-07-14 10:33 - 2006-11-02 04:33 - 52690944 ____A C:\Windows\System32\config\components_previous

2012-07-14 10:33 - 2006-11-02 04:33 - 27525120 ____A C:\Windows\System32\config\system_previous

2012-07-14 10:33 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous

2012-07-14 10:33 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous

2012-07-14 10:33 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\default_previous

2012-07-13 20:29 - 2012-07-13 20:29 - 00362946 ___AH C:\Users\Chris\AppData\Local\dd_vcredistMSI32AA.txt

2012-07-13 20:29 - 2012-07-13 20:29 - 00013050 ___AH C:\Users\Chris\AppData\Local\dd_vcredistUI32AA.txt

2012-07-09 00:48 - 2012-07-09 00:48 - 00100939 ____A C:\Users\Chris\Documents\bookmarks-2012-07-09.json

2012-07-05 11:10 - 2009-01-25 15:47 - 00139552 ___AH C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-03 12:46 - 2011-11-24 00:54 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-28 22:07 - 2012-06-28 22:07 - 00900130 ____A C:\Windows\Minidump\Mini062912-01.dmp

2012-06-23 15:05 - 2009-02-02 00:39 - 00000979 ____A C:\Windows\eReg.dat

2012-06-23 15:00 - 2012-06-23 15:00 - 00001761 ____A C:\Users\Public\Desktop\Command & Conquer Generals Zero Hour .lnk

2012-06-23 14:50 - 2012-06-23 14:50 - 00001701 ____A C:\Users\Public\Desktop\Command & Conquer Generals.lnk

2012-06-13 05:58 - 2012-07-15 02:01 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 09:59 - 2012-07-14 18:29 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 09:47 - 2012-07-14 18:29 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-05 08:47 - 2012-07-14 18:29 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 08:47 - 2012-07-14 18:29 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 08:22 - 2012-07-14 18:29 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 08:22 - 2012-07-14 18:29 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-04 07:29 - 2012-07-14 18:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 14:19 - 2012-06-22 09:30 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-22 09:30 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-22 09:30 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-22 09:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-22 09:29 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2012-06-02 14:19 - 2012-06-22 09:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:19 - 2012-06-22 09:29 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2012-06-02 14:19 - 2012-06-22 09:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:19 - 2012-06-22 09:29 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2012-06-02 14:15 - 2012-06-22 09:30 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-22 09:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:15 - 2012-06-22 09:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 14:12 - 2012-06-22 09:29 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2012-06-02 14:12 - 2012-06-22 09:29 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2012-06-02 04:49 - 2012-07-15 02:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-15 02:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-15 02:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-15 02:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-15 02:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-15 02:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-15 02:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-15 02:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-15 02:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-15 02:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-15 02:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-15 02:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-15 02:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-15 02:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-15 02:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-15 02:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-15 02:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-15 02:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-15 02:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-15 02:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-15 02:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-15 02:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-15 02:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-15 02:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-15 02:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-15 02:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-15 02:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-15 02:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 16:22 - 2012-07-14 18:29 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 16:22 - 2012-07-14 18:29 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 16:05 - 2012-07-14 18:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 16:04 - 2012-07-14 18:29 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 16:03 - 2012-07-14 18:29 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-05-31 11:25 - 2009-10-02 13:21 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-29 15:27 - 2012-05-29 15:27 - 00000000 ____A C:\Users\Chris\Sti_Trace.log

2012-05-25 23:43 - 2009-03-06 10:22 - 00001356 ___AH C:\Users\Chris\AppData\Local\d3d9caps.dat

2012-05-11 10:14 - 2012-07-23 14:26 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys

2012-05-01 06:29 - 2012-06-12 15:07 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

ZeroAccess:

C:\Windows\Installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}

C:\Windows\Installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\@

C:\Windows\Installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\L

C:\Windows\Installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\U

C:\Windows\Installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\L\00000004.@

C:\Windows\Installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\L\201d3dde

ZeroAccess:

C:\Users\Chris\AppData\Local\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}

C:\Users\Chris\AppData\Local\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\@

C:\Users\Chris\AppData\Local\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\L

C:\Users\Chris\AppData\Local\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%

Total physical RAM: 8189.63 MB

Available physical RAM: 7371.9 MB

Total Pagefile: 7795.3 MB

Available Pagefile: 7338.13 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:312.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive d: () (Fixed) (Total:74.52 GB) (Free:69.49 GB) NTFS

4 Drive f: () (Fixed) (Total:149.05 GB) (Free:79.18 GB) NTFS

5 Drive g: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF

6 Drive h: () (Removable) (Total:3.74 GB) (Free:0.34 GB) FAT32

7 Drive i: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

10 Drive y: () (Fixed) (Total:74.52 GB) (Free:59.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 75 GB 8 MB

Disk 1 Online 75 GB 8 MB

Disk 2 Online 466 GB 8 MB

Disk 3 Online 149 GB 0 B

Disk 4 Online 3836 MB 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 75 GB 32 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 Y NTFS Partition 75 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 75 GB 32 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D NTFS Partition 75 GB Healthy

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 466 GB 32 KB

==================================================================================

Disk: 2

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 C NTFS Partition 466 GB Healthy

==================================================================================

Partitions of Disk 3:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 149 GB 32 KB

==================================================================================

Disk: 3

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 F NTFS Partition 149 GB Healthy

==================================================================================

Partitions of Disk 4:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3828 MB 19 KB

==================================================================================

Disk: 4

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 6 H FAT32 Removable 3828 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-23 16:28

======================= End Of Log ==========================

SEARCH.txt

Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-23 18:11:55

Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[2009-12-03 16:25] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe

[2009-12-03 16:23] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe

[2009-12-03 16:25] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe

[2009-12-03 16:23] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229

C:\Windows\ERDNT\cache64\services.exe

[2011-11-24 01:24] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}
C:\Users\Chris\AppData\Local\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\SysWOW64\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-23 18:43:19 Run:1

Running from H:\

==============================================

C:\Windows\Installer\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4} moved successfully.

C:\Users\Chris\AppData\Local\{7ccd175e-b89f-5e6c-e438-7d32f1ef7dd4} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\SysWOW64\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, lets run ComboFix to clean up any left overs.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.