Possible bot infection? (2 PC's)

[adb1990]

Hey all.

I recieved a notice from my ISP (Comcast) that one of the two PC's connected to the wireless network is infected with a bot. Both PC's were scanned with newly updated Norton, MalwareBytes, and MalwareBytes Anti-Rootkit and nothing was detected. There is no obvious infection on either computer. I ran dds.com and here are the logs.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.25.2

Run by Erin at 15:52:10 on 2013-07-08

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16066.12123 [GMT -4:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files\Tablet\Pen\WacomHost.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll

uRun: [Akamai NetSession Interface] "C:\Users\Erin\AppData\Local\Akamai\netsession_win.exe"

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{6BB2E227-DA48-42CE-A334-F65081BBD2C3} : DHCPNameServer = 192.168.0.1

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P 

x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]

R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-4-1 652344]

R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-4-1 28216]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-1 19264]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1403010.016\symds64.sys [2013-5-16 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1403010.016\symefa64.sys [2013-5-16 1139800]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [2013-7-2 1393240]

R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys [2013-5-16 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130705.001\IDSviA64.sys [2013-7-5 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1403010.016\ironx64.sys [2013-5-16 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys [2013-5-16 432800]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-4-1 149120]

R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2013-4-5 233328]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-1 14904]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe [2013-5-16 144520]

R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-5-29 1900728]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]

R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-6-5 619904]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-5-30 138912]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-1 357184]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-1 789824]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-6-5 13728]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-4-5 115272]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-4-23 178760]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-5 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-5 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-5 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-6-5 81824]

S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-6-5 15776]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-4 1255736]

.

=============== Created Last 30 ================

.

2013-07-07 22:27:45 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-07-07 18:19:55 -------- d-----w- C:\Users\Erin\AppData\Roaming\Malwarebytes

2013-07-07 18:19:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-07-07 18:19:49 -------- d-----w- C:\ProgramData\Malwarebytes

2013-07-07 18:19:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-07 18:19:37 -------- d-----w- C:\Users\Erin\AppData\Local\Programs

2013-07-04 16:04:28 -------- d-----w- C:\Users\Erin\AppData\Roaming\WTablet

2013-07-04 03:17:03 -------- d-----w- C:\Users\Erin\AppData\Local\ElevatedDiagnostics

2013-07-04 03:09:43 -------- d-----w- C:\Users\Erin\AppData\Local\NVIDIA

2013-07-03 01:01:14 33856 ---ha-w- C:\Windows\System32\hamachi.sys

2013-06-30 02:25:40 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2013-06-28 15:29:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-23 16:12:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-23 16:12:00 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-06-23 16:12:00 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-23 16:12:00 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-06-23 15:36:47 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-06-23 15:36:47 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-06-23 15:36:47 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-06-23 15:36:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-06-23 15:36:47 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-06-23 15:36:47 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-06-23 15:36:47 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-06-23 15:36:47 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-06-23 15:36:47 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-06-23 15:36:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-06-23 15:35:44 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-06-23 15:35:44 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-06-23 15:35:44 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-06-23 15:35:44 111448 ----a-w- C:\Windows\System32\consent.exe

2013-06-23 15:32:12 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-06-23 15:32:12 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-06-23 15:29:03 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-06-23 15:29:03 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-06-23 15:29:02 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-06-23 15:29:02 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-06-23 15:29:02 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-06-23 15:29:02 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-06-23 15:29:02 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-06-23 15:29:02 112640 ----a-w- C:\Windows\System32\smss.exe

2013-06-21 09:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-06-20 20:56:21 -------- d-----w- C:\Users\Erin\AppData\Roaming\Autodesk

2013-06-20 20:53:58 -------- d-----w- C:\Autodesk

2013-06-15 23:04:30 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2013-06-15 23:04:30 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2013-06-15 23:04:30 -------- d-----w- C:\Program Files (x86)\OpenAL

2013-06-15 23:04:29 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2013-06-15 23:04:29 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2013-06-11 04:31:57 -------- d-----w- C:\Users\Erin\AppData\Roaming\fltk.org

2013-06-11 04:31:57 -------- d-----w- C:\ProgramData\fltk.org

.

==================== Find3M  ====================

.

2013-07-04 05:26:18 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-07-04 05:26:18 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-07-01 02:13:39 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-06-28 15:29:45 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-28 15:29:45 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll

2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-07 04:10:59 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-05-06 19:53:46 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe

2013-04-29 21:51:59 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe

2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 15:52:33.18 ===============

 

 

 

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 4/1/2013 10:20:01 AM

System Uptime: 7/8/2013 12:33:40 PM (3 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. |  | P8Z77-V

Processor: Intel® Core i7-3770K CPU @ 3.50GHz | LGA1155 | 1575/103mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 569.77 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}

Description: Standard VGA Graphics Adapter

Device ID: PCI\VEN_8086&DEV_0162&SUBSYS_84CA1043&REV_09\3&11583659&0&10

Manufacturer: (Standard display types)

Name: Standard VGA Graphics Adapter

PNP Device ID: PCI\VEN_8086&DEV_0162&SUBSYS_84CA1043&REV_09\3&11583659&0&10

Service: vga

.

Class GUID: 

Description: Ethernet Controller

Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_849C1043&REV_04\3&11583659&0&C8

Manufacturer: 

Name: Ethernet Controller

PNP Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_849C1043&REV_04\3&11583659&0&C8

Service: 

.

Class GUID: 

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_84CA1043&REV_04\3&11583659&0&B0

Manufacturer: 

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_84CA1043&REV_04\3&11583659&0&B0

Service: 

.

==== System Restore Points ===================

.

RP57: 7/2/2013 8:08:45 PM - Installed DirectX

RP58: 7/2/2013 8:09:48 PM - Installed DirectX

RP59: 7/2/2013 8:10:47 PM - Installed DirectX

RP60: 7/2/2013 8:12:06 PM - Installed DirectX

RP61: 7/2/2013 8:13:14 PM - Installed DirectX

RP62: 7/2/2013 8:14:17 PM - Installed DirectX

RP63: 7/2/2013 8:15:25 PM - Installed DirectX

RP64: 7/2/2013 8:16:25 PM - Installed DirectX

RP65: 7/3/2013 2:47:24 PM - Installed DirectX

RP66: 7/3/2013 2:48:52 PM - Installed DirectX

RP67: 7/3/2013 2:50:23 PM - Installed DirectX

RP68: 7/3/2013 2:51:35 PM - Installed DirectX

RP69: 7/3/2013 2:53:46 PM - Installed DirectX

RP70: 7/3/2013 2:55:22 PM - Installed DirectX

RP71: 7/3/2013 2:56:22 PM - Installed DirectX

RP72: 7/3/2013 2:57:21 PM - Installed DirectX

RP73: 7/3/2013 2:58:19 PM - Installed DirectX

RP74: 7/3/2013 2:59:20 PM - Installed DirectX

RP75: 7/3/2013 3:00:23 PM - Installed DirectX

RP76: 7/3/2013 3:01:36 PM - Installed DirectX

RP77: 7/3/2013 3:02:26 PM - Installed DirectX

RP78: 7/3/2013 3:03:31 PM - Installed DirectX

RP79: 7/3/2013 3:04:36 PM - Installed DirectX

RP80: 7/3/2013 3:05:56 PM - Installed DirectX

RP81: 7/3/2013 3:07:02 PM - Installed DirectX

RP82: 7/3/2013 10:58:25 PM - Removed LogMeIn Hamachi

RP83: 7/7/2013 4:04:14 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

AI Suite II

Amnesia: The Dark Descent

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Asmedia ASM104x USB 3.0 Host Controller Driver

Asmedia ASM106x SATA Host Controller Driver

Bandicam

Bandisoft MPEG-1 Decoder

Bastion

Battlefield: Bad Company 2

Blacklight: Retribution

Bonjour

Borderlands

Breath of Death VII 

Counter-Strike: Global Offensive

Cry of Fear

Deus Ex: Human Revolution

Deus Ex: Human Revolution - The Missing Link

Fallout: New Vegas

Far Cry 2

FTL: Faster Than Light

Garry's Mod

Google Chrome

Google Update Helper

Grand Theft Auto: San Andreas

Hitman: Blood Money

Hotline Miami

Intel® Control Center

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

iTunes

Java 7 Update 25

Java Auto Updater

Killing Floor

Last.fm Scrobbler 2.1.35

Malwarebytes Anti-Malware version 1.75.0.1300

Metro 2033

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Office Professional Plus 2013 - en-us

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

MotioninJoy DS3 driver version 0.6.0005

MyPaint 1.0.0

NecrovisioN: Lost Company

Norton Security Suite

NVIDIA 3D Vision Controller Driver 320.49

NVIDIA 3D Vision Driver 320.49

NVIDIA Control Panel 320.49

NVIDIA GeForce Experience 1.5

NVIDIA Graphics Driver 320.49

NVIDIA HD Audio Driver 1.3.24.2

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.0604

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 4.11.9

NVIDIA Update Components

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Office 15 Click-to-Run Localization Component

OpenAL

PlanetSide 2

Poker Night at the Inventory

Portal

Portal 2

POSTAL 2 Complete

Psychonauts

PunkBuster Services

Qualcomm Atheros WiFi Driver Installation

Realtek High Definition Audio Driver

Red Orchestra 2: Heroes of Stalingrad

Rocksmith

S.T.A.L.K.E.R.: Call of Pripyat

S.T.A.L.K.E.R.: Shadow of Chernobyl

Saints Row: The Third

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Sleeping Dogs™

Sniper Elite: Nazi Zombie Army

SoulseekQt

StarCraft II

Steam

Team Fortress 2

The Binding of Isaac

The Ship Single Player

TuxGuitar

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Wacom

WebTablet FB Plugin 32 bit

WebTablet FB Plugin 64 bit

Winamp

Winamp Detector Plug-in

XCOM: Enemy Unknown

.

==== Event Viewer Messages From Past Week ========

.

7/8/2013 12:33:52 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

7/8/2013 12:00:39 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BBE9E654-057F-41A6-9A32-A868E0705475}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 2:25:50 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{40136B07-8F92-4BC9-84CA-80C65780245A}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 2:24:42 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4F0AFF25-C8EA-4DBB-8FE5-A8D383B17EAC}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 2:23:36 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{782E4FA3-DD19-4DD7-9BA8-D99C32D89B19}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 2:22:31 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{22920D6C-37FC-4D29-B500-D780B7AD8255}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 2:21:23 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{99E8B305-AEB7-48DD-B9A3-E23E8219DACE}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:23:22 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BDC39473-5D64-4B89-B1AB-233D6592024E}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:22:11 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{436A1F74-3890-4F35-AF2A-47BC0788C2B2}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:21:07 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0D73B469-A947-46DA-A6D6-2B08433502D7}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:20:05 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2CAF7E3A-DA28-443D-86A9-0C1D3E6448EC}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:19:05 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1EB2DF2E-B507-4E4F-93D3-DB1AAF374D38}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:17:55 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1AD70801-3B8A-4D14-84E8-D4A52277A157}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:16:51 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{FF4205C3-B360-4D05-8F07-FA736467EC90}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:15:25 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A82B37F8-4CD2-4727-9DDD-58B3C430C39A}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:14:06 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{39DA2B81-6112-4BBD-B428-1F166AE86A53}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:12:36 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{3E6D0456-938C-460D-94D8-02235EDC58EC}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:11:20 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{B2C1F3CD-A78F-4E68-BBE7-94FDAFAA0B97}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:10:18 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0AEB8E78-10B6-4BA8-9FA1-8B2D50571D7B}' was corrupted and it has been recovered. Some data might have been lost.

7/4/2013 12:09:17 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{362E04E2-5CC5-4C36-AC08-22C06C1C5F50}' was corrupted and it has been recovered. Some data might have been lost.

7/3/2013 11:01:02 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

7/3/2013 11:01:02 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

7/2/2013 9:51:41 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{81AF43D2-C76A-400A-8C13-9DDE455D6B35}' was corrupted and it has been recovered. Some data might have been lost.

7/2/2013 9:50:46 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{3190D806-FA35-4B02-8BDB-3CF3084A5213}' was corrupted and it has been recovered. Some data might have been lost.

7/2/2013 9:49:53 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{B08ADC1F-08E9-4306-84F4-6056B7BBE491}' was corrupted and it has been recovered. Some data might have been lost.

7/2/2013 9:49:00 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{EB19F58D-672C-4254-A760-DD72F840B3BB}' was corrupted and it has been recovered. Some data might have been lost.

7/2/2013 9:48:06 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6ED05E73-9C4F-4973-9DD1-310F16AD2688}' was corrupted and it has been recovered. Some data might have been lost.

7/2/2013 9:47:12 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{79E63E83-C5E9-4CAF-8C5A-477126B3B488}' was corrupted and it has been recovered. Some data might have been lost.

7/2/2013 9:46:17 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{42AF8F72-CFBD-4997-890F-8F4AF65E1D04}' was corrupted and it has been recovered. Some data might have been lost.

7/2/2013 9:45:24 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{592E1957-AC99-42E7-B942-435E77DAB9EA}' was corrupted and it has been recovered. Some data might have been lost.

7/2/2013 9:44:30 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{282593E2-2999-426C-AA77-EF5829DB1D14}' was corrupted and it has been recovered. Some data might have been lost.

7/2/2013 9:43:36 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{76bca28e-9aee-11e2-b690-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A98667D5-3FD2-4782-BCF2-B313D1FBCC65}' was corrupted and it has been recovered. Some data might have been lost.

7/2/2013 9:01:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

7/2/2013 9:01:17 PM, Error: Service Control Manager [7000]  - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

7/2/2013 9:01:15 PM, Error: Service Control Manager [7030]  - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

.

==== End Of File ===========================

 

 

[Psychotic]

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please post up the MBAM and MBAR logs.

[adb1990]

Thank you for helping. Here they are.

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.07.07.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Erin :: ERIN-PC [administrator]

 

7/8/2013 1:14:11 PM

mbam-log-2013-07-08 (13-14-11).txt

 

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 456817

Time elapsed: 1 hour(s), 23 minute(s), 56 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

[adb1990]

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org

 

Database version: v2013.07.08.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Erin :: ERIN-PC [administrator]

 

7/8/2013 4:09:52 PM

mbar-log-2013-07-08 (16-09-52).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: PUP

Objects scanned: 254744

Time elapsed: 5 minute(s), 15 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

[Psychotic]

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[adb1990]

ESET didn't find any infections.

[Psychotic]

System File Check

• Press the Windows key to open the start menu.
• Don´t highlight anything, just write cmd.
• The start menu will offer you an entry named cmd.
• Right click it and select "run as administrator"
• Within the opening window, write the following:
  

sfc /scannow

(See the blank within).

• Hit enter. Your system will be checked for damaged system files.
• Tell me the result of that scan in here (as the tool produces no log).
  

[adb1990]

The result was 'Windows Resource Protection did not find any integrity violations'.

[Psychotic]

No malware here.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe.
• Hit delete.
• When the run is finished, it will open up a text file.
• Please post its contents within your next reply.
• You´ll find the log file at C:\AdwCleaner[s1].txt also.
  

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[adb1990]

So you think this computer doesn't have the bot? And no, I'm not seeing any signs of infection. Thank you so much for your help, and here are the logs you wanted.

 

# AdwCleaner v2.304 - Logfile created 07/10/2013 at 10:36:15

# Updated 03/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Erin - ERIN-PC

# Boot Mode : Normal

# Running from : C:\Users\Erin\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Softonic

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16611

 

[OK] Registry is clean.

 

-\\ Google Chrome v28.0.1500.71

 

File : C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [693 octets] - [10/07/2013 10:36:16]

 

########## EOF - C:\AdwCleaner[s1].txt - [752 octets] ##########

 

 

 Results of screen317's Security Check version 0.99.68  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

 Windows Firewall Enabled!  

Norton Security Suite   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 25  

 Adobe Flash Player 11.6.602.180  

 Google Chrome 28.0.1500.63  

 Google Chrome 28.0.1500.71  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 6% 

````````````````````End of Log`````````````````````` 

 

[Psychotic]

No, I think there is no bot on this machine.

 

 

Uninstall our tools using delfix

Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

• System Updates
  Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
  Windows XP | Windows Vista |
  Windows 7 | windows 8
• Protection
  What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
  Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
• Up to date Software
  Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  
  • Secunia Online Software Inspector - Checks if your software has updates available.
  • Filehippo Update Checkere - This tool also scans your computer for outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser.
    

  [*] Backups
  There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
  It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.
  

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!