Laptop seriously infected

agrvt · November 15, 2013

I posted a week or 2 ago and was going to wipe the drive, as was suggested but no one has been able to locate the discs.

Roguekiller finds a ton of what looks like NTdrivers and other non-good items.

Here's the RK log:

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mr Do [Admin rights]
Mode : Scan -- Date : 11/14/2013 14:32:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x824B0823 -> HOOKED (Unknown @ 0x95982810)
[Address] SSDT[14] : NtAlertThread @ 0x8242934F -> HOOKED (Unknown @ 0x959828A8)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8246569D -> HOOKED (Unknown @ 0x95982F08)
[Address] SSDT[21] : NtAlpcConnectPort @ 0x824078A7 -> HOOKED (Unknown @ 0x91F40008)
[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x823DAB32 -> HOOKED (Unknown @ 0x95982288)
[Address] SSDT[67] : NtCreateMutant @ 0x8243D993 -> HOOKED (Unknown @ 0x95982638)
[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x823DD349 -> HOOKED (Unknown @ 0x95BF6F28)
[Address] SSDT[78] : NtCreateThread @ 0x824AEE40 -> HOOKED (Unknown @ 0x95F01358)
[Address] SSDT[116] : NtDebugActiveProcess @ 0x82481ED4 -> HOOKED (Unknown @ 0x95982320)
[Address] SSDT[129] : NtDuplicateObject @ 0x82415579 -> HOOKED (Unknown @ 0x95F011C0)
[Address] SSDT[147] : NtFreeVirtualMemory @ 0x822A1E75 -> HOOKED (Unknown @ 0x95982D98)
[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x823D7F3F -> HOOKED (Unknown @ 0x959826E0)
[Address] SSDT[158] : NtImpersonateThread @ 0x823ED589 -> HOOKED (Unknown @ 0x95982778)
[Address] SSDT[165] : NtLoadDriver @ 0x82388E12 -> HOOKED (Unknown @ 0x91F40F90)
[Address] SSDT[177] : NtMapViewOfSection @ 0x8242D994 -> HOOKED (Unknown @ 0x95982CE0)
[Address] SSDT[184] : NtOpenEvent @ 0x82416DF7 -> HOOKED (Unknown @ 0x959825A0)
[Address] SSDT[194] : NtOpenProcess @ 0x8243E12F -> HOOKED (Unknown @ 0x95F012D0)
[Address] SSDT[195] : NtOpenProcessToken @ 0x8241EA58 -> HOOKED (Unknown @ 0x95982F90)
[Address] SSDT[197] : NtOpenSection @ 0x8242E78C -> HOOKED (Unknown @ 0x95982470)
[Address] SSDT[201] : NtOpenThread @ 0x8243962B -> HOOKED (Unknown @ 0x95F01248)
[Address] SSDT[210] : NtProtectVirtualMemory @ 0x824373E2 -> HOOKED (Unknown @ 0x959821E0)
[Address] SSDT[282] : NtResumeThread @ 0x82438C4A -> HOOKED (Unknown @ 0x95982940)
[Address] SSDT[289] : NtSetContextThread @ 0x824B02CF -> HOOKED (Unknown @ 0x95982B08)
[Address] SSDT[305] : NtSetInformationProcess @ 0x824319E6 -> HOOKED (Unknown @ 0x95982BA0)
[Address] SSDT[317] : NtSetSystemInformation @ 0x82403F1E -> HOOKED (Unknown @ 0x959823B8)
[Address] SSDT[330] : NtSuspendProcess @ 0x824B075F -> HOOKED (Unknown @ 0x95982508)
[Address] SSDT[331] : NtSuspendThread @ 0x823B7945 -> HOOKED (Unknown @ 0x959829D8)
[Address] SSDT[335] : NtTerminateThread @ 0x82439660 -> HOOKED (Unknown @ 0x95982A70)
[Address] SSDT[348] : NtUnmapViewOfSection @ 0x8242DC57 -> HOOKED (Unknown @ 0x95982C48)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x8242AA27 -> HOOKED (Unknown @ 0x95982E40)
[Address] SSDT[382] : NtCreateThreadEx @ 0x82439115 -> HOOKED (Unknown @ 0x95BF6FB0)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x97037320)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x9701E190)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x87BB8730)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x97030230)
[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x87BB8B28)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x87BB88D0)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x87BB89E0)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x87BB8958)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87BB8BF0)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x97063980)
[inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35EBA366)
[inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35EBA366)
[inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35EBA366)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MHX2250BT +++++
--- User ---
[MBR] b519bef0205d0ab28364ab0a98a70c0a
[bSP] d3663f2f65985bf04792421310b51dc9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7621 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 15609856 | Size: 230852 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11142013_143232.txt >>
RKreport[0]_D_11092013_010127.txt;RKreport[0]_D_11102013_014719.txt;RKreport[0]_D_11102013_020539.txt
RKreport[0]_H_11092013_023510.txt;RKreport[0]_H_11092013_024447.txt;RKreport[0]_H_11102013_133746.txt
RKreport[0]_H_11102013_134818.txt;RKreport[0]_S_11092013_010031.txt;RKreport[0]_S_11092013_010319.txt
RKreport[0]_S_11092013_023321.txt;RKreport[0]_S_11092013_024419.txt;RKreport[0]_S_11092013_145448.txt
RKreport[0]_S_11102013_014906.txt;RKreport[0]_S_11102013_020728.txt;RKreport[0]_S_11102013_132336.txt
RKreport[0]_S_11102013_133929.txt

DDS log and attach files

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514
Run by Mr Do at 10:56:21 on 2013-11-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.487 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\stacsv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\igfxsrvc.exe
F:\RogueKiller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\hh.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\18.7.1.3\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Microsoft] rundll32.exe ",DllRegisterServerW
uRun: [Downloaded Installations] rundll32 ",DllCanUnloadNow
uRun: [Microsoft Games] rundll32 ",startThreadW
uRun: [gegl-0.2] rundll32 ",DllRegisterServer
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [bambooCore] c:\program files\bamboo dock\BambooCore.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{10A61FD8-9E73-4A78-8D5F-DCF58D80FDB4} : DHCPNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2013-11-9 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2013-11-9 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20131101.003\BHDrvx86.sys [2013-11-1 1096280]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20131108.001\IDSvix86.sys [2013-11-9 393816]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2013-11-9 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1207010.003\symtdiv.sys [2013-11-9 331384]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-15 21504]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-8 108120]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-8-1 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-8-1 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-8-1 31104]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-1 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-8-1 28464]
S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-1-6 11680]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-1-6 69024]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2013-1-6 13728]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31v.sys [2008-9-29 449536]
.
=============== File Associations ===============
.
ShellExec: MediaConverter.exe: open="c:\program files\sandisk\sansa media converter\uMediaConverter.exe" "%1"
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe"" %1"
.
=============== Created Last 30 ================
.
2013-11-14 19:30:45 26624 ----a-w- c:\windows\system32\TrueSight.sys
2013-11-10 20:29:09 -------- d-----w- C:\TDSSKiller_Quarantine
2013-11-09 09:37:36 744568 ----a-w- c:\windows\system32\drivers\nav\1207010.003\symefa.sys
2013-11-09 09:37:36 516216 ----a-w- c:\windows\system32\drivers\nav\1207010.003\srtsp.sys
2013-11-09 09:37:36 50168 ----a-w- c:\windows\system32\drivers\nav\1207010.003\srtspx.sys
2013-11-09 09:37:36 340088 ----a-w- c:\windows\system32\drivers\nav\1207010.003\symds.sys
2013-11-09 09:37:36 331384 ----a-w- c:\windows\system32\drivers\nav\1207010.003\symtdiv.sys
2013-11-09 09:37:36 299640 ----a-w- c:\windows\system32\drivers\nav\1207010.003\symnets.sys
2013-11-09 09:37:35 136312 ----a-w- c:\windows\system32\drivers\nav\1207010.003\ironx86.sys
2013-11-09 09:37:22 -------- d-----w- c:\windows\system32\drivers\nav\1207010.003
2013-11-09 07:31:01 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-11-09 07:31:01 37376 ----a-w- c:\windows\system32\cdd.dll
2013-11-09 06:08:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-09 06:08:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-09 03:28:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-09 01:37:22 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-11-09 01:37:22 -------- d-----w- c:\program files\Symantec
2013-11-09 01:36:40 -------- d-----w- c:\windows\system32\drivers\NAV
2013-11-09 01:36:12 -------- d-----w- c:\program files\NortonInstaller
.
==================== Find3M ====================
.
2013-11-08 22:43:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-08 22:43:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll
.
============= FINISH: 11:00:23.12 ===============

MrCharlie · November 15, 2013

From your first post, your were infected with Rootkit.ZeroAccess, a BackDoor Trojan.

Please do this:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

agrvt · November 15, 2013

I can't download it. It attempts to download and the download fails. I will copy it to a disc and then to the desktop.

agrvt · November 15, 2013

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Mr Do (administrator) on FINALLY on 15-11-2013 15:08:24
Running from C:\Users\Mr Do\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
(SigmaTel, Inc.) C:\Windows\system32\stacsv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [118784 2007-06-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [iSBMgr.exe] - C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317560 2007-06-11] (Sony Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [bambooCore] - C:\Program Files\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [5706480 2013-10-03] (SUPERAntiSpyware)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Microsoft] - rundll32.exe ",DllRegisterServerW
HKCU\...\Run: [Downloaded Installations] - rundll32 ",DllCanUnloadNow
HKCU\...\Run: [Microsoft Games] - rundll32 ",startThreadW
HKCU\...\Run: [gegl-0.2] - rundll32 ",DllRegisterServer
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-11-08] (Adobe Systems Incorporated)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess/Alureon?
MountPoints2: {645bd40f-2208-11dd-bb1a-838428bebbf3} - I:\LaunchU3.exe -a
MountPoints2: {929102cb-cd41-11dd-b6e6-001a804aa5bd} - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe
MountPoints2: {929102ce-cd41-11dd-b6e6-001a804aa5bd} - I:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Joe\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Joe\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKU\Joe\...\Run: [EA Core] - C:\Program Files\Electronic Arts\EADM\Core.exe -silent
HKU\Joe\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2008-08-03] (Apple Computer, Inc.)
HKU\Tom\...\Run: [AdobeUpdater] - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [ 2007-03-01] (Adobe Systems Incorporated)
HKU\Tom\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKU\Tom\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Tom\...\Run: [EA Core] - C:\Program Files\Electronic Arts\EADM\Core.exe -silent
HKU\Tom\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2008-08-03] (Apple Computer, Inc.)
HKU\Tom\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
HKU\Tom\...\Winlogon: [shell] Explorer.exe <==== ATTENTION
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://forums.malwarebytes.org/index.php?showtopic=136242&hl=%2Btdss#entry751446
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
SearchScopes: HKLM - DefaultScope {48BE879A-C4B5-467B-800B-8C3A5116B1E7} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
SearchScopes: HKLM - {48BE879A-C4B5-467B-800B-8C3A5116B1E7} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
SearchScopes: HKCU - DefaultScope {EED9E31C-8A96-4FB5-AB04-C66C30C64E6D} URL = http://www.dogpile.com/dogpile/ws/results/Web/{searchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true
SearchScopes: HKCU - {48BE879A-C4B5-467B-800B-8C3A5116B1E7} URL =
SearchScopes: HKCU - {EED9E31C-8A96-4FB5-AB04-C66C30C64E6D} URL = http://www.dogpile.com/dogpile/ws/results/Web/{searchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2013-03-28] (SuperAdBlocker.com)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2013-03-28] (SUPERAntiSpyware.com)
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
S4 npkcmsvc; C:\Nexon\MapleStory\npkcmsvc.exe [88728 2008-12-21] (INCA Internet Co., Ltd.)
S4 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
R2 STacSV; C:\Windows\system32\stacsv.exe [94208 2007-06-12] (SigmaTel, Inc.)
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-07-24] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-20] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [292152 2007-07-13] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [188416 2007-06-28] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [184320 2007-06-28] (Sony Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [526208 2012-11-14] (Wacom Technology, Corp.)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-11-01] (Symantec Corporation)
R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [9336 2007-06-14] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [9464 2007-06-14] (Sonic Solutions)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-08] (Symantec Corporation)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-10-12] (Windows ® Win 7 DDK provider)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20131114.001\IDSvix86.sys [393816 2013-11-07] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20131108.018\NAVENG.SYS [93272 2013-11-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20131108.018\NAVEX15.SYS [1612376 2013-11-08] (Symantec Corporation)
R2 npkcrypt; C:\Nexon\MapleStory\npkcrypt.sys [54888 2008-12-21] (INCA Internet Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2013-03-28] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2013-03-28] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SonyImgF; C:\Windows\System32\DRIVERS\SonyImgF.sys [31104 2007-04-05] (Sony Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAV\1207010.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1207010.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-12] (SigmaTel, Inc.)
R0 SymDS; C:\Windows\System32\drivers\NAV\1207010.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1207010.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2013-11-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1207010.003\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1207010.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [69024 2012-10-12] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-10-12] (Wacom Technology)
S3 WNDA3100; C:\Windows\System32\DRIVERS\WNDA31v.sys [449536 2008-09-29] (Atheros Communications, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
U3 mbr; \??\C:\Users\MRDO~1\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-15 15:08 - 2013-11-15 15:09 - 00016295 _____ C:\Users\Mr Do\Desktop\FRST.txt
2013-11-15 15:05 - 2013-11-15 15:05 - 00000000 ____D C:\FRST
2013-11-15 15:04 - 2013-11-15 19:51 - 01090529 _____ (Farbar) C:\Users\Mr Do\Desktop\FRST.exe
2013-11-15 14:44 - 2013-11-15 14:44 - 01957794 _____ (Farbar) C:\Users\Mr Do\Desktop\FRST64.exe
2013-11-15 11:00 - 2013-11-15 11:00 - 00019055 _____ C:\Users\Mr Do\Desktop\attach.txt
2013-11-15 11:00 - 2013-11-15 11:00 - 00014242 _____ C:\Users\Mr Do\Desktop\dds.txt
2013-11-14 14:32 - 2013-11-14 14:32 - 00005746 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11142013_143232.txt
2013-11-10 15:29 - 2013-11-10 15:29 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-10 13:48 - 2013-11-10 13:48 - 00001331 _____ C:\Users\Mr Do\Desktop\RKreport[0]_H_11102013_134818.txt
2013-11-10 13:39 - 2013-11-10 13:39 - 00001828 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11102013_133929.txt
2013-11-10 13:37 - 2013-11-10 13:37 - 00001261 _____ C:\Users\Mr Do\Desktop\RKreport[0]_H_11102013_133746.txt
2013-11-10 13:23 - 2013-11-10 13:23 - 00001761 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11102013_132336.txt
2013-11-10 02:07 - 2013-11-10 02:07 - 00005574 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11102013_020728.txt
2013-11-10 02:05 - 2013-11-10 02:05 - 00005542 _____ C:\Users\Mr Do\Desktop\RKreport[0]_D_11102013_020539.txt
2013-11-10 01:49 - 2013-11-10 01:49 - 00005507 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11102013_014906.txt
2013-11-10 01:47 - 2013-11-10 01:47 - 00005473 _____ C:\Users\Mr Do\Desktop\RKreport[0]_D_11102013_014719.txt
2013-11-09 14:54 - 2013-11-09 14:54 - 00005437 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11092013_145448.txt
2013-11-09 03:30 - 2013-09-22 05:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-09 03:30 - 2013-09-22 05:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-09 03:30 - 2013-09-22 05:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-09 03:30 - 2013-09-22 05:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-09 03:30 - 2013-09-22 05:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-09 03:30 - 2013-09-22 05:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-09 03:30 - 2013-09-22 05:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-09 03:30 - 2013-09-22 05:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-09 03:30 - 2013-09-22 05:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-09 03:30 - 2013-09-22 05:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-09 03:30 - 2013-09-22 05:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-09 03:30 - 2013-09-22 05:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-09 03:30 - 2013-09-22 05:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-09 03:30 - 2013-09-22 05:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-09 03:30 - 2013-09-22 05:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-09 03:30 - 2013-09-22 04:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-09 02:46 - 2013-11-09 02:46 - 00000923 _____ C:\Users\Mr Do\Desktop\RKreport[0]_PR_11092013_024604.txt
2013-11-09 02:45 - 2013-11-09 02:45 - 00000887 _____ C:\Users\Mr Do\Desktop\RKreport[0]_DN_11092013_024558.txt
2013-11-09 02:44 - 2013-11-09 02:44 - 00005368 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11092013_024419.txt
2013-11-09 02:44 - 2013-11-09 02:44 - 00001009 _____ C:\Users\Mr Do\Desktop\RKreport[0]_H_11092013_024447.txt
2013-11-09 02:38 - 2013-11-09 02:38 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Mr Do\Downloads\tdsskiller (1).exe
2013-11-09 02:37 - 2013-11-09 02:37 - 00000818 _____ C:\Users\Mr Do\Desktop\RKreport[0]_DN_11092013_023529.txt post fix host proxy and dns.txt
2013-11-09 02:35 - 2013-11-09 02:35 - 00001417 _____ C:\Users\Mr Do\Desktop\RKreport[0]_H_11092013_023510.txt
2013-11-09 02:35 - 2013-11-09 02:35 - 00000854 _____ C:\Users\Mr Do\Desktop\RKreport[0]_PR_11092013_023524.txt
2013-11-09 02:35 - 2013-11-09 02:35 - 00000818 _____ C:\Users\Mr Do\Desktop\RKreport[0]_DN_11092013_023529.txt
2013-11-09 02:33 - 2013-11-09 02:33 - 00005779 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11092013_023321.txt
2013-11-09 02:31 - 2013-07-31 22:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-09 02:31 - 2013-07-31 21:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-11-09 02:30 - 2013-08-29 02:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-09 02:30 - 2013-08-26 21:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-09 02:30 - 2013-08-26 21:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-09 02:30 - 2013-08-26 21:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-09 02:30 - 2013-08-26 21:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-09 02:30 - 2013-08-26 20:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-09 02:30 - 2013-08-26 20:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-09 02:30 - 2013-08-26 20:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-09 02:30 - 2013-08-26 20:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-09 02:30 - 2013-08-26 20:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-09 02:30 - 2013-07-20 05:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-09 02:30 - 2013-07-12 04:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-11-09 02:30 - 2013-07-03 23:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-09 02:30 - 2013-07-02 21:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-09 02:30 - 2013-06-28 21:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-09 02:30 - 2013-06-28 21:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-09 02:30 - 2013-06-28 21:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-09 02:30 - 2013-06-28 21:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-09 02:30 - 2013-06-26 18:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-09 02:30 - 2013-06-03 23:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-09 02:30 - 2013-06-03 20:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-09 02:30 - 2011-05-05 08:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-09 02:30 - 2011-05-05 08:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-09 02:23 - 2013-11-09 02:23 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Mr Do\Downloads\tdsskiller.exe
2013-11-09 01:08 - 2013-11-09 01:26 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-09 01:08 - 2013-11-09 01:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-09 01:08 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-09 01:03 - 2013-11-09 01:03 - 00001894 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11092013_010319.txt
2013-11-09 01:01 - 2013-11-09 01:01 - 00002340 _____ C:\Users\Mr Do\Desktop\RKreport[0]_D_11092013_010127.txt
2013-11-09 01:00 - 2013-11-09 01:00 - 00002287 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11092013_010031.txt
2013-11-09 00:58 - 2013-11-09 01:05 - 00000000 ____D C:\Users\Mr Do\Desktop\RK_Quarantine
2013-11-09 00:17 - 2013-11-09 00:17 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Mr Do\Downloads\mbar-1.07.0.1007.exe
2013-11-09 00:16 - 2013-11-09 00:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mr Do\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-11-09 00:01 - 2013-11-09 00:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mr Do\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-08 22:28 - 2013-11-10 06:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-08 22:22 - 2013-11-08 22:22 - 00000000 ____D C:\Users\Joe\AppData\Roaming\WTablet
2013-11-08 22:22 - 2013-11-08 22:22 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Wacom
2013-11-08 20:37 - 2013-11-10 08:31 - 00002116 _____ C:\Users\Public\Desktop\Norton AntiVirus.lnk
2013-11-08 20:37 - 2013-11-08 22:13 - 00126584 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-11-08 20:37 - 2013-11-08 22:13 - 00007468 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-11-08 20:37 - 2013-11-08 22:13 - 00000000 ____D C:\Program Files\Symantec
2013-11-08 20:36 - 2013-11-10 08:31 - 00000000 ____D C:\Windows\system32\Drivers\NAV
2013-11-08 15:22 - 2013-11-10 06:02 - 00000000 ____D C:\Users\Mr Do\Desktop\mbar

==================== One Month Modified Files and Folders =======

2013-11-15 19:51 - 2013-11-15 15:04 - 01090529 _____ (Farbar) C:\Users\Mr Do\Desktop\FRST.exe
2013-11-15 15:09 - 2013-11-15 15:08 - 00016295 _____ C:\Users\Mr Do\Desktop\FRST.txt
2013-11-15 15:05 - 2013-11-15 15:05 - 00000000 ____D C:\FRST
2013-11-15 14:47 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 14:47 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 14:44 - 2013-11-15 14:44 - 01957794 _____ (Farbar) C:\Users\Mr Do\Desktop\FRST64.exe
2013-11-15 14:44 - 2007-12-25 07:40 - 01619087 _____ C:\Windows\WindowsUpdate.log
2013-11-15 14:43 - 2012-04-15 18:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 11:00 - 2013-11-15 11:00 - 00019055 _____ C:\Users\Mr Do\Desktop\attach.txt
2013-11-15 11:00 - 2013-11-15 11:00 - 00014242 _____ C:\Users\Mr Do\Desktop\dds.txt
2013-11-14 14:32 - 2013-11-14 14:32 - 00005746 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11142013_143232.txt
2013-11-10 15:39 - 2006-11-02 05:33 - 00716004 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-10 15:31 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-10 15:29 - 2013-11-10 15:29 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-10 13:48 - 2013-11-10 13:48 - 00001331 _____ C:\Users\Mr Do\Desktop\RKreport[0]_H_11102013_134818.txt
2013-11-10 13:39 - 2013-11-10 13:39 - 00001828 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11102013_133929.txt
2013-11-10 13:37 - 2013-11-10 13:37 - 00001261 _____ C:\Users\Mr Do\Desktop\RKreport[0]_H_11102013_133746.txt
2013-11-10 13:23 - 2013-11-10 13:23 - 00001761 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11102013_132336.txt
2013-11-10 08:39 - 2006-11-02 08:01 - 00032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-10 08:38 - 2007-08-01 21:03 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-10 08:31 - 2013-11-08 20:37 - 00002116 _____ C:\Users\Public\Desktop\Norton AntiVirus.lnk
2013-11-10 08:31 - 2013-11-08 20:36 - 00000000 ____D C:\Windows\system32\Drivers\NAV
2013-11-10 08:29 - 2013-07-15 19:35 - 00000000 ____D C:\Users\Mr Do\AppData\Local\Piriform
2013-11-10 06:02 - 2013-11-08 22:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-10 06:02 - 2013-11-08 15:22 - 00000000 ____D C:\Users\Mr Do\Desktop\mbar
2013-11-10 02:07 - 2013-11-10 02:07 - 00005574 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11102013_020728.txt
2013-11-10 02:05 - 2013-11-10 02:05 - 00005542 _____ C:\Users\Mr Do\Desktop\RKreport[0]_D_11102013_020539.txt
2013-11-10 01:49 - 2013-11-10 01:49 - 00005507 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11102013_014906.txt
2013-11-10 01:47 - 2013-11-10 01:47 - 00005473 _____ C:\Users\Mr Do\Desktop\RKreport[0]_D_11102013_014719.txt
2013-11-09 14:54 - 2013-11-09 14:54 - 00005437 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11092013_145448.txt
2013-11-09 04:24 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-09 04:14 - 2006-11-02 07:47 - 00346392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-09 03:52 - 2007-08-17 19:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-09 03:44 - 2013-08-14 02:15 - 00000000 ____D C:\Windows\system32\MRT
2013-11-09 03:40 - 2006-11-02 05:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-09 02:46 - 2013-11-09 02:46 - 00000923 _____ C:\Users\Mr Do\Desktop\RKreport[0]_PR_11092013_024604.txt
2013-11-09 02:45 - 2013-11-09 02:45 - 00000887 _____ C:\Users\Mr Do\Desktop\RKreport[0]_DN_11092013_024558.txt
2013-11-09 02:44 - 2013-11-09 02:44 - 00005368 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11092013_024419.txt
2013-11-09 02:44 - 2013-11-09 02:44 - 00001009 _____ C:\Users\Mr Do\Desktop\RKreport[0]_H_11092013_024447.txt
2013-11-09 02:38 - 2013-11-09 02:38 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Mr Do\Downloads\tdsskiller (1).exe
2013-11-09 02:37 - 2013-11-09 02:37 - 00000818 _____ C:\Users\Mr Do\Desktop\RKreport[0]_DN_11092013_023529.txt post fix host proxy and dns.txt
2013-11-09 02:35 - 2013-11-09 02:35 - 00001417 _____ C:\Users\Mr Do\Desktop\RKreport[0]_H_11092013_023510.txt
2013-11-09 02:35 - 2013-11-09 02:35 - 00000854 _____ C:\Users\Mr Do\Desktop\RKreport[0]_PR_11092013_023524.txt
2013-11-09 02:35 - 2013-11-09 02:35 - 00000818 _____ C:\Users\Mr Do\Desktop\RKreport[0]_DN_11092013_023529.txt
2013-11-09 02:33 - 2013-11-09 02:33 - 00005779 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11092013_023321.txt
2013-11-09 02:27 - 2012-07-05 22:23 - 00000000 ____D C:\Program Files\Google
2013-11-09 02:23 - 2013-11-09 02:23 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Mr Do\Downloads\tdsskiller.exe
2013-11-09 01:26 - 2013-11-09 01:08 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-09 01:26 - 2013-11-09 01:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-09 01:05 - 2013-11-09 00:58 - 00000000 ____D C:\Users\Mr Do\Desktop\RK_Quarantine
2013-11-09 01:03 - 2013-11-09 01:03 - 00001894 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11092013_010319.txt
2013-11-09 01:01 - 2013-11-09 01:01 - 00002340 _____ C:\Users\Mr Do\Desktop\RKreport[0]_D_11092013_010127.txt
2013-11-09 01:00 - 2013-11-09 01:00 - 00002287 _____ C:\Users\Mr Do\Desktop\RKreport[0]_S_11092013_010031.txt
2013-11-09 00:17 - 2013-11-09 00:17 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Mr Do\Downloads\mbar-1.07.0.1007.exe
2013-11-09 00:16 - 2013-11-09 00:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mr Do\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-11-09 00:01 - 2013-11-09 00:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mr Do\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-08 23:03 - 2012-07-05 22:23 - 00000000 ____D C:\Users\Mr Do\AppData\Local\Google
2013-11-08 22:56 - 2007-12-25 15:33 - 00000949 _____ C:\Users\Mr Do\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-08 22:22 - 2013-11-08 22:22 - 00000000 ____D C:\Users\Joe\AppData\Roaming\WTablet
2013-11-08 22:22 - 2013-11-08 22:22 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Wacom
2013-11-08 22:22 - 2008-01-11 17:53 - 00000949 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-08 22:13 - 2013-11-08 20:37 - 00126584 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-11-08 22:13 - 2013-11-08 20:37 - 00007468 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-11-08 22:13 - 2013-11-08 20:37 - 00000000 ____D C:\Program Files\Symantec
2013-11-08 20:44 - 2007-08-17 20:26 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-08 20:36 - 2008-11-11 10:55 - 00000000 ____D C:\Program Files\Norton AntiVirus
2013-11-08 20:36 - 2008-11-11 09:40 - 00000000 ____D C:\ProgramData\Norton
2013-11-08 17:43 - 2012-04-15 18:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-08 17:43 - 2011-11-04 23:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-08 17:01 - 2013-07-10 02:50 - 00020088 _____ C:\Windows\PFRO.log
2013-11-08 17:01 - 2007-08-17 19:53 - 00000000 ____D C:\Windows\Downloaded Installations
2013-11-08 14:19 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\SchCache

Files to move or delete:
====================
C:\Users\Mr Do\AppData\Roaming\skype.ini
C:\ProgramData\pswi_preloaded.exe
C:\Users\Joe\jagex_runescape_preferences.dat
C:\Users\Mr Do\acrobat.exe
C:\Users\Mr Do\acrobatreader.exe
C:\Users\Mr Do\alg.exe
C:\Users\Mr Do\chrome.exe
C:\Users\Mr Do\flashplayer.exe
C:\Users\Mr Do\googleupdate.exe
C:\Users\Mr Do\icq.exe
C:\Users\Mr Do\jagex_cl_runescape_LIVE.dat
C:\Users\Mr Do\jagex_runescape_preferences.dat
C:\Users\Mr Do\java.exe
C:\Users\Mr Do\jqs.exe
C:\Users\Mr Do\msconfig.exe
C:\Users\Mr Do\mstsc.exe
C:\Users\Mr Do\notepad.exe
C:\Users\Mr Do\skype.exe
C:\Users\Mr Do\teamviewer.exe
C:\Users\Mr Do\vlcplayer.exe

Some content of TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Joe\AppData\Local\Temp\EAD1006.exe
C:\Users\Joe\AppData\Local\Temp\EAD1374.exe
C:\Users\Joe\AppData\Local\Temp\EAD339F.exe
C:\Users\Joe\AppData\Local\Temp\EAD3E95.exe
C:\Users\Joe\AppData\Local\Temp\EAD4F65.exe
C:\Users\Joe\AppData\Local\Temp\EAD55DC.exe
C:\Users\Joe\AppData\Local\Temp\EAD65B4.exe
C:\Users\Joe\AppData\Local\Temp\EAD6815.exe
C:\Users\Joe\AppData\Local\Temp\EAD87A5.exe
C:\Users\Joe\AppData\Local\Temp\EAD8BA6.exe
C:\Users\Joe\AppData\Local\Temp\EAD9ABC.exe
C:\Users\Joe\AppData\Local\Temp\EADAF8.exe
C:\Users\Joe\AppData\Local\Temp\EADBB89.exe
C:\Users\Joe\AppData\Local\Temp\EADECDB.exe
C:\Users\Joe\AppData\Local\Temp\EADF8A.exe
C:\Users\Joe\AppData\Local\Temp\Second Life Setup.exe
C:\Users\Joe\AppData\Local\Temp\symlcsv1.exe
C:\Users\Mr Do\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Mr Do\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mr Do\AppData\Local\Temp\{3FDFD1FA-BF00-4268-8D51-75CB33A1C016}.exe
C:\Users\Mr Do\AppData\Local\Temp\{BD3B5216-3C9D-4BE2-A92D-D027916F3F11}.exe
C:\Users\Tom\AppData\Local\Temp\EAD82C6.exe
C:\Users\Tom\AppData\Local\Temp\EADB6B3.exe
C:\Users\Tom\AppData\Local\Temp\symlcsv1.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-10 15:41

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-11-2013
Ran by Mr Do at 2013-11-15 15:09:29
Running from C:\Users\Mr Do\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton AntiVirus (Enabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus (Enabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 1.0.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0)
Adobe AIR (Version: 3.8.0.870)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader 9 (Version: 9.0.0)
Alps Pointing-device for VAIO
Applet
ArcSoft Magic-i Visual Effects Installer
ArtRage Studio (Version: 3.5.4)
Autodesk SketchBook Express 2011 sp2 (Version: 5.20.0000)
Autodesk SketchBook Pro 6.0.1 (Version: 6.01.0000)
Bamboo (Version: 5.3.0-3)
Bamboo Dock (Version: 4.1)
Bamboo Dock (Version: 4.1.0)
Blender (Version: 2.60a-release)
BufferChm (Version: 82.0.173.000)
CCleaner (Version: 4.05)
ChromaShift Full Version
Click to DVD 2.0.05 Menu Data (Version: 2.0.05)
Click to DVD 2.6.00 (Version: 2.6.00)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Corel Paint Shop Pro Photo XI (Version: 11.10.0000)
Corel Snapfire (Version: 1.10.0000)
CustomerResearchQFolder (Version: 1.00.0000)
D6100_D7100_D7300_Help (Version: 82.0.233.000)
D7100 (Version: 82.0.233.000)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
Disney Pirates of the Caribbean Online (Version: )
DSD Direct (Version: 2.0.01)
DSD Direct Player (Version: 1.0)
DSD Playback Plug-in (Version: 1.1)
EA Download Manager (Version: 4.0.0.396)
EA Download Manager (Version: 7.1.4.31)
eSupportQFolder (Version: 1.00.0000)
Fish Tycoon (Version: 32.0.0.0)
GearDrvs (Version: 1)
getPlus® for Adobe (Version: 1.5.2.35)
GIMP 2.8.0 (Version: 2.8.0)
GTA San Andreas (Version: 1.00.00001)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet & Photosmart Printer Driver Software 8.0.A (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.002.008.001)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
Inkscape 0.48.4 (Version: 0.48.4)
Instant Mode (Version: 1.0.2)
Java Auto Updater (Version: 2.0.7.1)
Java 6 Update 3 (Version: 1.6.0.30)
Java 6 Update 31 (Version: 6.0.310)
Java SE Runtime Environment 6 (Version: 1.6.0.0)
JNLP
LocationFree Player (Version: 3.02.0000)
Makehuman
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MapleStory (Version: 56)
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton 360 (Version: 1.2.0.10)
Norton AntiVirus (Version: 18.7.1.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
Pando Media Booster (Version: 2.6.0.8)
POV-Ray for Windows v3.62 (Version: 3.62)
QuickBooks Product Listing Service (Version: 2.0.148)
QuickBooks Simple Start Free Starter Edition (Version: )
QuickTime (Version: 7.0.3)
Roblox
Roxio Easy Media Creator Home (Version: 9.0.178)
Sansa Media Converter
SecondLifeViewer2 (remove only)
Setting Utility Series (Version: 3.0.00.07240)
SF_CDA_ProductContext (Version: 82.0.233.000)
SF_CDA_Software (Version: 82.0.233.000)
SigmaTel Audio (Version: 5.10.5102.0)
SolutionCenter (Version: 82.0.188.000)
SonicStage Mastering Studio (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter Custom Preset (Version: 2.3)
SonicStage Mastering Studio Plugins (Version: 2.4)
Sony Video Shared Library (Version: 3.2.00)
SPORE™ (Version: 1.01.0000)
Status (Version: 82.0.173.000)
SUPERAntiSpyware (Version: 4.49.1000)
SupportSoft Assisted Service (Version: 15)
System Requirements Lab
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009 (Version: 2.0.0.1)
Unity Web Player (Version: 2.5.1b3_716)
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Azure Float Wallpaper (Version: 1.0.00.10100)
VAIO Camera Capture Utility (Version: 2.5.00.06250)
VAIO Center Access Bar (Version: 1.00.0622)
VAIO Content Folder Setting (Version: 1.0.00.07170)
VAIO Content Importer VAIO Content Exporter (Version: 1.2.00.06270)
VAIO Content Importer / VAIO Content Exporter (Version: 1.2.00.06270)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 2.0.02.07130)
VAIO Content Metadata Manager Setting (Version: 2.0.01.07041)
VAIO Content Metadata XML Interface Library (Version: 2.0.01.07050)
VAIO Control Center (Version: 2.1.00.07110)
VAIO Entertainment Center (Version: 2.00.0711)
VAIO Entertainment Platform (Version: 3.0.00.06280)
VAIO Event Service (Version: 3.2.00.07240)
VAIO Floral Dusk Wallpaper (Version: 1.0.00.10100)
VAIO Help And Support (Version: 3.10.0724.FZVP)
VAIO Launcher (Version: 1.0.00.07090)
VAIO Media (Version: 6.0.10)
VAIO Media 6.0 (Version: 6.0.10)
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0 (Version: 6.0.10)
VAIO Media Registration Tool (Version: 6.0.10)
VAIO Media Registration Tool 6.0 (Version: 6.0.10)
VAIO Movie Story (Version: 1.0.00.18280)
VAIO Movie Story Template Data (Version: 1.0.00.18280)
VAIO MusicBox (Version: 1.0.00.07090)
VAIO MusicBox Sample Music (Version: 1.0.00.07030)
VAIO OOBE (Version: 3.00.0710)
VAIO Original Function Setting (Version: 1.1.00.07130)
VAIO PC Wireless LAN Wizard (Version: 1.00.0716)
VAIO Power Management (Version: 2.2.00.06130)
VAIO Productivity Center (Version: 2.00.0702)
VAIO Security Center (Version: 5.00.0716)
VAIO Service Utility (Version: 1.1.1.3)
VAIO Survey (Version: 5.00.7207)
VAIO Teal Whisper Wallpaper (Version: 1.0.00.10100)
VAIO Update 3 (Version: 3.0.02.05090)
VC 9.0 Runtime (Version: 1.0.0)
WebReg (Version: 82.0.173.000)
WebTablet FB Plugin 32 bit (Version: 2.1.0.2)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
WIDCOMM Bluetooth Software 6.1.0.1203 (Version: 6.1.0.1203)
WinDVD for VAIO (Version: 8.0-B8.384)
WinRAR archiver
Wireless Switch Setting Utility (Version: 3.6.00.18210)
World of Warcraft

==================== Restore Points =========================

15-11-2013 00:05:11 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 05:23 - 2013-11-10 13:48 - 00000741 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01CA8BCC-B00A-4766-939C-E18B4ADFAAA2} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-06-15] (Sony Corporation)
Task: {04281591-2BF4-4482-BD81-E4C43FD0D521} - System32\Tasks\Symantec\Norton Error Processor 18.7.1.3 => C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\symerr.exe [2012-03-27] (Symantec Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3373D9FF-8FC0-475F-819D-E762C3E87B88} - System32\Tasks\{689B3DE0-CF6D-41DA-A29C-6961E029DBA5} => C:\Users\Mr Do\AppData\Local\6cd81c15-97f6-48a5-8c92-b6b56b0b9eb1ad\cdcfacbbbbebad.exe [2013-07-01] ()
Task: {3B6548B6-8EF8-41E4-90E7-7E585D8B6348} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {67F52717-500C-4C6F-B023-5060FC636B08} - System32\Tasks\VAIO Service Utility => C:\Program Files\Sony\VAIO Service Utility\VAIO-SU.exe [2007-02-16] ()
Task: {68174C6C-22AE-4C19-B927-DD40EDDF259F} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2007-05-31] (Sony Corporation)
Task: {69FFE6E4-1313-4B4C-A113-CB26F078230C} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.1.3 => C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\symerr.exe [2012-03-27] (Symantec Corporation)
Task: {D3491DB3-4D61-4D83-843B-8785C5EB3347} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-08] (Adobe Systems Incorporated)
Task: {DAFC0859-6E6F-4A65-B475-1051C46BCE54} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2007-08-01 21:51 - 2007-06-29 07:56 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2008-05-15 15:57 - 2007-09-20 17:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2013-01-06 17:50 - 2012-11-14 14:45 - 00963456 _____ () C:\Program Files\Tablet\Pen\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:80ED6380

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63502283.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79910706.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63502283.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\79910706.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2013 03:37:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 03:37:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 03:37:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2013 03:31:19 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (11/10/2013 02:02:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (11/15/2013 02:43:15 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 001A804AA5BD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/11/2013 00:34:52 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (11/10/2013 03:37:57 PM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (11/10/2013 03:36:47 PM) (Source: Service Control Manager) (User: )
Description: Net Driver HPZ121

Error: (11/10/2013 03:32:11 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (11/10/2013 02:02:25 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (11/10/2013 02:02:24 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/10/2013 02:02:24 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/10/2013 02:02:23 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (11/10/2013 02:01:50 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Microsoft Office Sessions:
=========================
Error: (01/05/2009 07:43:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 431 seconds with 240 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2013-11-15 15:09:16.872
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 15:09:16.638
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 15:09:16.404
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 15:09:16.170
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 15:09:15.936
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 15:09:15.702
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 15:09:15.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 15:09:15.234
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 15:09:00.477
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-11-15 15:09:00.258
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 2037.69 MB
Available physical RAM: 821.5 MB
Total Pagefile: 4318.45 MB
Available Pagefile: 2823.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.44 GB) (Free:142.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: F28EEDC7)
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=225 GB) - (Type=07 NTFS)

==================== End Of Log ============================

MrCharlie · November 15, 2013

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......(It looks like this is already on the system)

Download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

agrvt · November 15, 2013

Fixlog attached

Fixlog.txt

agrvt · November 16, 2013

Things have vastly improved but the system is somewhat slow.

I was able to update windows and previously undownloadable things from your posts can now be downloaded.

mbar-log-2013-11-15 (18-37-13).txt

system-log.txt

MrCharlie · November 16, 2013

OK, lets run ComboFix.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look like this, not "sponsored ad links":

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

agrvt · November 16, 2013

ComboFix log attached

ComboFix.txt

MrCharlie · November 16, 2013

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

agrvt · November 16, 2013

# AdwCleaner v3.012 - Report created 15/11/2013 at 21:25:57
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Mr Do - FINALLY
# Running from : C:\Users\Mr Do\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Uniblue\DriverScanner
Folder Deleted : C:\Users\Mr Do\AppData\Roaming\Uniblue\DriverScanner
File Deleted : C:\Users\Public\Desktop\driverscanner.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

*************************

AdwCleaner[R0].txt - [1147 octets] - [15/11/2013 21:13:29]
AdwCleaner[s0].txt - [939 octets] - [15/11/2013 21:25:57]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [998 octets] ##########

agrvt · November 16, 2013

IE froze a couple of times when atempting to post, which is hopefully just a fluke.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.15.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mr Do :: FINALLY [administrator]

11/15/2013 9:46:57 PM
mbam-log-2013-11-15 (21-46-57).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MrCharlie · November 16, 2013

OK, I'll be back in the AM.

MrC

agrvt · November 16, 2013

Thanks for following this and the other computer throughout the day!

MrCharlie · November 16, 2013

How's the computer running now?? MrC

agrvt · November 16, 2013

Good morning MrCharlie!

The computer is working much faster now.

MrCharlie · November 16, 2013

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

MrC

agrvt · November 16, 2013

Results of screen317's Security Check version 0.99.77
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 6 Update 31
Java SE Runtime Environment 6
Java 6 Update 3
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Norton AntiVirus Engine 18.7.1.3 ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

MrCharlie · November 16, 2013

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please uninstall these and any other Java from your add/remove programs:
Java™ 6 Update 31
Java™ SE Runtime Environment 6
Java™ 6 Update 3

Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 45) from Here. Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

agrvt · November 16, 2013

Sincere thanks for all the work you've done with me.

It's great to have the computers back to being usable.

MrCharlie · November 16, 2013

OK...Take Care MrC

AdvancedSetup · November 19, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Laptop seriously infected

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information