Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer will not run aswMBR


  • This topic is locked This topic is locked
26 replies to this topic

#1 Kim_K

Kim_K

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 09 January 2013 - 05:59 PM

Hi

My computer is slow to load programs and web pages. It also stops responding and crashes all the time. I started this thread and have been working with Boopme http://www.bleepingcomputer.com/forums/topic480182.html/page__gopid__2941840.

I have been unable to run several of the fixes he recommended including MBAM and awsMBR. I don't know what the infection is. Boopme instructed me to run DDS and post it here.

Thanks
Kim



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Kim's at 17:42:20 on 2013-01-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2394 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: {90b49673-5506-483e-b92b-ca0265bd9ca8} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - LocalServer32 - <no file>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Kim's\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Facebook Update] "C:\Users\Kim's\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{25A8D8DE-0293-4BAE-8069-3D3732D0FFDA} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{25A8D8DE-0293-4BAE-8069-3D3732D0FFDA}\255747869616E646A4F686E623 : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{25A8D8DE-0293-4BAE-8069-3D3732D0FFDA}\B4F4059523 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kim's\AppData\Roaming\Mozilla\Firefox\Profiles\705pl0y2.default\
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Kim's\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Kim's\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-16 08:10; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-4 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-23 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-23 370288]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-10-4 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-4 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-23 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-23 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-30 44808]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-7 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-7 682344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-4 76912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-7 24176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-14 160944]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-1-15 35104]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-14 6952960]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-4 232480]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-9 1255736]
.
=============== Created Last 30 ================
.
2013-01-09 08:56:27 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA7F1BA5-DD70-4B24-856C-264127E9C6C4}\offreg.dll
2013-01-08 07:51:02 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA7F1BA5-DD70-4B24-856C-264127E9C6C4}\mpengine.dll
2013-01-07 21:36:44 -------- d-----w- C:\Users\Kim's\AppData\Roaming\Malwarebytes
2013-01-07 21:36:28 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-07 21:36:27 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-07 21:36:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-07 07:09:33 -------- d-----w- C:\Windows\pss
2013-01-07 06:45:52 -------- d-----w- C:\Users\Kim's\AppData\Local\Programs
2013-01-05 08:41:21 -------- d-----w- C:\Program Files (x86)\ESET
2012-12-30 20:35:01 247224 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_9b763bcc4abd1798d41ecb5c5a933e48b3daaaf_cab_148f8835\AvastEmUpdate.exe
2012-12-29 07:15:59 44808 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c0000185_527d3ae4857ee3c17b123f7227aaf8386dbab6_cab_0a977b47\AvastSvc.exe
2012-12-21 08:00:38 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 08:00:38 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 08:00:37 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 08:00:36 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 23:22:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 23:22:39 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 23:22:00 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-12-12 23:20:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-12-12 23:19:21 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 23:19:21 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-12 23:19:19 295792 ----a-w- C:\Windows\System32\drivers\volsnap.sys
.
==================== Find3M ====================
.
2013-01-09 08:33:45 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 08:33:45 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-26 00:54:51 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-26 00:54:49 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-26 00:54:49 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-09-13 21:23:42 4096000 ----a-w- C:\Program Files (x86)\GUTDDBB.tmp
.
============= FINISH: 17:43:09.28 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2011 1:51:48 PM
System Uptime: 1/9/2013 12:29:39 PM (5 hours ago)
.
Motherboard: Dell Inc. | | 0C8PJJ
Processor: AMD Athlon™ II P360 Dual-Core Processor | CPU 1 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 47.469 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&2A7D0669&0&2
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&2A7D0669&0&2
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Adobe Acrobat 5.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Augmented Reality
avast! Free Antivirus
Back to the Future The Game - Episode 3
Back to the Future The Game - Episode 4
Big Fish Games: Game Manager
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Coupon Companion
Dell Resource CD
Dell Touchpad
Dell Wireless Driver Installation
Digital Line Detect
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287
Fairway™
Google Chrome
Google Earth Plug-in
Google Update Helper
iCloud
IMVU Avatar Chat Software
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft Zoo Tycoon
Modem Diagnostic Tool
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Rocket
Mystery Case Files&reg;: Escape from Ravenhearst™
Netwaiting
Origin
PhotoScape
Portal
PowerISO
Psychonauts
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Wacky Worlds
Roxio Burn
Skype Click to Call
Skype™ 5.10
SUPERAntiSpyware
The Sims™ 3
The Sims™ 3 Late Night
WIDCOMM Bluetooth Software
.
==== Event Viewer Messages From Past Week ========
.
1/9/2013 4:42:31 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/9/2013 4:30:57 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
1/9/2013 4:10:19 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/9/2013 2:24:54 AM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/9/2013 2:11:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/9/2013 2:11:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
1/9/2013 2:10:02 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/9/2013 2:09:02 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/9/2013 2:06:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
1/9/2013 2:06:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
1/9/2013 2:06:30 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2013 12:35:54 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/9/2013 12:35:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/9/2013 12:32:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
1/9/2013 12:32:49 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2013 1:50:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff880c00000b5, 0x0000000000000008, 0xfffff880c00000b5, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010913-15428-01.
1/9/2013 1:40:57 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
1/8/2013 3:32:22 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.11. The computer with the IP address 10.0.0.8 did not allow the name to be claimed by this computer.
1/8/2013 3:14:51 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.10. The computer with the IP address 10.0.0.8 did not allow the name to be claimed by this computer.
1/8/2013 2:59:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xfffffa800395bdc0, 0x0000080200202020, 0x205346544e9052eb). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010813-17300-01.
1/8/2013 2:38:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xfffffa800395d8d0, 0x138018810c4c0820, 0x4102081040820410). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010813-16832-01.
1/8/2013 1:28:18 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/8/2013 1:19:43 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/8/2013 1:19:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/8/2013 1:19:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/8/2013 1:19:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/8/2013 1:19:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/8/2013 1:18:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6
1/7/2013 6:58:09 PM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
1/7/2013 5:34:49 PM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DAD-PC.
1/7/2013 5:20:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000000008, 0x0000000000000002, 0x0000000000000001, 0xfffff80002fef90d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010713-14492-01.
1/7/2013 5:09:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff880c00000b5, 0x0000000000000008, 0xfffff880c00000b5, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010713-14352-01.
1/7/2013 4:38:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
1/7/2013 4:01:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
1/7/2013 3:31:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.
1/7/2013 3:31:53 AM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/7/2013 2:26:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0xfffffa800ed1c1f0, 0x0000000000000002, 0x0000000000000000, 0xfffff80002faff8c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010713-15818-01.
1/7/2013 10:56:18 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.9. The computer with the IP address 10.0.0.8 did not allow the name to be claimed by this computer.
1/7/2013 10:02:27 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
1/6/2013 8:31:54 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.12. The computer with the IP address 10.0.0.8 did not allow the name to be claimed by this computer.
1/6/2013 7:58:58 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.5. The computer with the IP address 10.0.0.8 did not allow the name to be claimed by this computer.
1/6/2013 6:49:04 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.4. The computer with the IP address 10.0.0.8 did not allow the name to be claimed by this computer.
1/6/2013 6:35:56 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
1/6/2013 6:31:31 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.3. The computer with the IP address 10.0.0.8 did not allow the name to be claimed by this computer.
1/6/2013 6:31:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000000008, 0x0000000000000002, 0x0000000000000001, 0xfffff80002fa990d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010613-19546-01.
1/5/2013 9:06:22 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.7. The computer with the IP address 10.0.0.8 did not allow the name to be claimed by this computer.
1/5/2013 5:05:56 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.
1/5/2013 2:45:16 PM, Error: Service Control Manager [7034] - The Windows Defender service terminated unexpectedly. It has done this 3 time(s).
1/5/2013 1:44:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
1/5/2013 1:44:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
1/5/2013 1:44:19 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:03 PM

Posted 10 January 2013 - 09:44 AM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Kim_K

Kim_K
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 10 January 2013 - 05:17 PM

Hi Catbyte

I followed your instructions. Here is the log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
Ran by SYSTEM at 10-01-2013 16:09:22
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10810912 2010-05-13] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-03-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [307200 2011-06-14] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" [x]
HKU\Kim's\...\Run: [Google Update] "C:\Users\Kim's\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-07] (Google Inc.)
HKU\Kim's\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Kim's\...\Run: [Facebook Update] "C:\Users\Kim's\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Kim's\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Kim's\...\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Kim's\...\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent [x]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-10-02] (SUPERAntiSpyware.com)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-10] (ManyCam LLC)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 57171599; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-09 14:46 - 2013-01-09 14:46 - 00018083 ____A C:\Users\Kim's\Desktop\DDS Attach.txt
2013-01-09 14:43 - 2013-01-09 14:43 - 00018083 ____A C:\Users\Kim's\Desktop\attach.txt
2013-01-09 14:43 - 2013-01-09 14:43 - 00015972 ____A C:\Users\Kim's\Desktop\dds.txt
2013-01-09 14:41 - 2013-01-09 14:41 - 00688992 ____R (Swearware) C:\Users\Kim's\Desktop\dds.com
2013-01-08 22:50 - 2013-01-08 22:50 - 00275848 ____A C:\Windows\Minidump\010913-15428-01.dmp
2013-01-07 23:59 - 2013-01-07 23:59 - 00275848 ____A C:\Windows\Minidump\010813-17300-01.dmp
2013-01-07 23:38 - 2013-01-07 23:38 - 00275848 ____A C:\Windows\Minidump\010813-16832-01.dmp
2013-01-07 22:34 - 2013-01-07 22:34 - 04732416 ____A (AVAST Software) C:\Users\Kim's\Desktop\aswMBR.exe
2013-01-07 22:27 - 2013-01-07 22:27 - 00008307 ____A C:\AdwCleaner[S1].txt
2013-01-07 22:26 - 2013-01-07 22:26 - 00554091 ____A C:\Users\Kim's\Desktop\AdwCleaner.exe
2013-01-07 14:19 - 2013-01-07 14:19 - 00275848 ____A C:\Windows\Minidump\010713-14492-01.dmp
2013-01-07 14:09 - 2013-01-07 14:09 - 00275848 ____A C:\Windows\Minidump\010713-14352-01.dmp
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Users\Kim's\AppData\Roaming\Malwarebytes
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-07 13:36 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-07 13:35 - 2013-01-07 13:35 - 10156424 ____A (Malwarebytes Corporation ) C:\Users\Kim's\Downloads\mbam-setup.exe
2013-01-07 12:47 - 2013-01-07 12:47 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Kim's\Desktop\mbam-clean-1.60.2.0003.exe
2013-01-07 12:41 - 2013-01-07 12:44 - 00001238 ____A C:\Users\Kim's\Desktop\FixExec.txt
2013-01-07 12:39 - 2013-01-07 12:39 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Kim's\Desktop\FixExec.exe
2013-01-06 23:26 - 2013-01-06 23:26 - 00275848 ____A C:\Windows\Minidump\010713-15818-01.dmp
2013-01-06 23:09 - 2013-01-06 23:09 - 00000000 ____D C:\Windows\pss
2013-01-06 15:31 - 2013-01-06 15:31 - 00275848 ____A C:\Windows\Minidump\010613-19546-01.dmp
2013-01-05 13:13 - 2013-01-05 13:13 - 00000414 ____A C:\Users\Kim's\Desktop\ESETSCAN.txt
2013-01-05 13:08 - 2013-01-05 13:08 - 00002479 ____A C:\scu.dat
2013-01-05 00:41 - 2013-01-05 00:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-05 00:29 - 2013-01-05 00:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Kim's\Downloads\tdsskiller.exe
2013-01-05 00:28 - 2013-01-05 00:28 - 00024096 ____A C:\Users\Kim's\Desktop\minitoolboxresult.txt
2013-01-05 00:26 - 2013-01-05 00:26 - 00024096 ____A C:\Users\Kim's\Desktop\Result.txt
2013-01-05 00:24 - 2013-01-05 00:24 - 00752213 ____A (Farbar) C:\Users\Kim's\Desktop\MiniToolBox.exe
2013-01-05 00:01 - 2013-01-05 00:01 - 00001094 ____A C:\Users\Kim's\Desktop\TFC.exe - Shortcut.lnk
2013-01-04 23:59 - 2013-01-04 23:59 - 00448512 ____A (OldTimer Tools) C:\Users\Kim's\Downloads\TFC.exe
2012-12-30 00:53 - 2012-12-30 00:53 - 00275848 ____A C:\Windows\Minidump\123012-18205-01.dmp
2012-12-29 03:27 - 2012-12-29 03:27 - 00275848 ____A C:\Windows\Minidump\122912-16567-01.dmp
2012-12-28 22:50 - 2012-12-28 22:51 - 00275792 ____A C:\Windows\Minidump\122912-22526-01.dmp
2012-12-28 21:47 - 2012-12-28 21:47 - 00275848 ____A C:\Windows\Minidump\122912-18969-01.dmp
2012-12-28 21:19 - 2012-12-28 21:20 - 00275848 ____A C:\Windows\Minidump\122912-17019-01.dmp
2012-12-27 15:47 - 2012-12-27 15:47 - 00275848 ____A C:\Windows\Minidump\122712-22401-01.dmp
2012-12-27 09:14 - 2012-12-27 09:14 - 00000000 ____D C:\Users\Kim's\Documents\Single.Father.S01.DVDRip.XViD-TASTETV
2012-12-27 09:11 - 2012-12-27 09:12 - 00275848 ____A C:\Windows\Minidump\122712-25724-01.dmp
2012-12-23 18:10 - 2012-12-23 18:10 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-12-22 16:42 - 2012-12-22 16:42 - 00275792 ____A C:\Windows\Minidump\122212-49826-01.dmp
2012-12-21 00:00 - 2012-12-16 08:52 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 00:00 - 2012-12-16 06:40 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 00:00 - 2012-12-16 06:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 00:00 - 2012-12-16 06:25 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-13 14:08 - 2012-12-13 14:08 - 00002210 ____A C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
2012-12-13 13:54 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 13:54 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 13:54 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 13:54 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 13:54 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 13:54 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 13:54 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 13:54 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 13:54 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 13:54 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 13:54 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 13:54 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 13:54 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 13:54 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 13:54 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 13:54 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 13:54 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-13 13:54 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-13 13:54 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-13 13:54 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-13 13:54 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-13 13:54 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-13 13:54 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-13 13:54 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-13 13:54 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-13 13:54 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-13 13:54 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-13 13:54 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 13:54 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-13 13:54 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-13 13:54 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 13:54 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 15:22 - 2012-11-22 00:20 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-12 15:22 - 2012-11-08 21:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-12 15:22 - 2012-11-08 20:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-12 15:21 - 2012-10-04 09:38 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-12 15:21 - 2012-10-04 09:38 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-12 15:21 - 2012-10-04 09:38 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-12 15:21 - 2012-10-04 09:38 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-12 15:21 - 2012-10-04 09:35 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-12 15:21 - 2012-10-04 09:32 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-12 15:21 - 2012-10-04 09:32 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:54 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-12 15:21 - 2012-10-04 08:54 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-12 15:21 - 2012-10-04 08:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 07:19 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-12 15:21 - 2012-10-04 06:49 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-12 15:21 - 2012-10-04 06:49 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-12 15:21 - 2012-10-04 06:49 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-12 15:21 - 2012-10-04 06:44 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 06:44 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 06:44 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 15:21 - 2012-10-04 06:44 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 15:20 - 2012-10-04 06:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-12 15:19 - 2012-11-01 21:27 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-12 15:19 - 2012-11-01 20:48 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-12 15:19 - 2012-09-06 09:38 - 00295792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys


==================== One Month Modified Files and Folders =======

2013-01-10 13:00 - 2013-01-10 13:00 - 00275848 ____A C:\Windows\Minidump\011013-15350-01.dmp
2013-01-10 13:00 - 2012-09-01 07:02 - 340168454 ____A C:\Windows\MEMORY.DMP
2013-01-10 13:00 - 2012-09-01 07:02 - 00000000 ____D C:\Windows\Minidump
2013-01-10 12:56 - 2009-07-13 21:13 - 00004526 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-10 12:48 - 2011-12-24 17:06 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-10 12:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-10 12:47 - 2009-07-13 20:51 - 00065964 ____A C:\Windows\setupact.log
2013-01-10 12:39 - 2011-12-24 17:06 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-10 12:36 - 2011-10-07 10:01 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001UA.job
2013-01-10 12:30 - 2012-05-11 18:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-10 12:27 - 2011-10-04 13:58 - 01800219 ____A C:\Windows\WindowsUpdate.log
2013-01-10 12:16 - 2011-11-21 10:02 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001UA.job
2013-01-10 01:27 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-10 01:27 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-09 19:36 - 2011-10-07 10:01 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001Core.job
2013-01-09 18:00 - 2011-11-21 10:02 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001Core.job
2013-01-09 14:46 - 2013-01-09 14:46 - 00018083 ____A C:\Users\Kim's\Desktop\DDS Attach.txt
2013-01-09 14:43 - 2013-01-09 14:43 - 00018083 ____A C:\Users\Kim's\Desktop\attach.txt
2013-01-09 14:43 - 2013-01-09 14:43 - 00015972 ____A C:\Users\Kim's\Desktop\dds.txt
2013-01-09 14:41 - 2013-01-09 14:41 - 00688992 ____R (Swearware) C:\Users\Kim's\Desktop\dds.com
2013-01-09 00:33 - 2012-05-11 18:50 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 00:33 - 2011-10-07 19:06 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-08 23:08 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-08 22:50 - 2013-01-08 22:50 - 00275848 ____A C:\Windows\Minidump\010913-15428-01.dmp
2013-01-07 23:59 - 2013-01-07 23:59 - 00275848 ____A C:\Windows\Minidump\010813-17300-01.dmp
2013-01-07 23:38 - 2013-01-07 23:38 - 00275848 ____A C:\Windows\Minidump\010813-16832-01.dmp
2013-01-07 22:34 - 2013-01-07 22:34 - 04732416 ____A (AVAST Software) C:\Users\Kim's\Desktop\aswMBR.exe
2013-01-07 22:27 - 2013-01-07 22:27 - 00008307 ____A C:\AdwCleaner[S1].txt
2013-01-07 22:26 - 2013-01-07 22:26 - 00554091 ____A C:\Users\Kim's\Desktop\AdwCleaner.exe
2013-01-07 22:16 - 2011-10-11 18:30 - 00000000 ____D C:\Users\Kim's\AppData\Roaming\Skype
2013-01-07 14:28 - 2012-03-09 12:54 - 00000000 ____D C:\Users\Kim's\AppData\Local\Microsoft Games
2013-01-07 14:19 - 2013-01-07 14:19 - 00275848 ____A C:\Windows\Minidump\010713-14492-01.dmp
2013-01-07 14:09 - 2013-01-07 14:09 - 00275848 ____A C:\Windows\Minidump\010713-14352-01.dmp
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Users\Kim's\AppData\Roaming\Malwarebytes
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-07 13:35 - 2013-01-07 13:35 - 10156424 ____A (Malwarebytes Corporation ) C:\Users\Kim's\Downloads\mbam-setup.exe
2013-01-07 12:48 - 2011-10-07 11:40 - 00047280 ____A C:\Windows\PFRO.log
2013-01-07 12:47 - 2013-01-07 12:47 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Kim's\Desktop\mbam-clean-1.60.2.0003.exe
2013-01-07 12:44 - 2013-01-07 12:41 - 00001238 ____A C:\Users\Kim's\Desktop\FixExec.txt
2013-01-07 12:39 - 2013-01-07 12:39 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Kim's\Desktop\FixExec.exe
2013-01-06 23:26 - 2013-01-06 23:26 - 00275848 ____A C:\Windows\Minidump\010713-15818-01.dmp
2013-01-06 23:09 - 2013-01-06 23:09 - 00000000 ____D C:\Windows\pss
2013-01-06 15:31 - 2013-01-06 15:31 - 00275848 ____A C:\Windows\Minidump\010613-19546-01.dmp
2013-01-06 15:08 - 2011-10-09 08:07 - 00000000 ____D C:\Program Files (x86)\Java
2013-01-05 13:13 - 2013-01-05 13:13 - 00000414 ____A C:\Users\Kim's\Desktop\ESETSCAN.txt
2013-01-05 13:08 - 2013-01-05 13:08 - 00002479 ____A C:\scu.dat
2013-01-05 13:08 - 2012-09-26 21:15 - 00000000 ____D C:\Program Files (x86)\Coupon Companion
2013-01-05 00:41 - 2013-01-05 00:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-05 00:29 - 2013-01-05 00:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Kim's\Downloads\tdsskiller.exe
2013-01-05 00:28 - 2013-01-05 00:28 - 00024096 ____A C:\Users\Kim's\Desktop\minitoolboxresult.txt
2013-01-05 00:26 - 2013-01-05 00:26 - 00024096 ____A C:\Users\Kim's\Desktop\Result.txt
2013-01-05 00:24 - 2013-01-05 00:24 - 00752213 ____A (Farbar) C:\Users\Kim's\Desktop\MiniToolBox.exe
2013-01-05 00:01 - 2013-01-05 00:01 - 00001094 ____A C:\Users\Kim's\Desktop\TFC.exe - Shortcut.lnk
2013-01-04 23:59 - 2013-01-04 23:59 - 00448512 ____A (OldTimer Tools) C:\Users\Kim's\Downloads\TFC.exe
2012-12-30 00:53 - 2012-12-30 00:53 - 00275848 ____A C:\Windows\Minidump\123012-18205-01.dmp
2012-12-29 23:27 - 2011-10-07 10:06 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-12-29 03:27 - 2012-12-29 03:27 - 00275848 ____A C:\Windows\Minidump\122912-16567-01.dmp
2012-12-28 22:51 - 2012-12-28 22:50 - 00275792 ____A C:\Windows\Minidump\122912-22526-01.dmp
2012-12-28 21:47 - 2012-12-28 21:47 - 00275848 ____A C:\Windows\Minidump\122912-18969-01.dmp
2012-12-28 21:20 - 2012-12-28 21:19 - 00275848 ____A C:\Windows\Minidump\122912-17019-01.dmp
2012-12-27 18:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-27 15:47 - 2012-12-27 15:47 - 00275848 ____A C:\Windows\Minidump\122712-22401-01.dmp
2012-12-27 15:13 - 2012-10-11 21:29 - 00000000 ____D C:\Users\Kim's\Desktop\823WGTMA
2012-12-27 15:07 - 2012-10-02 13:09 - 00000000 ____D C:\Users\Kim's\Desktop\photos
2012-12-27 14:48 - 2012-10-02 13:05 - 00000000 ____D C:\Users\Kim's\Desktop\things i dont really use on my laptop
2012-12-27 13:57 - 2012-08-30 13:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-12-27 13:22 - 2011-10-14 03:56 - 00000000 ____D C:\Users\Kim's\AppData\Roaming\Elxogy
2012-12-27 09:14 - 2012-12-27 09:14 - 00000000 ____D C:\Users\Kim's\Documents\Single.Father.S01.DVDRip.XViD-TASTETV
2012-12-27 09:14 - 2012-12-09 13:04 - 00000000 ____D C:\Users\Kim's\Documents\The.Sarah.Jane.Adventures.S05
2012-12-27 09:12 - 2012-12-27 09:11 - 00275848 ____A C:\Windows\Minidump\122712-25724-01.dmp
2012-12-27 09:01 - 2011-10-07 09:51 - 00000000 ____D C:\users\Kim's
2012-12-23 21:06 - 2012-10-02 13:07 - 00000000 ____D C:\Users\Kim's\Desktop\anti virus scans
2012-12-23 21:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-12-23 21:05 - 2012-01-15 15:36 - 00000000 ____D C:\Users\All Users\Real
2012-12-23 18:10 - 2012-12-23 18:10 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-12-22 16:42 - 2012-12-22 16:42 - 00275792 ____A C:\Windows\Minidump\122212-49826-01.dmp
2012-12-21 22:42 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-19 22:03 - 2011-10-12 16:03 - 00000000 ____D C:\Users\Kim's\Incomplete
2012-12-19 21:59 - 2011-10-07 10:06 - 00000000 ____D C:\Users\Kim's\AppData\Roaming\MP3Rocket
2012-12-18 20:31 - 2012-10-30 19:35 - 00000000 ____D C:\Users\Kim's\Desktop\DCIM
2012-12-16 08:52 - 2012-12-21 00:00 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:40 - 2012-12-21 00:00 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:25 - 2012-12-21 00:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:25 - 2012-12-21 00:00 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-14 13:49 - 2013-01-07 13:36 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-13 14:08 - 2012-12-13 14:08 - 00002210 ____A C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
2012-12-13 13:59 - 2011-10-04 13:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-12-12 15:07 - 2011-10-07 10:01 - 00002482 ____A C:\Users\Kim's\Desktop\Google Chrome.lnk


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 15:19] - [2012-09-06 09:38] - 0295792 ____A (Microsoft Corporation) 9E425AC5C9A5A973273D169F43B4F5E1


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-09 21:27:14

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3835.82 MB
Available physical RAM: 3076.26 MB
Total Pagefile: 3833.96 MB
Available Pagefile: 3056.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:47.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive f: (CRUZER) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1907 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 298 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F CRUZER FAT Removable 1907 MB Healthy

=========================================================

Last Boot: 2013-01-06 19:11

==================== End Of Log =============================

Thanks
Kim

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:03 PM

Posted 10 January 2013 - 08:44 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Kim_K

Kim_K
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 12 January 2013 - 02:52 AM

Aaaaaaaaagh. That didn't go well.

It took me 1 hour and 15 minutes to disable my firewall and Avast. I kept getting "program not responding" and "program closed unexpectedly. But I finally got it done. I couldn't get on IE so I downloaded Combofix to a flash drive on another computer and copied to my desktop. It started fine but after the registry back up, I got a message that Avast was still running and I should close it. I clicked OK and clicked on Avast to see what the problem was. Like I said I thought I turned off Avast. When I clicked on Avast my screen turned white. I could see my desktop icons under the white. I didn't want to just click around. The user guide says to not use the computer while Combofix is running. I waited about 20 minutes and my screen went back to normal and I got a box that said Avast was running and Combofix was going to scan anyway. The only choice was OK so I clicked OK and the scan started. It took over an hour and a half to complete.

I am posting the log. The reason for the long story is in case Avast running affected what's in the log. The good news is the computer is running 1000 times better.

Here is the log

ComboFix 13-01-11.02 - Kim's 01/11/2013 18:23:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2582 [GMT -5:00]
Running from: c:\users\Kim's\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))
.
.
2013-01-12 01:12 . 2013-01-12 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 22:39 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79EDEE24-7F59-4B3C-BFC0-6A40DAD422A4}\mpengine.dll
2013-01-07 21:36 . 2013-01-07 21:36 -------- d-----w- c:\users\Kim's\AppData\Roaming\Malwarebytes
2013-01-07 21:36 . 2013-01-07 21:36 -------- d-----w- c:\programdata\Malwarebytes
2013-01-07 21:36 . 2013-01-07 21:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-07 21:36 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-07 06:45 . 2013-01-07 06:45 -------- d-----w- c:\users\Kim's\AppData\Local\Programs
2013-01-05 08:41 . 2013-01-05 08:41 -------- d-----w- c:\program files (x86)\ESET
2012-12-30 20:35 . 2012-10-30 23:50 247224 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_9b763bcc4abd1798d41ecb5c5a933e48b3daaaf_cab_148f8835\AvastEmUpdate.exe
2012-12-29 07:15 . 2012-08-21 09:12 44808 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_c0000185_527d3ae4857ee3c17b123f7227aaf8386dbab6_cab_0a977b47\AvastSvc.exe
2012-12-21 08:00 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 08:00 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 08:00 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 08:00 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 08:33 . 2012-05-12 02:50 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 08:33 . 2011-10-08 03:06 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 08:20 . 2012-12-12 23:22 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-19 18:53 . 2011-10-26 01:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-11-19 18:52 . 2011-11-05 08:36 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-19 18:52 . 2011-11-05 08:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-09 05:34 . 2012-12-12 23:22 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:49 . 2012-12-12 23:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:27 . 2012-12-12 23:19 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 04:48 . 2012-12-12 23:19 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-30 23:51 . 2011-10-24 04:11 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2011-10-24 04:11 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2011-10-24 04:11 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2011-10-24 04:11 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 23:51 . 2011-10-24 04:11 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2011-10-24 04:10 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2011-10-24 04:10 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 23:50 . 2011-10-07 18:06 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 00:18 . 2011-10-09 16:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-10-30 00:07 . 2011-10-09 16:17 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-30 00:07 . 2011-10-09 16:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-30 00:07 . 2011-10-09 16:16 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-26 00:54 . 2012-10-26 00:54 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-26 00:54 . 2012-06-28 17:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-26 00:54 . 2011-12-03 20:47 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-15 16:59 . 2012-04-27 20:06 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-13 21:23 . 2012-09-13 21:23 4096000 ----a-w- c:\program files (x86)\GUTDDBB.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Kim's\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-24 102400]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-10-4 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-14 160944]
R3 57171599;57171599; [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 232480]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-09 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-10-02 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-24 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 08:33]
.
2013-01-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001Core.job
- c:\users\Kim's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-21 00:55]
.
2013-01-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001UA.job
- c:\users\Kim's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-21 00:55]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 01:06]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 01:06]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001Core.job
- c:\users\Kim's\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 18:01]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001UA.job
- c:\users\Kim's\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 18:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-13 10810912]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Kim's\AppData\Roaming\Mozilla\Firefox\Profiles\705pl0y2.default\
FF - ExtSQL: 2012-11-16 08:10; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\13.2.0.5
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
BHO-{11111111-1111-1111-1111-110011441193} - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKCU-Run-ManyCam - c:\program files (x86)\ManyCam\Bin\ManyCam.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
AddRemove-7-Zip - c:\users\Kim's\Desktop\7-Zip\Uninstall.exe
AddRemove-Portal - c:\program files (x86)\Portal\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory".
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-11 20:45:48
ComboFix-quarantined-files.txt 2013-01-12 01:37
.
Pre-Run: 50,890,907,648 bytes free
Post-Run: 50,628,005,888 bytes free
.
- - End Of File - - 9148BCEF90C06D3ECA625937DE635D8A

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:03 PM

Posted 12 January 2013 - 09:03 AM

sorry that you had such difficulties with Avast, but I'm glad things are running better, we still have a few more scans to run to make sure we are in the clear

please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Kim_K

Kim_K
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 13 January 2013 - 08:41 PM

Scan results



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Home Premium x64
Ran by Kim's on Sun 01/13/2013 at 3:20:47.33
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Kim's\appdata\local\coupon companion"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Kim's\AppData\Roaming\mozilla\firefox\profiles\705pl0y2.default\extensions\crossriderapp4493@crossrider.com
Emptied folder: C:\Users\Kim's\AppData\Roaming\mozilla\firefox\profiles\705pl0y2.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/13/2013 at 3:37:27.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v2.105 - Logfile created 01/13/2013 at 04:07:08
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Kim's - KIMS-PC
# Boot Mode : Normal
# Running from : C:\Users\Kim's\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

File : C:\Users\Kim's\AppData\Roaming\Mozilla\Firefox\Profiles\705pl0y2.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Kim's\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8307 octets] - [08/01/2013 01:27:40]
AdwCleaner[S2].txt - [855 octets] - [13/01/2013 04:07:08]

########## EOF - C:\AdwCleaner[S2].txt - [914 octets] ##########


Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.13.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Kim's :: KIMS-PC [administrator]

Protection: Enabled

1/13/2013 4:10:51 AM
mbam-log-2013-01-13 (04-10-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224348
Time elapsed: 3 hour(s), 34 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET found no threats and didn't create a log

Kim

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:03 PM

Posted 13 January 2013 - 08:52 PM

Please run the following:

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u11
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u11-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Leave these two Checked

    Trace and Log Files
    Cached Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
[/list]


NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Kim_K

Kim_K
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 13 January 2013 - 10:27 PM

Hi CatByte

Thank you so much for your help. The computer is running much better than before. It still seems slow to start. It took over 9 minutes from power on until I could type this reply. The other computer running Vista takes less than 4. Plus Internet Explorer shut down the first time I started to type this reply. This is my second try. Once everything is up and running a bit it seems to work better.

I'll use the computer for a couple of days and see I have any other issues. Should I post in this thread or start another topic?

Thanks again for all of your help
Kim

Is it OK to remove the scan tools and logs from the computer?

Edited by Kim_K, 13 January 2013 - 10:28 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:03 PM

Posted 14 January 2013 - 06:29 PM

We just have some housekeeping to do now,

Please do the following:


You can delete the DDS and the Farbar logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.


I'll keep the thread open a couple of days in case you experience any other issues

for the slow start-up issue

try this:

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


let me know if that helps at all.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Kim_K

Kim_K
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 January 2013 - 02:23 AM

Thanks CatByte

I'm still having issues with programs not responding and the computer crashing, I installed Startuplite which helped a lot with starting up. It will take me a few days to go through all the issues listed in Slow Computer/browser? Check Here First; It May Not Be Malware. I'll post back when I'm finished.

Thanks
Kim

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:03 PM

Posted 16 January 2013 - 06:15 PM

ok, let me know

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Kim_K

Kim_K
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 25 January 2013 - 10:30 PM

Hi CatByte

I'm still having problems. I haven't used the computer in a while and now I can't get it to run at all. When I start it all seems normal until the desktop appears and the icons load. Before I can do anything I get a pop up saying Windows Explorer has stopped working. I have the option to restart windows or check on line for a solution. Both options give the same results. The icons disapperar and then reappear but I get the same pop up before I can do anything. The problem details are:

Problem event name InPageError
Error Status Code c0000185
Faulting Media Type 00000003
OS Version 6.1.7600.2.0.0.768.3
Locale ID 1033
Additional Information 8468
Additional Information 2 846472eea37a273f76bffabdaf3c717
Additional Information 3 84a0
Additional Information 4 84a0d5231be3496c0094e035f0ba116

The same thing happens in safe mode. Any help with the new problem? I haven't done much with it since my last post.

Kim

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:03 PM

Posted 26 January 2013 - 12:52 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Kim_K

Kim_K
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 27 January 2013 - 12:46 PM

Scan log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 27-01-2013 12:39:13
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10810912 2010-05-13] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-03-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [307200 2011-06-14] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKU\Kim's\...\Run: [Facebook Update] "C:\Users\Kim's\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKLM\...\Runonce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue [x]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-10-02] (SUPERAntiSpyware.com)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-10] (ManyCam LLC)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 57171599; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-25 20:04 - 2013-01-25 20:04 - 00275848 ____A C:\Windows\Minidump\012513-21387-01.dmp
2013-01-16 11:26 - 2013-01-16 11:38 - 00000000 ____D C:\Users\Kim's\Desktop\scan files
2013-01-13 18:14 - 2013-01-13 18:14 - 31473568 ____A (Oracle Corporation) C:\Users\Kim's\Desktop\jre-7u11-windows-i586.exe
2013-01-13 17:57 - 2013-01-25 18:45 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-01-13 17:57 - 2012-10-30 15:51 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-01-13 17:57 - 2012-10-30 15:51 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-01-13 17:57 - 2012-10-30 15:51 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-01-13 17:57 - 2012-10-30 15:51 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-01-13 17:57 - 2012-10-30 15:51 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-01-13 17:57 - 2012-10-15 08:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-01-13 17:56 - 2012-10-30 15:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-01-13 17:56 - 2012-10-30 15:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2013-01-13 17:55 - 2013-01-13 17:56 - 102315992 ____A C:\Users\Kim's\Downloads\avast_free_antivirus_setup (1).exe
2013-01-13 17:54 - 2013-01-13 17:55 - 102315992 ____A C:\Users\Kim's\Downloads\avast_free_antivirus_setup.exe
2013-01-13 11:58 - 2013-01-13 11:59 - 00275848 ____A C:\Windows\Minidump\011313-16676-01.dmp
2013-01-13 01:07 - 2013-01-13 01:07 - 00000982 ____A C:\AdwCleaner[S2].txt
2013-01-13 01:06 - 2013-01-13 01:06 - 00554087 ____A C:\Users\Kim's\Desktop\AdwCleaner.exe
2013-01-13 00:20 - 2013-01-13 00:20 - 00000000 ____D C:\Windows\ERUNT
2013-01-13 00:20 - 2013-01-13 00:20 - 00000000 ____D C:\JRT
2013-01-13 00:02 - 2013-01-13 00:02 - 00499023 ____A (Oleg N. Scherbakov) C:\Users\Kim's\Desktop\JRT.exe
2013-01-11 17:45 - 2013-01-11 17:46 - 00017595 ____A C:\ComboFix.txt
2013-01-11 15:12 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-01-11 15:12 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-01-11 15:12 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-01-11 15:12 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-01-11 15:12 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-01-11 15:12 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-01-11 15:12 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-01-11 15:12 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-01-11 14:31 - 2013-01-11 17:46 - 00000000 ____D C:\Qoobox
2013-01-11 14:31 - 2013-01-11 17:26 - 00000000 ____D C:\Windows\erdnt
2013-01-11 14:27 - 2013-01-11 13:43 - 05021154 ____R (Swearware) C:\Users\Kim's\Desktop\ComboFix.exe
2013-01-11 13:24 - 2013-01-11 13:24 - 00275848 ____A C:\Windows\Minidump\011113-16582-01.dmp
2013-01-10 13:00 - 2013-01-10 13:00 - 00275848 ____A C:\Windows\Minidump\011013-15350-01.dmp
2013-01-09 14:41 - 2013-01-09 14:41 - 00688992 ___RA (Swearware) C:\Users\Kim's\Desktop\dds.com
2013-01-08 22:50 - 2013-01-08 22:50 - 00275848 ____A C:\Windows\Minidump\010913-15428-01.dmp
2013-01-07 23:59 - 2013-01-07 23:59 - 00275848 ____A C:\Windows\Minidump\010813-17300-01.dmp
2013-01-07 23:38 - 2013-01-07 23:38 - 00275848 ____A C:\Windows\Minidump\010813-16832-01.dmp
2013-01-07 22:34 - 2013-01-07 22:34 - 04732416 ____A (AVAST Software) C:\Users\Kim's\Desktop\aswMBR.exe
2013-01-07 22:27 - 2013-01-07 22:27 - 00008307 ____A C:\AdwCleaner[S1].txt
2013-01-07 14:19 - 2013-01-07 14:19 - 00275848 ____A C:\Windows\Minidump\010713-14492-01.dmp
2013-01-07 14:09 - 2013-01-07 14:09 - 00275848 ____A C:\Windows\Minidump\010713-14352-01.dmp
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Users\Kim's\AppData\Roaming\Malwarebytes
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-07 13:36 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-07 13:35 - 2013-01-07 13:35 - 10156424 ____A (Malwarebytes Corporation ) C:\Users\Kim's\Downloads\mbam-setup.exe
2013-01-07 12:47 - 2013-01-07 12:47 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Kim's\Desktop\mbam-clean-1.60.2.0003.exe
2013-01-07 12:39 - 2013-01-07 12:39 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Kim's\Desktop\FixExec.exe
2013-01-06 23:26 - 2013-01-06 23:26 - 00275848 ____A C:\Windows\Minidump\010713-15818-01.dmp
2013-01-06 23:09 - 2013-01-06 23:09 - 00000000 ____D C:\Windows\pss
2013-01-06 15:31 - 2013-01-06 15:31 - 00275848 ____A C:\Windows\Minidump\010613-19546-01.dmp
2013-01-05 13:08 - 2013-01-05 13:08 - 00002479 ____A C:\scu.dat
2013-01-05 00:41 - 2013-01-05 00:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-05 00:29 - 2013-01-05 00:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Kim's\Downloads\tdsskiller.exe
2013-01-05 00:24 - 2013-01-05 00:24 - 00752213 ____A (Farbar) C:\Users\Kim's\Desktop\MiniToolBox.exe
2013-01-05 00:01 - 2013-01-05 00:01 - 00001094 ____A C:\Users\Kim's\Desktop\TFC.exe - Shortcut.lnk
2013-01-04 23:59 - 2013-01-04 23:59 - 00448512 ____A (OldTimer Tools) C:\Users\Kim's\Downloads\TFC.exe
2012-12-30 00:53 - 2012-12-30 00:53 - 00275848 ____A C:\Windows\Minidump\123012-18205-01.dmp
2012-12-29 03:27 - 2012-12-29 03:27 - 00275848 ____A C:\Windows\Minidump\122912-16567-01.dmp
2012-12-28 22:50 - 2012-12-28 22:51 - 00275792 ____A C:\Windows\Minidump\122912-22526-01.dmp
2012-12-28 21:47 - 2012-12-28 21:47 - 00275848 ____A C:\Windows\Minidump\122912-18969-01.dmp
2012-12-28 21:19 - 2012-12-28 21:20 - 00275848 ____A C:\Windows\Minidump\122912-17019-01.dmp

==================== One Month Modified Files and Folders =======

2013-01-27 09:32 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-27 09:32 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-27 09:30 - 2012-05-11 18:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-27 09:15 - 2011-12-24 17:06 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-27 09:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-27 09:14 - 2009-07-13 20:51 - 00067028 ____A C:\Windows\setupact.log
2013-01-25 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-01-25 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-01-25 20:08 - 2011-10-04 13:58 - 01963644 ____A C:\Windows\WindowsUpdate.log
2013-01-25 20:04 - 2013-01-25 20:04 - 00275848 ____A C:\Windows\Minidump\012513-21387-01.dmp
2013-01-25 20:04 - 2012-09-01 07:02 - 324484870 ____A C:\Windows\MEMORY.DMP
2013-01-25 20:04 - 2012-09-01 07:02 - 00000000 ____D C:\Windows\Minidump
2013-01-25 18:45 - 2013-01-13 17:57 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-01-25 18:45 - 2011-10-07 10:06 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-01-25 18:39 - 2011-10-07 09:51 - 00000000 ____D C:\users\Kim's
2013-01-16 11:38 - 2013-01-16 11:26 - 00000000 ____D C:\Users\Kim's\Desktop\scan files
2013-01-15 23:24 - 2011-10-12 16:03 - 00000000 ____D C:\Users\Kim's\Incomplete
2013-01-13 18:14 - 2013-01-13 18:14 - 31473568 ____A (Oracle Corporation) C:\Users\Kim's\Desktop\jre-7u11-windows-i586.exe
2013-01-13 18:01 - 2011-11-21 10:02 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001UA.job
2013-01-13 18:00 - 2011-11-21 10:02 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001Core.job
2013-01-13 17:56 - 2013-01-13 17:55 - 102315992 ____A C:\Users\Kim's\Downloads\avast_free_antivirus_setup (1).exe
2013-01-13 17:56 - 2011-10-07 10:06 - 00000000 ____D C:\Users\All Users\AVAST Software
2013-01-13 17:56 - 2011-10-07 10:06 - 00000000 ____D C:\Program Files\AVAST Software
2013-01-13 17:55 - 2013-01-13 17:54 - 102315992 ____A C:\Users\Kim's\Downloads\avast_free_antivirus_setup.exe
2013-01-13 17:39 - 2011-12-24 17:06 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-13 17:38 - 2011-10-07 10:01 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001UA.job
2013-01-13 12:35 - 2011-10-07 11:40 - 00048564 ____A C:\Windows\PFRO.log
2013-01-13 11:59 - 2013-01-13 11:58 - 00275848 ____A C:\Windows\Minidump\011313-16676-01.dmp
2013-01-13 01:07 - 2013-01-13 01:07 - 00000982 ____A C:\AdwCleaner[S2].txt
2013-01-13 01:06 - 2013-01-13 01:06 - 00554087 ____A C:\Users\Kim's\Desktop\AdwCleaner.exe
2013-01-13 00:56 - 2011-10-11 18:30 - 00000000 ____D C:\Users\All Users\Skype
2013-01-13 00:43 - 2011-10-07 10:01 - 00002363 ____A C:\Users\Kim's\Desktop\Google Chrome.lnk
2013-01-13 00:20 - 2013-01-13 00:20 - 00000000 ____D C:\Windows\ERUNT
2013-01-13 00:20 - 2013-01-13 00:20 - 00000000 ____D C:\JRT
2013-01-13 00:02 - 2013-01-13 00:02 - 00499023 ____A (Oleg N. Scherbakov) C:\Users\Kim's\Desktop\JRT.exe
2013-01-12 11:47 - 2011-12-30 15:39 - 00000000 ____D C:\Users\Kim's\AppData\Roaming\IMVU
2013-01-11 19:36 - 2011-10-07 10:01 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863958757-597028824-2311367197-1001Core.job
2013-01-11 17:46 - 2013-01-11 17:45 - 00017595 ____A C:\ComboFix.txt
2013-01-11 17:46 - 2013-01-11 14:31 - 00000000 ____D C:\Qoobox
2013-01-11 17:46 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-01-11 17:26 - 2013-01-11 14:31 - 00000000 ____D C:\Windows\erdnt
2013-01-11 17:13 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-01-11 14:51 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-11 14:26 - 2009-07-13 21:13 - 00004526 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-11 13:43 - 2013-01-11 14:27 - 05021154 ____R (Swearware) C:\Users\Kim's\Desktop\ComboFix.exe
2013-01-11 13:24 - 2013-01-11 13:24 - 00275848 ____A C:\Windows\Minidump\011113-16582-01.dmp
2013-01-10 13:00 - 2013-01-10 13:00 - 00275848 ____A C:\Windows\Minidump\011013-15350-01.dmp
2013-01-09 14:41 - 2013-01-09 14:41 - 00688992 ___RA (Swearware) C:\Users\Kim's\Desktop\dds.com
2013-01-09 00:33 - 2012-05-11 18:50 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 00:33 - 2011-10-07 19:06 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-08 22:50 - 2013-01-08 22:50 - 00275848 ____A C:\Windows\Minidump\010913-15428-01.dmp
2013-01-07 23:59 - 2013-01-07 23:59 - 00275848 ____A C:\Windows\Minidump\010813-17300-01.dmp
2013-01-07 23:38 - 2013-01-07 23:38 - 00275848 ____A C:\Windows\Minidump\010813-16832-01.dmp
2013-01-07 22:34 - 2013-01-07 22:34 - 04732416 ____A (AVAST Software) C:\Users\Kim's\Desktop\aswMBR.exe
2013-01-07 22:27 - 2013-01-07 22:27 - 00008307 ____A C:\AdwCleaner[S1].txt
2013-01-07 22:16 - 2011-10-11 18:30 - 00000000 ____D C:\Users\Kim's\AppData\Roaming\Skype
2013-01-07 14:28 - 2012-03-09 12:54 - 00000000 ____D C:\Users\Kim's\AppData\Local\Microsoft Games
2013-01-07 14:19 - 2013-01-07 14:19 - 00275848 ____A C:\Windows\Minidump\010713-14492-01.dmp
2013-01-07 14:09 - 2013-01-07 14:09 - 00275848 ____A C:\Windows\Minidump\010713-14352-01.dmp
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Users\Kim's\AppData\Roaming\Malwarebytes
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-07 13:36 - 2013-01-07 13:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-07 13:35 - 2013-01-07 13:35 - 10156424 ____A (Malwarebytes Corporation ) C:\Users\Kim's\Downloads\mbam-setup.exe
2013-01-07 12:47 - 2013-01-07 12:47 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Kim's\Desktop\mbam-clean-1.60.2.0003.exe
2013-01-07 12:39 - 2013-01-07 12:39 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\Kim's\Desktop\FixExec.exe
2013-01-06 23:26 - 2013-01-06 23:26 - 00275848 ____A C:\Windows\Minidump\010713-15818-01.dmp
2013-01-06 23:09 - 2013-01-06 23:09 - 00000000 ____D C:\Windows\pss
2013-01-06 15:31 - 2013-01-06 15:31 - 00275848 ____A C:\Windows\Minidump\010613-19546-01.dmp
2013-01-06 15:08 - 2011-10-09 08:07 - 00000000 ____D C:\Program Files (x86)\Java
2013-01-05 13:08 - 2013-01-05 13:08 - 00002479 ____A C:\scu.dat
2013-01-05 00:41 - 2013-01-05 00:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-05 00:29 - 2013-01-05 00:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Kim's\Downloads\tdsskiller.exe
2013-01-05 00:24 - 2013-01-05 00:24 - 00752213 ____A (Farbar) C:\Users\Kim's\Desktop\MiniToolBox.exe
2013-01-05 00:01 - 2013-01-05 00:01 - 00001094 ____A C:\Users\Kim's\Desktop\TFC.exe - Shortcut.lnk
2013-01-04 23:59 - 2013-01-04 23:59 - 00448512 ____A (OldTimer Tools) C:\Users\Kim's\Downloads\TFC.exe
2012-12-30 00:53 - 2012-12-30 00:53 - 00275848 ____A C:\Windows\Minidump\123012-18205-01.dmp
2012-12-29 03:27 - 2012-12-29 03:27 - 00275848 ____A C:\Windows\Minidump\122912-16567-01.dmp
2012-12-28 22:51 - 2012-12-28 22:50 - 00275792 ____A C:\Windows\Minidump\122912-22526-01.dmp
2012-12-28 21:47 - 2012-12-28 21:47 - 00275848 ____A C:\Windows\Minidump\122912-18969-01.dmp
2012-12-28 21:20 - 2012-12-28 21:19 - 00275848 ____A C:\Windows\Minidump\122912-17019-01.dmp


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 15:19] - [2012-09-06 09:38] - 0295792 ____A (Microsoft Corporation) 9E425AC5C9A5A973273D169F43B4F5E1


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3835.82 MB
Available physical RAM: 3077.79 MB
Total Pagefile: 3833.96 MB
Available Pagefile: 3058.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:47.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive f: (CRUZER) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1907 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: 5C137F79

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 298 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F CRUZER FAT Removable 1907 MB Healthy

=========================================================

Last Boot: 2013-01-14 15:47

==================== End Of Log =============================




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users