1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please Help, Services.exe infected with trojan

Discussion in 'Virus & Other Malware Removal' started by andrewbfraser, Oct 1, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. andrewbfraser

    andrewbfraser Thread Starter

    Joined:
    Sep 24, 2012
    Messages:
    17
    Hello,
    While performing my weekly virus scans, Symantec Endpoint Protection notified me that C:/Windows/System32/services.exe has been infected with a Trojan. Being that it's a system file Symantec will not clean or remove it. I also ran a scan with Malwarebytes and it did not find any risks. I am generally pretty good with computers and have never gotten any virus's before, at first my computer showed no signs of being infected but it has been almost 2 weeks and now it is running very slow. All of my files are still where they should be, and its starts up fine but I would like to get rid of it as soon is possible.
    Here is the log file requested, hopefully someone can help me.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:11:08 PM, on 9/24/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16448)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
    C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
    C:\Users\Andrew Fraser\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Users\Andrew Fraser\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\TwoFingerScroll.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\Downloads\HijackThis.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Andrew Fraser\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrew Fraser\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [MaxTo] "C:\Program Files (x86)\MaxTo\MaxTo.exe" --start-hidden
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager (mitsijm2012) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 17444 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Andrew Fraser at 21:14:31 on 2012-09-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1529 [GMT -4:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\Andrew Fraser\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\conhost.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Users\Andrew Fraser\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\Andrew Fraser\TwoFingerScroll.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew Fraser\Downloads\HijackThis.exe
    C:\Users\Andrew Fraser\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    uRun: [Akamai NetSession Interface] "C:\Users\Andrew Fraser\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Google Update] "C:\Users\Andrew Fraser\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [AdobeBridge]
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [MaxTo] "C:\Program Files (x86)\MaxTo\MaxTo.exe" --start-hidden
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    StartupFolder: C:\Users\ANDREW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 141.218.1.100 141.218.20.114
    TCP: Interfaces\{44CDFEE5-E95C-48A3-BB17-93C909A80C2F} : DhcpNameServer = 141.218.1.100 141.218.20.114
    TCP: Interfaces\{44CDFEE5-E95C-48A3-BB17-93C909A80C2F}\14C6C60295F65727022416375602142756022456C6F6E6760245F6025537 : DhcpNameServer = 64.233.217.2 64.233.217.3
    TCP: Interfaces\{44CDFEE5-E95C-48A3-BB17-93C909A80C2F}\1647E64627E616C6E6 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{44CDFEE5-E95C-48A3-BB17-93C909A80C2F}\2375942554639323 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{44CDFEE5-E95C-48A3-BB17-93C909A80C2F}\75966696E45647934383 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{44CDFEE5-E95C-48A3-BB17-93C909A80C2F}\84F6C6964616970294E6E60254870727563737023536861657D626572776 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{44CDFEE5-E95C-48A3-BB17-93C909A80C2F}\C696E6B6379737 : DhcpNameServer = 64.233.217.2 64.233.217.3
    TCP: Interfaces\{5DD213EE-F4CF-48BA-831F-17EBF3143D68}\4413233343536373D25343736303 : DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-11 98208]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 BNPagent;Bradford Persistent Agent Service;C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2011-3-7 3079960]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-9-10 60928]
    R2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-7 848184]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-10 705856]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-10 2320920]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-5 1431888]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
    S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    2012-09-21 18:10:52 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-09-20 22:25:41 -------- d-----w- C:\Users\Andrew Fraser\Object Dock Logos
    2012-09-19 16:48:38 -------- d-----w- C:\Users\Andrew Fraser\DCIM
    2012-09-18 23:52:37 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-18 20:11:54 -------- d-----w- C:\Users\Andrew Fraser\AppData\Roaming\Synaptics
    2012-09-18 20:05:38 -------- d-----w- C:\ProgramData\Synaptics
    2012-09-18 20:05:38 -------- d-----w- C:\Program Files (x86)\Synaptics
    2012-09-12 21:05:28 -------- d-----w- C:\Users\Andrew Fraser\AppData\Roaming\WindSolutions
    2012-09-12 20:56:33 -------- d-----w- C:\ProgramData\WindSolutions
    2012-09-12 16:36:22 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 16:36:22 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 16:36:19 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 16:36:19 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 16:36:17 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 16:36:17 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-12 16:36:17 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-11 19:33:23 -------- d-----w- C:\Users\Andrew Fraser\AppData\Roaming\Malwarebytes
    2012-09-11 19:33:17 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-11 19:33:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-11 19:33:15 -------- d-----w- C:\Program Files (x86)\aaa
    2012-09-10 18:48:33 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-10 18:48:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-10 18:32:14 -------- d-----w- C:\Users\Andrew Fraser\AppData\Roaming\Guitar Pro 6
    2012-09-10 18:32:14 -------- d-----w- C:\ProgramData\Guitar Pro 6
    2012-09-06 20:33:41 -------- d-----w- C:\Users\Andrew Fraser\AppData\Local\Digital_Creations_AS
    2012-09-06 20:33:28 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2012-08-31 22:33:12 -------- d-----w- C:\Users\Andrew Fraser\AppData\Local\assembly
    2012-08-31 22:32:20 -------- d-----w- C:\Users\Andrew Fraser\AppData\Local\TechSmith
    .
    ==================== Find3M ====================
    .
    2012-09-06 13:20:28 225328 ----a-w- C:\Windows\System32\drivers\wpshelper.sys
    2012-08-10 20:44:38 43361640 ----a-w- C:\Users\Andrew Fraser\iCloudSetup.exe
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 21:16:09.51 ===============
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Run the following scans please:

    Download Farbar Recovery Scan Toolx64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next,

    Boot to System Recovery Options and run FRST as you did to get the log.

    Type the following in the edit box after "Search:".

    services.exe

    It then should look like:

    [​IMG]

    Click Search button and post the log (Search.txt) it makes to your reply.

    Post both logs in tnext reply,

    Kevin
     
  3. andrewbfraser

    andrewbfraser Thread Starter

    Joined:
    Sep 24, 2012
    Messages:
    17
    Kevin,
    I ran both of the scans that you requested, here are the two logs,
    Andrew


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01
    Ran by SYSTEM at 02-10-2012 11:37:51
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet002

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9642528 2009-12-03] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
    HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1926928 2010-01-19] (Intel(R) Corporation)
    HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1862952 2009-10-13] (Synaptics Incorporated)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-07-08] (Symantec Corporation)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe [x]
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKU\Andrew Fraser\...\Run: [Akamai NetSession Interface] "C:\Users\Andrew Fraser\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)
    HKU\Andrew Fraser\...\Run: [Google Update] "C:\Users\Andrew Fraser\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-25] (Google Inc.)
    HKU\Andrew Fraser\...\Run: [AdobeBridge] [x]
    HKU\Andrew Fraser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Andrew Fraser\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Andrew Fraser\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
    HKU\Andrew Fraser\...\Run: [MaxTo] "C:\Program Files (x86)\MaxTo\MaxTo.exe" --start-hidden [x]
    HKU\Andrew Fraser\...\Policies\system: [LogonHoursAction] 2
    HKU\Andrew Fraser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-05] (Dell)
    HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 141.218.1.100 141.218.20.114
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\Andrew Fraser\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Services (Whitelisted) ===================

    2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-09-10] (Akamai Technologies, Inc.)
    2 BNPagent; "C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe" [3079960 2011-03-07] (Bradford Networks)
    2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2009-07-08] (Symantec Corporation)
    2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2009-07-08] (Symantec Corporation)
    2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()
    3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2009-07-13] (Symantec Corporation)
    2 mitsijm2012; "C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe" [848184 2010-12-07] (Autodesk, Inc.)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2010-01-19] ()
    2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3197256 2009-09-17] (Symantec Corporation)
    4 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [411976 2009-09-17] (Symantec Corporation)
    4 SQLAgent$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-30] (Microsoft Corporation)
    2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [2477304 2009-09-17] (Symantec Corporation)

    ==================== Drivers (Whitelisted) =====================

    3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-17] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-10] (Symantec Corporation)
    3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121001.004\ENG64.SYS [126112 2012-09-17] (Symantec Corporation)
    3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121001.004\EX64.SYS [2084000 2012-09-17] (Symantec Corporation)
    1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
    3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
    1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-12-26] (Symantec Corporation)
    3 tapoas; C:\Windows\System32\Drivers\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
    3 Teefer2; C:\Windows\System32\Drivers\Teefer2.sys [62512 2009-05-27] (Symantec Corporation)
    2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
    1 WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
    3 WpsHelper; C:\Windows\System32\Drivers\WpsHelper.sys [225328 2012-09-06] (Symantec Corporation)
    2 PnkBstrA; [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-02 10:25 - 2012-10-02 10:25 - 01456149 ____A (Farbar) C:\Users\Andrew Fraser\Downloads\FRST64.exe
    2012-09-25 20:27 - 2012-08-21 12:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-09-25 20:25 - 2012-09-25 20:27 - 00000000 ____D C:\Program Files\iTunes
    2012-09-25 20:25 - 2012-09-25 20:27 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-09-25 20:25 - 2012-09-25 20:25 - 00000000 ____D C:\Program Files\iPod
    2012-09-25 20:16 - 2012-09-25 20:17 - 80521624 ____A (Apple Inc.) C:\Users\Andrew Fraser\Downloads\iTunes64Setup.exe
    2012-09-24 20:18 - 2012-09-24 20:18 - 00018445 ____A C:\Users\Andrew Fraser\Desktop\Attach.txt
    2012-09-24 20:17 - 2012-09-24 20:17 - 00028561 ____A C:\Users\Andrew Fraser\Desktop\DDS.txt
    2012-09-24 20:17 - 2012-09-24 20:17 - 00017446 ____A C:\Users\Andrew Fraser\Desktop\hijackthis.log
    2012-09-24 20:14 - 2012-09-24 20:14 - 00607260 ___RA (Swearware) C:\Users\Andrew Fraser\Desktop\dds.com
    2012-09-24 20:11 - 2012-09-24 20:11 - 00017446 ____A C:\Users\Andrew Fraser\Downloads\hijackthis.log
    2012-09-24 19:59 - 2012-09-24 19:59 - 00388608 ____A (Trend Micro Inc.) C:\Users\Andrew Fraser\Desktop\HijackThis.exe
    2012-09-24 19:52 - 2012-09-24 19:52 - 00509440 ____A (Tech Support Guy System) C:\Users\Andrew Fraser\Desktop\SysInfo.exe
    2012-09-24 19:50 - 2012-09-24 19:50 - 01454541 ____A (Farbar) C:\Users\Andrew Fraser\Desktop\FRST64.exe
    2012-09-23 09:48 - 2012-09-23 09:49 - 00262144 ____A C:\Windows\Minidump\092312-23072-01.dmp
    2012-09-21 13:10 - 2012-09-23 10:41 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-09-21 13:05 - 2012-09-21 13:05 - 00262144 ____A C:\Windows\Minidump\092112-34117-01.dmp
    2012-09-21 12:57 - 2012-09-21 12:57 - 00262144 ____A C:\Windows\Minidump\092112-18174-01.dmp
    2012-09-21 12:54 - 2012-09-21 12:55 - 00262144 ____A C:\Windows\Minidump\092112-21496-01.dmp
    2012-09-21 12:41 - 2012-09-21 12:42 - 00262144 ____A C:\Windows\Minidump\092112-22666-01.dmp
    2012-09-21 12:35 - 2012-09-21 12:35 - 00262144 ____A C:\Windows\Minidump\092112-18408-01.dmp
    2012-09-21 12:27 - 2012-09-21 12:28 - 00262144 ____A C:\Windows\Minidump\092112-81744-01.dmp
    2012-09-20 21:43 - 2012-09-20 21:44 - 00262144 ____A C:\Windows\Minidump\092012-21434-01.dmp
    2012-09-20 21:40 - 2012-09-20 21:41 - 00262144 ____A C:\Windows\Minidump\092012-19968-01.dmp
    2012-09-20 21:38 - 2012-09-20 21:38 - 00262144 ____A C:\Windows\Minidump\092012-25818-01.dmp
    2012-09-20 21:36 - 2012-09-20 21:36 - 00262144 ____A C:\Windows\Minidump\092012-25350-01.dmp
    2012-09-20 21:34 - 2012-09-20 21:34 - 00262144 ____A C:\Windows\Minidump\092012-25724-01.dmp
    2012-09-20 17:25 - 2012-09-20 18:01 - 00000000 ____D C:\Users\Andrew Fraser\Object Dock Logos
    2012-09-19 19:24 - 2012-09-19 19:48 - 00000000 ____D C:\Users\Andrew Fraser\My Documents\Digital Logic (2)
    2012-09-19 19:24 - 2012-09-19 19:48 - 00000000 ____D C:\Users\Andrew Fraser\Documents\Digital Logic (2)
    2012-09-19 11:48 - 2012-09-19 11:48 - 00000000 ____D C:\Users\Andrew Fraser\DCIM
    2012-09-18 18:52 - 2012-09-25 20:27 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-18 18:52 - 2012-09-25 20:27 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-18 15:11 - 2012-09-18 15:11 - 00000000 ____D C:\Users\Andrew Fraser\Application Data\Synaptics
    2012-09-18 15:11 - 2012-09-18 15:11 - 00000000 ____D C:\Users\Andrew Fraser\AppData\Roaming\Synaptics
    2012-09-18 15:05 - 2012-09-18 15:13 - 00000000 ____D C:\Users\All Users\Synaptics
    2012-09-18 15:05 - 2012-09-18 15:13 - 00000000 ____D C:\Users\All Users\Application Data\Synaptics
    2012-09-18 15:05 - 2012-09-18 15:05 - 00000000 ____D C:\Program Files (x86)\Synaptics
    2012-09-12 16:10 - 2012-09-12 16:10 - 00012036 ____A C:\Users\Andrew Fraser\My Documents\iPhone 4S Outlook.csv
    2012-09-12 16:10 - 2012-09-12 16:10 - 00012036 ____A C:\Users\Andrew Fraser\Documents\iPhone 4S Outlook.csv
    2012-09-12 16:05 - 2012-09-23 10:40 - 00000000 ____D C:\Users\Andrew Fraser\Application Data\WindSolutions
    2012-09-12 16:05 - 2012-09-23 10:40 - 00000000 ____D C:\Users\Andrew Fraser\AppData\Roaming\WindSolutions
    2012-09-12 15:56 - 2012-09-12 15:56 - 00000000 ____D C:\Users\All Users\WindSolutions
    2012-09-12 15:56 - 2012-09-12 15:56 - 00000000 ____D C:\Users\All Users\Application Data\WindSolutions
    2012-09-12 15:55 - 2012-09-23 10:46 - 00000000 ____D C:\Users\Andrew Fraser\Downloads\CopyTransContactsv0.913_DLC
    2012-09-12 15:53 - 2012-09-12 15:53 - 07993747 ____A C:\Users\Andrew Fraser\Downloads\CopyTransContactsv0.913_DLC.zip
    2012-09-12 11:36 - 2012-08-22 13:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-12 11:36 - 2012-08-22 13:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-09-12 11:36 - 2012-08-22 13:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-09-12 11:36 - 2012-08-22 13:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-09-12 11:36 - 2012-08-02 12:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-09-12 11:36 - 2012-08-02 11:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-09-12 11:36 - 2012-07-04 15:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-09-11 14:33 - 2012-09-23 10:46 - 00000000 ____D C:\Program Files (x86)\aaa
    2012-09-11 14:33 - 2012-09-23 10:40 - 00000000 ____D C:\Users\Andrew Fraser\Application Data\Malwarebytes
    2012-09-11 14:33 - 2012-09-23 10:40 - 00000000 ____D C:\Users\Andrew Fraser\AppData\Roaming\Malwarebytes
    2012-09-11 14:33 - 2012-09-23 10:39 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-11 14:33 - 2012-09-23 10:39 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-09-11 14:33 - 2012-09-07 16:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-11 10:17 - 2012-09-11 10:17 - 00001258 ____A C:\Users\Andrew Fraser\Downloads\chap2.txt
    2012-09-10 13:48 - 2012-09-23 10:46 - 00000000 ____D C:\Windows\System32\Macromed
    2012-09-10 13:48 - 2012-09-10 13:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-10 13:48 - 2012-09-10 13:48 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-10 13:32 - 2012-09-11 13:02 - 00000000 ____D C:\Users\Andrew Fraser\Application Data\Guitar Pro 6
    2012-09-10 13:32 - 2012-09-11 13:02 - 00000000 ____D C:\Users\Andrew Fraser\AppData\Roaming\Guitar Pro 6
    2012-09-10 13:32 - 2012-09-10 13:32 - 00000000 ____D C:\Users\All Users\Guitar Pro 6
    2012-09-10 13:32 - 2012-09-10 13:32 - 00000000 ____D C:\Users\All Users\Application Data\Guitar Pro 6
    2012-09-08 12:56 - 2012-09-23 10:46 - 00000000 ____D C:\Users\Andrew Fraser\Downloads\Men in Black 3 (2012) DVDRip XviD-MAXSPEED
    2012-09-08 12:54 - 2012-09-23 10:46 - 00000000 ____D C:\Users\Andrew Fraser\Downloads\Snow White and the Huntsman (2012) DVDRip XviD-MAXSPEED
    2012-09-08 12:54 - 2012-09-23 10:46 - 00000000 ____D C:\Users\Andrew Fraser\Downloads\Men.In.Black.3.2012.DVDRip.XviD-DEPRiVED
    2012-09-08 12:42 - 2012-09-08 13:26 - 00000000 ____D C:\Users\Andrew Fraser\Downloads\Starting.Out.with.Java.From.Control.Structures.through.Data.Structures.2nd.Edition
    2012-09-07 10:17 - 2012-09-08 12:41 - 00085263 ____A C:\Users\Andrew Fraser\My Documents\WMU.dwg
    2012-09-07 10:17 - 2012-09-08 12:41 - 00085263 ____A C:\Users\Andrew Fraser\Documents\WMU.dwg
    2012-09-06 15:33 - 2012-09-23 10:46 - 00000000 ____D C:\Users\Andrew Fraser\Local Settings\Digital_Creations_AS
    2012-09-06 15:33 - 2012-09-23 10:46 - 00000000 ____D C:\Users\Andrew Fraser\Local Settings\Application Data\Digital_Creations_AS
    2012-09-06 15:33 - 2012-09-23 10:46 - 00000000 ____D C:\Users\Andrew Fraser\AppData\Local\Digital_Creations_AS
    2012-09-06 15:33 - 2012-09-06 15:47 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2012-09-05 16:57 - 2012-09-26 14:29 - 00000000 ____D C:\Users\Andrew Fraser\My Documents\ANTH 1200
    2012-09-05 16:57 - 2012-09-26 14:29 - 00000000 ____D C:\Users\Andrew Fraser\Documents\ANTH 1200
    2012-09-05 11:36 - 2012-10-01 12:01 - 00000000 ____D C:\Users\Andrew Fraser\My Documents\CS 1110 (2)
    2012-09-05 11:36 - 2012-10-01 12:01 - 00000000 ____D C:\Users\Andrew Fraser\Documents\CS 1110 (2)


    ==================== 3 Months Modified Files ==================

    2012-10-02 10:30 - 2010-12-25 14:12 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-993845009-3110868454-4033552744-1001Core.job
    2012-10-02 10:25 - 2012-10-02 10:25 - 01456149 ____A (Farbar) C:\Users\Andrew Fraser\Downloads\FRST64.exe
    2012-10-02 10:23 - 2009-07-14 00:13 - 00870760 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-02 10:21 - 2010-12-25 14:12 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-993845009-3110868454-4033552744-1001UA.job
    2012-10-02 10:20 - 2009-07-13 23:51 - 00094222 ____A C:\Windows\setupact.log
    2012-10-01 11:30 - 2011-11-21 16:10 - 00000360 ____A C:\Windows\Tasks\RegistryBooster.job
    2012-09-27 17:21 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-27 17:21 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-27 17:14 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-26 19:40 - 2009-07-14 00:10 - 01307363 ____A C:\Windows\WindowsUpdate.log
    2012-09-25 20:17 - 2012-09-25 20:16 - 80521624 ____A (Apple Inc.) C:\Users\Andrew Fraser\Downloads\iTunes64Setup.exe
    2012-09-24 20:18 - 2012-09-24 20:18 - 00018445 ____A C:\Users\Andrew Fraser\Desktop\Attach.txt
    2012-09-24 20:17 - 2012-09-24 20:17 - 00028561 ____A C:\Users\Andrew Fraser\Desktop\DDS.txt
    2012-09-24 20:17 - 2012-09-24 20:17 - 00017446 ____A C:\Users\Andrew Fraser\Desktop\hijackthis.log
    2012-09-24 20:14 - 2012-09-24 20:14 - 00607260 ___RA (Swearware) C:\Users\Andrew Fraser\Desktop\dds.com
    2012-09-24 20:11 - 2012-09-24 20:11 - 00017446 ____A C:\Users\Andrew Fraser\Downloads\hijackthis.log
    2012-09-24 19:59 - 2012-09-24 19:59 - 00388608 ____A (Trend Micro Inc.) C:\Users\Andrew Fraser\Desktop\HijackThis.exe
    2012-09-24 19:52 - 2012-09-24 19:52 - 00509440 ____A (Tech Support Guy System) C:\Users\Andrew Fraser\Desktop\SysInfo.exe
    2012-09-24 19:50 - 2012-09-24 19:50 - 01454541 ____A (Farbar) C:\Users\Andrew Fraser\Desktop\FRST64.exe
    2012-09-23 11:54 - 2010-09-10 19:31 - 00245378 ____A C:\Windows\PFRO.log
    2012-09-23 09:49 - 2012-09-23 09:48 - 00262144 ____A C:\Windows\Minidump\092312-23072-01.dmp
    2012-09-23 09:48 - 2011-07-07 18:16 - 528158240 ____A C:\Windows\MEMORY.DMP
    2012-09-21 13:05 - 2012-09-21 13:05 - 00262144 ____A C:\Windows\Minidump\092112-34117-01.dmp
    2012-09-21 12:57 - 2012-09-21 12:57 - 00262144 ____A C:\Windows\Minidump\092112-18174-01.dmp
    2012-09-21 12:55 - 2012-09-21 12:54 - 00262144 ____A C:\Windows\Minidump\092112-21496-01.dmp
    2012-09-21 12:42 - 2012-09-21 12:41 - 00262144 ____A C:\Windows\Minidump\092112-22666-01.dmp
    2012-09-21 12:35 - 2012-09-21 12:35 - 00262144 ____A C:\Windows\Minidump\092112-18408-01.dmp
    2012-09-21 12:28 - 2012-09-21 12:27 - 00262144 ____A C:\Windows\Minidump\092112-81744-01.dmp
    2012-09-20 21:44 - 2012-09-20 21:43 - 00262144 ____A C:\Windows\Minidump\092012-21434-01.dmp
    2012-09-20 21:41 - 2012-09-20 21:40 - 00262144 ____A C:\Windows\Minidump\092012-19968-01.dmp
    2012-09-20 21:38 - 2012-09-20 21:38 - 00262144 ____A C:\Windows\Minidump\092012-25818-01.dmp
    2012-09-20 21:36 - 2012-09-20 21:36 - 00262144 ____A C:\Windows\Minidump\092012-25350-01.dmp
    2012-09-20 21:34 - 2012-09-20 21:34 - 00262144 ____A C:\Windows\Minidump\092012-25724-01.dmp
    2012-09-13 02:01 - 2010-12-31 01:05 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-12 16:10 - 2012-09-12 16:10 - 00012036 ____A C:\Users\Andrew Fraser\My Documents\iPhone 4S Outlook.csv
    2012-09-12 16:10 - 2012-09-12 16:10 - 00012036 ____A C:\Users\Andrew Fraser\Documents\iPhone 4S Outlook.csv
    2012-09-12 15:53 - 2012-09-12 15:53 - 07993747 ____A C:\Users\Andrew Fraser\Downloads\CopyTransContactsv0.913_DLC.zip
    2012-09-11 10:17 - 2012-09-11 10:17 - 00001258 ____A C:\Users\Andrew Fraser\Downloads\chap2.txt
    2012-09-10 13:48 - 2012-09-10 13:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-10 13:48 - 2012-09-10 13:48 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-08 12:41 - 2012-09-07 10:17 - 00085263 ____A C:\Users\Andrew Fraser\My Documents\WMU.dwg
    2012-09-08 12:41 - 2012-09-07 10:17 - 00085263 ____A C:\Users\Andrew Fraser\Documents\WMU.dwg
    2012-09-07 16:04 - 2012-09-11 14:33 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-06 08:20 - 2010-12-26 00:18 - 00225328 ____A (Symantec Corporation) C:\Windows\System32\Drivers\wpshelper.sys
    2012-08-22 13:12 - 2012-09-12 11:36 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 13:12 - 2012-09-12 11:36 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 13:12 - 2012-09-12 11:36 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 13:12 - 2012-09-12 11:36 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 12:01 - 2012-09-25 20:27 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 12:01 - 2010-12-25 09:21 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-08-21 12:01 - 2010-12-25 09:21 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-08-16 02:24 - 2009-07-13 23:45 - 05077592 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-11 10:10 - 2011-11-21 16:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-08-11 10:10 - 2011-11-21 16:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-08-10 16:06 - 2012-08-10 16:06 - 00012945 ____A C:\Users\Andrew Fraser\iCloud - Shortcut.lnk
    2012-08-10 15:44 - 2012-08-10 15:32 - 43361640 ____A (Apple Inc.) C:\Users\Andrew Fraser\iCloudSetup.exe
    2012-08-02 12:58 - 2012-09-12 11:36 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 11:57 - 2012-09-12 11:36 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-18 13:15 - 2012-08-15 16:41 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-09 12:42 - 2012-07-09 12:42 - 04547984 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
    2012-07-09 12:42 - 2012-07-09 12:42 - 00052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
    2012-07-08 11:36 - 2012-07-08 11:36 - 00000925 ____A C:\Users\Andrew Fraser\BitTorrent.lnk
    2012-07-06 15:07 - 2012-08-16 02:04 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
    2012-07-05 21:06 - 2012-08-11 10:11 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-05 21:06 - 2012-04-15 16:25 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-07-05 21:06 - 2010-09-10 17:39 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll


    ZeroAccess:
    C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}
    C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@
    C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L
    C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U
    C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L\00000004.@
    C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L\201d3dde
    C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-14 16:54:08
    Restore point made on: 2012-09-21 13:35:59
    Restore point made on: 2012-09-23 22:09:18
    Restore point made on: 2012-09-25 20:23:23

    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 3892.54 MB
    Available physical RAM: 3270.44 MB
    Total Pagefile: 3890.69 MB
    Available Pagefile: 3264.34 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:227.05 GB) NTFS
    3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (FRASER) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 7648 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 100 MB 1024 KB
    Partition 2 Primary 14 GB 101 MB
    Partition 3 Primary 451 GB 14 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 100 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 451 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7647 MB 40 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FRASER FAT32 Removable 7647 MB Healthy

    =========================================================

    Last Boot: 2012-09-07 20:53

    ==================== End Of Log =============================























    Farbar Recovery Scan Tool (x64) Version: 30-09-2012 01
    Ran by SYSTEM at 2012-10-02 11:39:51
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    Code:
    start
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
    C:\Windows\SysWOW64\%APPDATA%
    C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    end
    
    Now please enter System Recovery Options as you did to get the log.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Reboot to Normal Windows and run this:

    Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • [​IMG] Please download
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post both logs in your reply, give update on issues/concerns..

    Kevin...
     
  5. andrewbfraser

    andrewbfraser Thread Starter

    Joined:
    Sep 24, 2012
    Messages:
    17
    Thank you so much! Your a life saver man. I did what you told me to and there is no sign of infected files. Malwarebytes did not find anything, but even when it was infected it wasn't finding anything. I use Symantec Endpoint Protection and it was what alerted me that there was a problem and it is not finding anything anymore either. Thank you so much for replying and helping me out.

    The only issue i had was that ever since services.exe got infected, Symantec was finding a new backdoor trojan almost every minute when my computer was running, almost always from a C:\Windows\Installer location. It is not finding them anymore so that leads me to believe it was caused by the infected services.exe. If you think it might have been from anything else please let me know what i should do be sure it is gone. But otherwise I can't thank you enough, my computer runs fine again.

    Below are the logs from the fix and scan.

    Thanks again,
    Andrew



    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-09-2012 01
    Ran by SYSTEM at 2012-10-02 15:18:01 Run:1
    Running from F:\

    ==============================================

    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    C:\Windows\SysWOW64\%APPDATA% moved successfully.
    C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

    ==== End of Fixlog ====





    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.02.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Andrew Fraser :: ANDREWFRASER-PC [administrator]

    10/2/2012 3:25:44 PM
    mbam-log-2012-10-02 (15-25-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209613
    Time elapsed: 5 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Thanks for the reply, i`d like to confirm no remnants of the infection with an online AV scan, run the following:

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Kevin
     
  7. andrewbfraser

    andrewbfraser Thread Starter

    Joined:
    Sep 24, 2012
    Messages:
    17
    Kevin, here is the log from the eset scan:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=2e527f58a77b2b4f967084f4068a0ec1
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-10-03 02:17:37
    # local_time=2012-10-02 10:17:37 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=3584 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776638 66 94 39749063 100760900 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=299587
    # found=10
    # cleaned=0
    # scan_time=13206
    C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files (x86)\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
    C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
    ${Memory} Win32/RegistryBooster application 00000000000000000000000000000000 I


    Thanks, Andrew
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Thanks for the reply Andrew,

    Continue as follows:

    Uninstall Uniblue via Start > Control Panel > Uninstall a Program.

    Next,

    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      ipconfig /flushdns /c
      C:\FRST
      C:\ProgramData\Tarma Installer
      C:\Users\All Users\Tarma Installer
      :Commands
      [EmptyTemp]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Post that log please, tell me how your system is OK, also if any issues or concerns remain, if none we can clean up..

    Kevin
     
  9. andrewbfraser

    andrewbfraser Thread Starter

    Joined:
    Sep 24, 2012
    Messages:
    17
    Hey Kevin, thanks for the reply, i uninstalled that program and ran the OTM program and my system runs great.

    Just curious, was that Uniblue program harmful at all to my computer at all?

    Here is the OTM log,
    Andrew



    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Andrew Fraser\Desktop\cmd.bat deleted successfully.
    C:\Users\Andrew Fraser\Desktop\cmd.txt deleted successfully.
    C:\FRST\Quarantine\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U folder moved successfully.
    C:\FRST\Quarantine\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L folder moved successfully.
    C:\FRST\Quarantine\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1} folder moved successfully.
    C:\FRST\Quarantine\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
    C:\FRST\Quarantine\%APPDATA%\Microsoft\Windows folder moved successfully.
    C:\FRST\Quarantine\%APPDATA%\Microsoft folder moved successfully.
    C:\FRST\Quarantine\%APPDATA% folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Cache folder moved successfully.
    C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9} folder moved successfully.
    C:\ProgramData\Tarma Installer folder moved successfully.
    File/Folder C:\Users\All Users\Tarma Installer not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Andrew Fraser
    ->Temp folder emptied: 172447376 bytes
    ->Temporary Internet Files folder emptied: 4187995 bytes
    ->Java cache emptied: 2489187 bytes
    ->Google Chrome cache emptied: 380976897 bytes
    ->Flash cache emptied: 71596 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 566941750 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 697922126 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,741.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 10032012_131400

    Files moved on Reboot...
    File C:\FRST\Quarantine not found!
    C:\Users\Andrew Fraser\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Hiya Andrew,

    Thaks for the reply and good to hear your system is running well. Regrading Uniblue, I do not use or promote any application of that type which may alter the OS registry in any way. Its your choice to UNinstall, keep or RE-Install....

    OK do the following:

    Step 1

    Remove ESET online scanner:

    • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
    • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

    Step 2

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7 accept UAC
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself.

    Any tools/logs remaining on the Desktop can be deleted. Such as Farbar Reovery Scan Tool...

    Step 3

    Go here http://www.filehippo.com/updatechecker/ (Use the Stand Alone Version, not the installer) Run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
    If Java or Adobe are updated please check under Start > Control Panel > Programs and Featues, ensure any old versions are removed. <--- Very Important

    Step 4

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

    Step 5

    Create a new restore point:

    1. Right-click on Computer and go to Properties.
    2. Next click on the System Protection link.
    3. The System Properties dialog screen opens up and you will want to click on Create.
    4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.
    5. You should see the message "The restore point was created successfully

    To remove all but the most recent restore point do the following:

    1. Open Disk Cleanup by clicking the Start button [​IMG]. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
    2. If prompted, select the drive that you want to clean up, and then click OK.
    3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
    4. If prompted, select the drive that you want to clean up, and then click OK.
    5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
    6. In the Disk Cleanup dialog box, click Delete.
    7. Click Delete Files, and then click OK. Re-Boot your PC.

    Let me know if those steps complete OK, if no more issues you can hit the "Mark Solved" tab at the top of the thread...

    Thanks,

    Kevin
     
  11. andrewbfraser

    andrewbfraser Thread Starter

    Joined:
    Sep 24, 2012
    Messages:
    17
    Hi Kevin, I finished the first couple steps and I have updated everything.
    I checked to see if the old versions of adobe and java were removed and it appears the adobe was but the java was not. Before I do anything, I wanted to check with you and see if I should remove these or not. I attached a screenshot, should I uninstall all of the Java programs listed under Java 7 Update 7 (64-bit)?
    Please let me know, thanks,
    Andrew
     

    Attached Files:

  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Yep, remove them all except for your latest update....(y)
     
  13. andrewbfraser

    andrewbfraser Thread Starter

    Joined:
    Sep 24, 2012
    Messages:
    17
    Okay thank you so much, my only other question is that I just tried to run Windows Update, and it will check for updates but it fails immediately when trying to download and install them.The last time updates were installed was right around the time I got the virus. Please let me know if you know of any way to fix this too.
    Thanks,
    Andrew
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Run the following:

    Please download Farbar Service Scanner and run it on the computer with the issue.

    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  15. andrewbfraser

    andrewbfraser Thread Starter

    Joined:
    Sep 24, 2012
    Messages:
    17
    Here is the log:



    Farbar Service Scanner Version: 19-09-2012
    Ran by Andrew Fraser (administrator) on 03-10-2012 at 17:53:24
    Running from "C:\Users\Andrew Fraser\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    IE proxy is enabled.



    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1071065