Solved Have Trojan.zeroAccess!inf5/6 virus

bgriff · 2012/09/13

[Resolved] Have Trojan.zeroAccess!inf5/6 virus

A couple of days ago Symantec antivirus kept finding Zero Access Trojans that it appeared to be unable to delete completely and continued asking me to reboot after each virus scan. The first day I discovered the virus, Antivirus sd it was version5, the very next day antivirus scan said it was Trojan.zeroAccess!inf6. This virus is truly beginning to hose my machine. My primary issues though are that it has done a DOS attack, denying me both LAN & Wireless internet access. So as I currently type this I am using a friends computer. Another main issue is that somehow the virus seems to be blocking some of my primary system files/folders (one of them is C:\Documents and Settings) access. I also have traced the main system file path where antivirus indicates the virus to reside at, and have tried deleting it but keep getting an error saying I don't have the permissions to remove.

I did find and refer to the following post link-->http://www.windowsbbs.com/malware-virus-removal/103325-resolved-trojan-zero-
access-found-mcafee-can-you-help.html

So I applied the initial step of doing a Malwarebytes scan after having to manually update the virus definitions DB using my friends computer and copying updated files over to my laptop with usb drive. Unfortunately though the virus is able to hide itself somehow from the Malwarebytes scans since after doing two full system scans, Malwarebytes repeatedly stated that it found no threats at all. Meanwhile my anti-virus (Symantec anti-virus) consistently reports multiple Trojan.ZeroAccess!inf6 risk instances to be found on the system. Since my case is somewhat different from thread "[Resolved] Trojan Zero Access found by McAfee... can you help?," I now am at a stand still.

**Any help with this irritating issue would be greatly appreciated. I really need my internet access back. Below I posted my Malwarebytes log results. I also have print screenshots of these issues that I can send by email for those interested in taking a further look to help.
-----------------
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
BG :: BG-PC [administrator]

9/8/2012 1:29:49 PM
mbam-log-2012-09-08 (13-29-49).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 308168
Time elapsed: 1 hour(s), 21 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.13.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
BG :: BG-PC [administrator]

9/12/2012 10:35:51 PM
mbam-log-2012-09-12 (22-35-51).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300430
Time elapsed: 1 hour(s), 17 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

PeteC · 2012/09/13

Welcome to WindowsBBS

Please note .....

As a new member (or a member with a minimum amount of postings to your account) any post you make which contains a URL requires approval (moderation) before it is visible.
Click to expand...

Please post the other logs requested here in further poste in this thread - you may need to spread a log over 2 posts

broni · 2012/09/13

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

[color= "#0000FF"]To enter System Recovery Options from the Advanced Boot Options:[/color]

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

[color= "#0000FF"]To enter System Recovery Options by using Windows installation disc:[/color]

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

[color= "#008000"]On the System Recovery Options menu you will get the following options:[/color]

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type [color= "#FF0000"]e[/color]:\frst (for x64 bit version type [color= "#FF0000"]e[/color]:\frst64) and press Enter
Note: Replace letter [color= "#FF0000"]e[/color] with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search: ".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

bgriff · 2012/09/14

Broni,

here in the next couple of post or so are my Getting started virus removal scan log results for your viewing. Thanks for the next set of virus removal steps. I will try those next and update you soon.

GMER
----------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-13 18:57:15
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0
Running: Gmer.exe; Driver: C:\Users\BG\AppData\Local\Temp\pgtdqpoc.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748E8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74929855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748EB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748DFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748E7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748DEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7491B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [748EBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748E0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

bgriff · 2012/09/14

Gmer log - P2
---------------
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748E06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748D71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7496D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74907329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748DE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748D697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748D69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748E2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \FileSystem\fastfat \Fat A5E1DA7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB56110$\2149145399 0 bytes
File C:\Windows\$NtUninstallKB56110$\2149145399\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB56110$\2149145399\L 0 bytes
File C:\Windows\$NtUninstallKB56110$\2149145399\U 0 bytes
File C:\Windows\$NtUninstallKB56110$\2771160471 0 bytes

---- EOF - GMER 1.0.15 ----

bgriff · 2012/09/14

MBRCheck
-----------------
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 04:00:41
-----------------------------
04:00:41.837 OS Version: Windows 6.0.6001 Service Pack 1
04:00:41.837 Number of processors: 2 586 0xF0D
04:00:41.837 ComputerName: BG-PC UserName: BG
04:00:42.524 Initialize success
04:01:23.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
04:01:23.552 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
04:01:23.552 Disk 0 MBR read successfully
04:01:23.567 Disk 0 MBR scan
04:01:23.583 Disk 0 unknown MBR code
04:01:23.583 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11993 MB offset 63
04:01:23.598 Disk 0 Partition 2 80 (A) 0E FAT16 LBA NTFS 70424 MB offset 24563712
04:01:23.614 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 37732 MB offset 168792120
04:01:23.630 Disk 0 Partition - 00 05 Extended 32475 MB offset 246067605
04:01:23.661 Disk 0 Partition 4 00 BC BOOTWIZ0 32475 MB offset 246067668
04:01:23.676 Disk 0 scanning sectors +312576705
04:01:23.770 Disk 0 scanning C:\Windows\system32\drivers
04:01:32.990 Service scanning
04:01:50.446 Modules scanning
04:01:53.020 Disk 0 trace - called modules:
04:01:53.051 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
04:01:53.067 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8595d6b8]
04:01:53.067 3 CLASSPNP.SYS[871c5745] -> nt!IofCallDriver -> [0x84e443b0]
04:01:53.082 5 acpi.sys[826956a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e60030]
04:01:53.098 Scan finished successfully
04:12:33.104 Disk 0 MBR has been saved successfully to "C:\Users\BG\Desktop\logs\MBR.dat "
04:12:33.135 The log file has been saved successfully to "C:\Users\BG\Desktop\logs\MBRCheck.txt "

bgriff · 2012/09/14

DDS(2 logs- Attach, DDS)

Attach.txt
----------
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/4/2010 6:39:58 PM
System Uptime: 9/14/2012 3:16:22 AM (1 hours ago)
.
Motherboard: Acer, Inc. | | Nestos
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | U2E1 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 22.858 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 36.757 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011D1025&REV_02\4&3B390CB8&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011D1025&REV_02\4&3B390CB8&0&00E2
Service: b57nd60x
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
RP265: 8/26/2012 12:32:18 PM - Removed Java(TM) 6 Update 33
RP266: 8/26/2012 12:36:51 PM - Installed Java 7 Update 6
RP268: 9/8/2012 8:41:01 AM - Installed Atheros for Acer Driver v7.3.1.109_Foxconn InstallatioJ›>/
RP269: 9/8/2012 8:42:43 AM - Device Driver Package Install: Atheros Communications Inc. Network adapters
RP270: 9/13/2012 6:33:40 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 9.0 Sprint
Acer Arcade Deluxe
Acer Assist
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acer Tour
Ad-Aware
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.6
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros for Acer Driver v7.3.1.109_Foxconn Installation Program
Bonjour
Boson Exam Environment
Bricks of Egypt
Broadcom Gigabit Integrated Controller
CCleaner
CCNA 802 Practice Exam
CCNA 802 Practice Exam (C:\Program Files\CCNA 802 Practice Exam\)
Cisco Packet Tracer 5.3
Cisco Packet Tracer 5.3.1
Cisco Packet Tracer 5.3.3
DivX Setup
Epson Connect
Epson Customer Participation
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 435 Series Printer Uninstall
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
iTunes
Java 7 Update 6
Java Auto Updater
KeyScrambler
Launch Manager
LightScribe 1.4.142.1
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
Orion
PowerProducer 3.72
QuickTime
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Spybot - Search & Destroy
swMSM
Symantec AntiVirus
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual CertExam Suite 1.9
VLC media player 1.1.11
WebEx
WIDCOMM Bluetooth Software
Winbond CIR Drivers
WinRAR archiver
.

bgriff · 2012/09/14

Attach.txt (cont.)

==== Event Viewer Messages From Past Week ========
.
9/8/2012 8:20:55 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
9/8/2012 8:20:55 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/8/2012 8:20:55 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/8/2012 8:20:38 AM, Error: Service Control Manager [7031] - The IPsec Policy Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/8/2012 8:12:23 AM, Error: EventLog [6008] - The previous system shutdown at 8:10:53 AM on 9/8/2012 was unexpected.
9/8/2012 7:59:53 AM, Error: EventLog [6008] - The previous system shutdown at 7:56:29 AM on 9/8/2012 was unexpected.
9/8/2012 7:44:31 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
9/8/2012 7:34:19 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147500053.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/8/2012 7:32:52 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/8/2012 7:29:14 AM, Error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
9/8/2012 7:00:09 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
9/8/2012 7:00:09 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: Access is denied.
9/8/2012 7:00:09 AM, Error: Service Control Manager [7000] - The NetIO Legacy TDI Support Driver service failed to start due to the following error: Access is denied.
9/8/2012 5:12:26 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 6801 (0x1A91).
9/8/2012 5:10:08 PM, Error: EventLog [6008] - The previous system shutdown at 5:08:19 PM on 9/8/2012 was unexpected.
9/8/2012 4:09:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/8/2012 4:02:16 PM, Error: EventLog [6008] - The previous system shutdown at 3:00:57 PM on 9/8/2012 was unexpected.
9/8/2012 12:58:34 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
9/7/2012 6:37:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service Symantec AntiVirus with arguments " " in order to run the server: {98694799-6891-4FD7-A91D-FB43B78AEC8C}
9/7/2012 4:35:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/7/2012 4:35:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/7/2012 4:35:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/7/2012 4:35:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl SPBBCDrv spldr SRTSP SRTSPX SYMTDI Wanarpv6
9/7/2012 4:35:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/7/2012 4:32:51 AM, Error: EventLog [6008] - The previous system shutdown at 4:30:39 AM on 9/7/2012 was unexpected.
9/7/2012 4:28:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
9/7/2012 4:27:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
9/7/2012 4:26:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tdx
9/7/2012 4:26:18 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2012 4:26:18 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2012 4:26:18 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/13/2012 5:39:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/13/2012 5:39:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/13/2012 5:39:44 AM, Error: EventLog [6008] - The previous system shutdown at 4:45:05 AM on 9/13/2012 was unexpected.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr SRTSP SRTSPX SYMTDI tdx Wanarpv6
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/13/2012 5:39:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/13/2012 4:34:55 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
9/13/2012 4:30:04 AM, Error: EventLog [6008] - The previous system shutdown at 4:27:51 AM on 9/13/2012 was unexpected.
9/13/2012 4:14:50 AM, Error: EventLog [6008] - The previous system shutdown at 4:12:10 AM on 9/13/2012 was unexpected.
9/13/2012 3:58:32 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
9/13/2012 3:39:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec AntiVirus service.
.
==== End Of File ===========================

bgriff · 2012/09/14

DDS.txt
--------
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.6.2
Run by BG at 4:13:46 on 2012-09-14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1526.1076 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.acer.com/worldwide/selection.html
uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uWinlogon: Shell=explorer.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe "
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe "
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe "
mRun: [Acer Tour]
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [eRecoveryService]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe "
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: army.mil\athd
Trusted Zone: facebook.com\www
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{07D12FC9-0E57-4C8E-A5F4-3ECE785F834D} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bg\appdata\roaming\mozilla\firefox\profiles\4r29rzuw.default\
FF - component: c:\users\bg\appdata\roaming\mozilla\firefox\profiles\4r29rzuw.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\bg\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-5 64512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-7-10 173880]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-8-6 13560]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
S2 EraserSvc11220;Symantec Eraser Service;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-11-22 107624]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 135664]
S2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
S2 TeamViewer6;TeamViewer 6;c:\users\bg\appdata\local\temp\teamviewer\version6\TeamViewer_Service.exe [2011-6-12 2337144]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-27 106656]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-15 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-08 12:42:15 755712 ----a-w- c:\windows\system32\drivers\athr.sys
2012-09-08 12:42:15 755712 ----a-w- c:\windows\system32\athr.sys
2012-09-08 12:42:15 24576 ----a-w- c:\windows\system32\PressCancel.exe
2012-09-08 12:42:15 -------- d-----w- c:\program files\Atheros
2012-09-08 12:38:50 -------- d-----w- c:\programdata\Atheros
2012-09-08 11:42:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-08 11:42:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-08 11:05:46 -------- d-----w- c:\users\bg\appdata\local\CrashDumps
2012-09-07 08:27:27 -------- d-----w- c:\users\bg\appdata\local\NPE
2012-09-07 08:27:27 -------- d-----w- c:\programdata\Norton
2012-09-07 00:54:44 -------- d-----w- c:\users\bg\appdata\roaming\FixZeroAccess
2012-09-07 00:54:41 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-08-26 16:39:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-26 13:50:08 -------- d-----w- c:\programdata\Premium
2012-08-26 13:49:23 -------- d-----w- c:\programdata\InstallMate
.
==================== Find3M ====================
.
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-26 16:45:58 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 16:45:56 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-26 16:38:18 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-26 16:38:18 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 4:14:53.20 ===============

bgriff · 2012/09/15

Broni,

here is the next set of logs you provided me and requested results for:

FRST.txt
----------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-09-2012 01
Ran by SYSTEM at 15-09-2012 04:53:58
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-05-22] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8433664 2007-05-22] (NVIDIA Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-06-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [707080 2007-06-28] (Dritek System Inc.)
HKLM\...\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" [1286144 2007-06-11] (CyberLink)
HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [206952 2007-05-24] (CyberLink Corp.)
HKLM\...\Run: [Acer Tour] [x]
HKLM\...\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [45056 2007-04-25] ( )
HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup [3383296 2007-02-02] (Leader Technologies)
HKLM\...\Run: [eRecoveryService] [x]
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [107112 2006-11-22] (Symantec Corporation)
HKLM\...\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe [134808 2006-11-28] (Symantec Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-07-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\BG\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\BG\...\Winlogon: [Shell] explorer.exe, [x]
HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [27432 2007-04-26] ()
HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [27432 2007-04-26] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

==================== Services ================================

2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation)
2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation)
2 DefWatch; "C:\Program Files\Symantec AntiVirus\DefWatch.exe" [30872 2006-11-28] (Symantec Corporation)
2 dlcc_device; C:\Windows\system32\dlcccoms.exe -service [538096 2007-02-14] ( )
2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [457512 2007-04-25] (HiTRSUT)
2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.)
2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.)
2 EpsonCustomerParticipation; "C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe" [521600 2011-06-09] (SEIKO EPSON CORPORATION)
2 EraserSvc11220; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation)
2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.)
2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] ()
2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-11-20] (Lavasoft Limited)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2541248 2006-10-31] (Symantec Corporation)
2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [107008 2006-11-24] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [266343 2007-01-23] ()
2 SavRoam; "C:\Program Files\Symantec AntiVirus\SavRoam.exe" [122008 2006-11-28] (symantec)
2 Symantec AntiVirus; "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" [1962136 2006-11-28] (Symantec Corporation)
2 TeamViewer6; C:\Users\BG\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe [2337144 2011-06-01] (TeamViewer GmbH)
2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer)

==================== Drivers =================================

3 btaudio; C:\Windows\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-07-31] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-15] (Symantec Corporation)
2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [173880 2011-12-14] (QFX Software Corporation)
3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] ()
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120907.001\NAVENG.SYS [92704 2012-09-06] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120907.001\NAVEX15.SYS [1601184 2012-09-06] (Symantec Corporation)
0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45648 2011-11-28] (Sonic Solutions)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [247144 2006-11-22] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [274328 2006-11-22] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25448 2006-11-22] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2010-07-05] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-10-26] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-10-26] (Symantec Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [71680 2008-01-18] ()
3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) =================

============ One Month Created Files and Folders ==============

2012-09-15 04:53 - 2012-09-15 04:53 - 00000000 ___DC C:\FRST
2012-09-13 23:17 - 2012-09-13 23:17 - 00000384 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-09-13 15:02 - 2012-09-12 22:54 - 00607260 ____R (Swearware) C:\Users\BG\Desktop\dds.com
2012-09-13 15:01 - 2012-09-12 22:51 - 04731392 ____A (AVAST Software) C:\Users\BG\Desktop\aswMBR.exe
2012-09-13 01:39 - 2012-09-13 01:39 - 00138696 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 00:30 - 2012-09-13 00:30 - 00138696 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:14 - 2012-09-13 00:14 - 00138696 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-13 00:02 - 2012-09-12 22:50 - 00302592 ____A C:\Users\BG\Desktop\Gmer.exe
2012-09-12 21:28 - 2012-09-12 21:28 - 00000425 ____A C:\Users\BG\Desktop\test.csv
2012-09-08 12:01 - 2012-09-08 12:01 - 00001158 ____A C:\Windows\PFRO.log
2012-09-08 04:42 - 2012-09-08 04:42 - 00000000 ____D C:\Program Files\Atheros
2012-09-08 04:42 - 2007-09-21 08:37 - 00032134 ____A C:\Windows\System32\athrext.cat
2012-09-08 04:42 - 2007-09-13 11:17 - 00755712 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\athr.sys
2012-09-08 04:42 - 2007-09-13 11:17 - 00755712 ____A (Atheros Communications, Inc.) C:\Windows\System32\athr.sys
2012-09-08 04:42 - 2007-05-16 06:29 - 00024576 ____A C:\Windows\System32\PressCancel.exe
2012-09-08 04:42 - 2007-01-09 05:25 - 00000008 _RASH C:\Windows\System32\Desktop_.ini
2012-09-08 04:38 - 2012-09-08 04:38 - 00000000 ____D C:\Users\All Users\Atheros
2012-09-08 04:06 - 2012-09-08 04:06 - 00000680 ____A C:\Users\BG\AppData\Local\d3d9caps.dat
2012-09-08 03:59 - 2012-09-13 01:39 - 276866881 ____A C:\Windows\MEMORY.DMP
2012-09-08 03:59 - 2012-09-08 03:59 - 00138696 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-08 03:42 - 2012-09-08 03:48 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-09-08 03:42 - 2012-09-08 03:42 - 00001059 ____A C:\Users\BG\Desktop\Spybot - Search & Destroy.lnk
2012-09-08 03:42 - 2012-09-08 03:42 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-09-08 03:05 - 2012-09-13 23:04 - 00000000 ____D C:\Users\BG\AppData\Local\CrashDumps
2012-09-07 00:27 - 2012-09-07 01:00 - 00000000 ____D C:\Users\BG\AppData\Local\NPE
2012-09-07 00:27 - 2012-09-07 00:27 - 00000000 ____D C:\Users\All Users\Norton
2012-09-06 16:54 - 2012-09-06 16:54 - 00035752 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-09-06 16:54 - 2012-09-06 16:54 - 00000000 ____D C:\Users\BG\AppData\Roaming\FixZeroAccess
2012-09-04 00:38 - 2012-09-04 00:38 - 00019922 ____A C:\Users\BG\Documents\TrojanZeroaccess_backup.reg
2012-08-26 19:12 - 2012-08-26 19:12 - 00823648 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (4).exe
2012-08-26 19:12 - 2012-08-26 19:12 - 00823648 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (3).exe
2012-08-26 08:40 - 2012-08-26 08:40 - 00000000 ____D C:\Program Files\Common Files\Java
2012-08-26 08:39 - 2012-08-26 08:38 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-26 08:39 - 2012-08-26 08:38 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-26 08:39 - 2012-08-26 08:38 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-26 08:39 - 2012-08-26 08:38 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-08-26 08:30 - 2012-08-26 08:30 - 00894952 ____A (Oracle Corporation) C:\Users\BG\Downloads\chromeinstall-7u6.exe
2012-08-26 08:24 - 2012-08-26 08:24 - 00760128 ____A (RealNetworks, Inc.) C:\Users\BG\Downloads\RealPlayer.exe
2012-08-26 05:50 - 2012-08-26 05:50 - 00000000 ____D C:\Users\All Users\Premium
2012-08-26 05:49 - 2012-08-26 05:50 - 00000000 ____D C:\Users\All Users\InstallMate
2012-08-19 11:45 - 2012-08-19 11:46 - 00001891 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

bgriff · 2012/09/15

FRST.txt cont.
---------------

============ 3 Months Modified Files ========================

2012-09-15 00:37 - 2006-11-02 05:01 - 00032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-15 00:37 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-15 00:36 - 2010-07-17 22:12 - 00068507 ___AC C:\aaw7boot.log
2012-09-15 00:36 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-15 00:36 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-14 00:33 - 2010-07-11 01:13 - 00000494 ____A C:\Users\BG\.packettracer
2012-09-13 23:17 - 2012-09-13 23:17 - 00000384 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-09-13 23:15 - 2010-07-04 14:40 - 01447042 ____A C:\Windows\WindowsUpdate.log
2012-09-13 23:02 - 2010-07-09 00:01 - 00000874 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-13 23:01 - 2011-05-03 02:36 - 00000064 ____A C:\Windows\System32\rp_stats.dat
2012-09-13 23:01 - 2011-05-03 02:36 - 00000044 ____A C:\Windows\System32\rp_rules.dat
2012-09-13 02:46 - 2010-07-09 00:01 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-13 01:58 - 2012-04-11 18:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-13 01:39 - 2012-09-13 01:39 - 00138696 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 01:39 - 2012-09-08 03:59 - 276866881 ____A C:\Windows\MEMORY.DMP
2012-09-13 00:30 - 2012-09-13 00:30 - 00138696 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:14 - 2012-09-13 00:14 - 00138696 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-12 22:54 - 2012-09-13 15:02 - 00607260 ____R (Swearware) C:\Users\BG\Desktop\dds.com
2012-09-12 22:51 - 2012-09-13 15:01 - 04731392 ____A (AVAST Software) C:\Users\BG\Desktop\aswMBR.exe
2012-09-12 22:50 - 2012-09-13 00:02 - 00302592 ____A C:\Users\BG\Desktop\Gmer.exe
2012-09-12 21:28 - 2012-09-12 21:28 - 00000425 ____A C:\Users\BG\Desktop\test.csv
2012-09-12 18:00 - 2012-03-07 00:37 - 00001220 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-10 19:13 - 2006-11-02 02:33 - 00715876 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-08 12:01 - 2012-09-08 12:01 - 00001158 ____A C:\Windows\PFRO.log
2012-09-08 04:06 - 2012-09-08 04:06 - 00000680 ____A C:\Users\BG\AppData\Local\d3d9caps.dat
2012-09-08 03:59 - 2012-09-08 03:59 - 00138696 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-08 03:42 - 2012-09-08 03:42 - 00001059 ____A C:\Users\BG\Desktop\Spybot - Search & Destroy.lnk
2012-09-07 13:04 - 2010-07-08 01:02 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 16:54 - 2012-09-06 16:54 - 00035752 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-09-04 00:38 - 2012-09-04 00:38 - 00019922 ____A C:\Users\BG\Documents\TrojanZeroaccess_backup.reg
2012-08-26 19:12 - 2012-08-26 19:12 - 00823648 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (4).exe
2012-08-26 19:12 - 2012-08-26 19:12 - 00823648 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (3).exe
2012-08-26 08:45 - 2012-04-11 18:12 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-26 08:45 - 2011-07-16 16:07 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-26 08:38 - 2012-08-26 08:39 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-26 08:38 - 2012-08-26 08:39 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-26 08:38 - 2012-08-26 08:39 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-26 08:38 - 2012-08-26 08:39 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-08-26 08:38 - 2012-07-06 01:17 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-08-26 08:38 - 2010-07-15 21:17 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-26 08:30 - 2012-08-26 08:30 - 00894952 ____A (Oracle Corporation) C:\Users\BG\Downloads\chromeinstall-7u6.exe
2012-08-26 08:24 - 2012-08-26 08:24 - 00760128 ____A (RealNetworks, Inc.) C:\Users\BG\Downloads\RealPlayer.exe
2012-08-22 02:50 - 2010-07-09 00:02 - 00001935 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-19 11:46 - 2012-08-19 11:45 - 00001891 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-15 19:05 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-23 03:21 - 2012-07-23 03:21 - 08324984 ____A (Avanset ) C:\Users\BG\Downloads\visual_certexam_suite_setup(1).exe
2012-07-11 19:17 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
2012-07-06 01:08 - 2012-07-06 01:08 - 00907528 ____A (Sun Microsystems, Inc.) C:\Users\BG\Downloads\jre-6u33-windows-i586-iftw.exe
2012-07-06 01:08 - 2012-07-06 01:08 - 00907528 ____A (Sun Microsystems, Inc.) C:\Users\BG\Downloads\jre-6u33-windows-i586-iftw (1).exe
2012-06-28 21:54 - 2012-06-28 21:54 - 00823576 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1.exe
2012-06-28 21:54 - 2012-06-28 21:54 - 00823576 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (2).exe
2012-06-28 21:54 - 2012-06-28 21:54 - 00823576 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (1).exe
2012-06-22 19:46 - 2012-06-22 18:48 - 00000090 ____A C:\Windows\EWF435.ini
2012-06-22 19:05 - 2012-06-22 19:05 - 00001853 ____A C:\Users\Public\Desktop\WorkForce 435 User's Guide.lnk
2012-06-22 18:50 - 2012-06-22 18:50 - 00000769 ____A C:\Users\Public\Desktop\EPSON Scan.lnk

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-26 08:33:35
Restore point made on: 2012-08-26 08:37:49
Restore point made on: 2012-09-08 04:42:01
Restore point made on: 2012-09-08 04:44:38
Restore point made on: 2012-09-13 02:37:35

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 1525.81 MB
Available physical RAM: 1294.68 MB
Total Pagefile: 1476.24 MB
Available Pagefile: 1353.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

==================== Partitions ============================

1 Drive c: (ACER) (Fixed) (Total:68.77 GB) (Free:21.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:36.85 GB) (Free:36.76 GB) NTFS
4 Drive f: () (Removable) (Total:7.46 GB) (Free:6.04 GB) FAT32
5 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive x: (PQSERVICE) (Fixed) (Total:11.71 GB) (Free:1.93 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 32 KB
Disk 1 Online 7658 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 12 GB 32 KB
Partition 2 Primary 69 GB 12 GB
Partition 3 Primary 37 GB 80 GB
Partition 0 Extended 32 GB 117 GB
Partition 4 Logical 32 GB 117 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 X PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C ACER NTFS Partition 69 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 37 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : BC
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7656 MB 22 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F FAT32 Removable 7656 MB Healthy

==================================================================================

Last Boot: 2012-09-13 23:36

==================== End Of Log =============================

bgriff · 2012/09/15

Search.txt
--------------
Farbar Recovery Scan Tool (x86) Version: 14-09-2012 01
Ran by SYSTEM at 2012-09-15 04:56:36
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2010-07-16 21:38] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2010-07-16 21:38] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2010-12-02 11:26] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ===

broni · 2012/09/15

I don't actually see any signs of ZeroAccess rootkit.

You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Norton.
You must uninstall one of them.
I suggest Lavasoft goes.

What are the current computer issues?

bgriff · 2012/09/16

Broni,

I am still dealing with the same original issues from the beginning plus some additional ones that I just recently noticed. So here they are:

1. My major issue is that I can't connect to internet via LAN or Wireless unless I log on under Safe mode w/ networking system option. When I put mouse over my network icon on bottom task bar it looks like I'm connected, yet it will say, "Currently connected to: Identifying..." & "Access: Local only." This is happening on other networks besides just my home network.

2. My Symantec Antivirus continues to inform me that multiple instances of Trojan.zeroAccess!inf6 were found every time I log on my PC in filename "tdx.sys." And it continuously prompts me to reboot to remove virus, which doesn't really work of course. That file is found in C:\windows\system32\drivers\. In the past I have tried deleting the file following that path but system would not let me, telling me I do not have the administrative permissions to remove file.

3. Everytime I try to access [C:\Documents and Settings] I get the following message, "C:\Documents and Settings is not accessible. Access is denied." I also get this similar message when attempting to access other random system files or folders.

4. Multiple random .txt and .sys files are found on my main (C:\) hardrive

This Rootkit seems to be a smart one. After your last reply I ended up uninstalling Ad-watch Lava soft and Spybot search & destroy from my system. I also re-ran the FRST & Search log scans, and will provide them in the next couple of posts, however I don't think the results are any different but I'll let you be the judge of that.

bgriff · 2012/09/16

2nd FRST.txt
--------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-09-2012 01
Ran by SYSTEM at 16-09-2012 08:02:12
Running from G:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-05-22] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8433664 2007-05-22] (NVIDIA Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-06-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [707080 2007-06-28] (Dritek System Inc.)
HKLM\...\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" [1286144 2007-06-11] (CyberLink)
HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [206952 2007-05-24] (CyberLink Corp.)
HKLM\...\Run: [Acer Tour] [x]
HKLM\...\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [45056 2007-04-25] ( )
HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup [3383296 2007-02-02] (Leader Technologies)
HKLM\...\Run: [eRecoveryService] [x]
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [107112 2006-11-22] (Symantec Corporation)
HKLM\...\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe [134808 2006-11-28] (Symantec Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-07-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\BG\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\BG\...\Winlogon: [Shell] explorer.exe, [x]
HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [27432 2007-04-26] ()
HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [27432 2007-04-26] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

==================== Services ================================

2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation)
2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation)
2 DefWatch; "C:\Program Files\Symantec AntiVirus\DefWatch.exe" [30872 2006-11-28] (Symantec Corporation)
2 dlcc_device; C:\Windows\system32\dlcccoms.exe -service [538096 2007-02-14] ( )
2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [457512 2007-04-25] (HiTRSUT)
2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.)
2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.)
2 EpsonCustomerParticipation; "C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe" [521600 2011-06-09] (SEIKO EPSON CORPORATION)
2 EraserSvc11220; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation)
2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.)
2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] ()
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2541248 2006-10-31] (Symantec Corporation)
2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [107008 2006-11-24] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [266343 2007-01-23] ()
2 SavRoam; "C:\Program Files\Symantec AntiVirus\SavRoam.exe" [122008 2006-11-28] (symantec)
2 Symantec AntiVirus; "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" [1962136 2006-11-28] (Symantec Corporation)
2 TeamViewer6; C:\Users\BG\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe [2337144 2011-06-01] (TeamViewer GmbH)
2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer)

==================== Drivers =================================

3 btaudio; C:\Windows\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-07-31] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-15] (Symantec Corporation)
2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [173880 2011-12-14] (QFX Software Corporation)
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120907.001\NAVENG.SYS [92704 2012-09-06] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120907.001\NAVEX15.SYS [1601184 2012-09-06] (Symantec Corporation)
0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45648 2011-11-28] (Sonic Solutions)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [247144 2006-11-22] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [274328 2006-11-22] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25448 2006-11-22] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2010-07-05] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-10-26] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-10-26] (Symantec Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [71680 2008-01-18] ()
3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) =================

============ One Month Created Files and Folders ==============

2012-09-15 04:53 - 2012-09-15 04:53 - 00000000 ___DC C:\FRST
2012-09-13 15:02 - 2012-09-12 22:54 - 00607260 ____R (Swearware) C:\Users\BG\Desktop\dds.com
2012-09-13 15:01 - 2012-09-12 22:51 - 04731392 ____A (AVAST Software) C:\Users\BG\Desktop\aswMBR.exe
2012-09-13 01:39 - 2012-09-13 01:39 - 00138696 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 00:30 - 2012-09-13 00:30 - 00138696 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:14 - 2012-09-13 00:14 - 00138696 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-13 00:02 - 2012-09-12 22:50 - 00302592 ____A C:\Users\BG\Desktop\Gmer.exe
2012-09-12 21:28 - 2012-09-12 21:28 - 00000425 ____A C:\Users\BG\Desktop\test.csv
2012-09-08 12:01 - 2012-09-15 18:12 - 00001490 ____A C:\Windows\PFRO.log
2012-09-08 04:42 - 2012-09-08 04:42 - 00000000 ____D C:\Program Files\Atheros
2012-09-08 04:42 - 2007-09-21 08:37 - 00032134 ____A C:\Windows\System32\athrext.cat
2012-09-08 04:42 - 2007-09-13 11:17 - 00755712 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\athr.sys
2012-09-08 04:42 - 2007-09-13 11:17 - 00755712 ____A (Atheros Communications, Inc.) C:\Windows\System32\athr.sys
2012-09-08 04:42 - 2007-05-16 06:29 - 00024576 ____A C:\Windows\System32\PressCancel.exe
2012-09-08 04:42 - 2007-01-09 05:25 - 00000008 _RASH C:\Windows\System32\Desktop_.ini
2012-09-08 04:38 - 2012-09-08 04:38 - 00000000 ____D C:\Users\All Users\Atheros
2012-09-08 04:06 - 2012-09-15 21:05 - 00001356 ____A C:\Users\BG\AppData\Local\d3d9caps.dat
2012-09-08 03:59 - 2012-09-13 01:39 - 276866881 ____A C:\Windows\MEMORY.DMP
2012-09-08 03:59 - 2012-09-08 03:59 - 00138696 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-08 03:42 - 2012-09-15 18:12 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-09-08 03:42 - 2012-09-15 18:08 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-09-08 03:05 - 2012-09-13 23:04 - 00000000 ____D C:\Users\BG\AppData\Local\CrashDumps
2012-09-07 00:27 - 2012-09-07 01:00 - 00000000 ____D C:\Users\BG\AppData\Local\NPE
2012-09-07 00:27 - 2012-09-07 00:27 - 00000000 ____D C:\Users\All Users\Norton
2012-09-06 16:54 - 2012-09-06 16:54 - 00035752 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-09-06 16:54 - 2012-09-06 16:54 - 00000000 ____D C:\Users\BG\AppData\Roaming\FixZeroAccess
2012-09-04 00:38 - 2012-09-04 00:38 - 00019922 ____A C:\Users\BG\Documents\TrojanZeroaccess_backup.reg
2012-08-26 19:12 - 2012-08-26 19:12 - 00823648 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (4).exe
2012-08-26 19:12 - 2012-08-26 19:12 - 00823648 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (3).exe
2012-08-26 08:40 - 2012-08-26 08:40 - 00000000 ____D C:\Program Files\Common Files\Java
2012-08-26 08:39 - 2012-08-26 08:38 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-26 08:39 - 2012-08-26 08:38 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-26 08:39 - 2012-08-26 08:38 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-26 08:39 - 2012-08-26 08:38 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-08-26 08:30 - 2012-08-26 08:30 - 00894952 ____A (Oracle Corporation) C:\Users\BG\Downloads\chromeinstall-7u6.exe
2012-08-26 08:24 - 2012-08-26 08:24 - 00760128 ____A (RealNetworks, Inc.) C:\Users\BG\Downloads\RealPlayer.exe
2012-08-26 05:50 - 2012-08-26 05:50 - 00000000 ____D C:\Users\All Users\Premium
2012-08-26 05:49 - 2012-08-26 05:50 - 00000000 ____D C:\Users\All Users\InstallMate
2012-08-19 11:45 - 2012-08-19 11:46 - 00001891 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

bgriff · 2012/09/16

2ndFRST.txt cont
-----------------

============ 3 Months Modified Files ========================

2012-09-16 03:56 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-16 03:56 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-16 03:55 - 2010-07-04 14:40 - 01509101 ____A C:\Windows\WindowsUpdate.log
2012-09-16 03:55 - 2006-11-02 05:01 - 00032528 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-16 03:55 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-16 03:46 - 2010-07-09 00:01 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-16 02:58 - 2012-04-11 18:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-16 02:24 - 2010-07-09 00:01 - 00000874 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-15 21:05 - 2012-09-08 04:06 - 00001356 ____A C:\Users\BG\AppData\Local\d3d9caps.dat
2012-09-15 18:12 - 2012-09-08 12:01 - 00001490 ____A C:\Windows\PFRO.log
2012-09-15 01:29 - 2010-07-17 22:12 - 00068731 ___AC C:\aaw7boot.log
2012-09-14 00:33 - 2010-07-11 01:13 - 00000494 ____A C:\Users\BG\.packettracer
2012-09-13 23:01 - 2011-05-03 02:36 - 00000064 ____A C:\Windows\System32\rp_stats.dat
2012-09-13 23:01 - 2011-05-03 02:36 - 00000044 ____A C:\Windows\System32\rp_rules.dat
2012-09-13 01:39 - 2012-09-13 01:39 - 00138696 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 01:39 - 2012-09-08 03:59 - 276866881 ____A C:\Windows\MEMORY.DMP
2012-09-13 00:30 - 2012-09-13 00:30 - 00138696 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:14 - 2012-09-13 00:14 - 00138696 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-12 22:54 - 2012-09-13 15:02 - 00607260 ____R (Swearware) C:\Users\BG\Desktop\dds.com
2012-09-12 22:51 - 2012-09-13 15:01 - 04731392 ____A (AVAST Software) C:\Users\BG\Desktop\aswMBR.exe
2012-09-12 22:50 - 2012-09-13 00:02 - 00302592 ____A C:\Users\BG\Desktop\Gmer.exe
2012-09-12 21:28 - 2012-09-12 21:28 - 00000425 ____A C:\Users\BG\Desktop\test.csv
2012-09-12 18:00 - 2012-03-07 00:37 - 00001220 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-10 19:13 - 2006-11-02 02:33 - 00715876 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-08 03:59 - 2012-09-08 03:59 - 00138696 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-07 13:04 - 2010-07-08 01:02 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 16:54 - 2012-09-06 16:54 - 00035752 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-09-04 00:38 - 2012-09-04 00:38 - 00019922 ____A C:\Users\BG\Documents\TrojanZeroaccess_backup.reg
2012-08-26 19:12 - 2012-08-26 19:12 - 00823648 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (4).exe
2012-08-26 19:12 - 2012-08-26 19:12 - 00823648 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (3).exe
2012-08-26 08:45 - 2012-04-11 18:12 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-26 08:45 - 2011-07-16 16:07 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-26 08:38 - 2012-08-26 08:39 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-26 08:38 - 2012-08-26 08:39 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-26 08:38 - 2012-08-26 08:39 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-26 08:38 - 2012-08-26 08:39 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-08-26 08:38 - 2012-07-06 01:17 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-08-26 08:38 - 2010-07-15 21:17 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-26 08:30 - 2012-08-26 08:30 - 00894952 ____A (Oracle Corporation) C:\Users\BG\Downloads\chromeinstall-7u6.exe
2012-08-26 08:24 - 2012-08-26 08:24 - 00760128 ____A (RealNetworks, Inc.) C:\Users\BG\Downloads\RealPlayer.exe
2012-08-22 02:50 - 2010-07-09 00:02 - 00001935 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-19 11:46 - 2012-08-19 11:45 - 00001891 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-15 19:05 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-23 03:21 - 2012-07-23 03:21 - 08324984 ____A (Avanset ) C:\Users\BG\Downloads\visual_certexam_suite_setup(1).exe
2012-07-11 19:17 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
2012-07-06 01:08 - 2012-07-06 01:08 - 00907528 ____A (Sun Microsystems, Inc.) C:\Users\BG\Downloads\jre-6u33-windows-i586-iftw.exe
2012-07-06 01:08 - 2012-07-06 01:08 - 00907528 ____A (Sun Microsystems, Inc.) C:\Users\BG\Downloads\jre-6u33-windows-i586-iftw (1).exe
2012-06-28 21:54 - 2012-06-28 21:54 - 00823576 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1.exe
2012-06-28 21:54 - 2012-06-28 21:54 - 00823576 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (2).exe
2012-06-28 21:54 - 2012-06-28 21:54 - 00823576 ____A (Bandoo Media Inc) C:\Users\BG\Downloads\iLividSetupV1 (1).exe
2012-06-22 19:46 - 2012-06-22 18:48 - 00000090 ____A C:\Windows\EWF435.ini
2012-06-22 19:05 - 2012-06-22 19:05 - 00001853 ____A C:\Users\Public\Desktop\WorkForce 435 User's Guide.lnk
2012-06-22 18:50 - 2012-06-22 18:50 - 00000769 ____A C:\Users\Public\Desktop\EPSON Scan.lnk

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-08 04:42:01
Restore point made on: 2012-09-08 04:44:38
Restore point made on: 2012-09-13 02:37:35
Restore point made on: 2012-09-15 02:18:58
Restore point made on: 2012-09-15 17:56:20

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 1525.81 MB
Available physical RAM: 1296.68 MB
Total Pagefile: 1476.24 MB
Available Pagefile: 1355.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.35 MB

==================== Partitions ============================

1 Drive c: (ACER) (Fixed) (Total:68.77 GB) (Free:22.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:36.85 GB) (Free:36.76 GB) NTFS
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: () (Removable) (Total:7.46 GB) (Free:6.04 GB) FAT32
6 Drive x: (PQSERVICE) (Fixed) (Total:11.71 GB) (Free:1.93 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 32 KB
Disk 1 Online 7658 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 12 GB 32 KB
Partition 2 Primary 69 GB 12 GB
Partition 3 Primary 37 GB 80 GB
Partition 0 Extended 32 GB 117 GB
Partition 4 Logical 32 GB 117 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 X PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C ACER NTFS Partition 69 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D DATA NTFS Partition 37 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : BC
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7656 MB 22 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7656 MB Healthy

==================================================================================

Last Boot: 2012-09-16 02:32

==================== End Of Log =============================

bgriff · 2012/09/16

2ndSearch.txt
--------------
Farbar Recovery Scan Tool (x86) Version: 14-09-2012 01
Ran by SYSTEM at 2012-09-16 08:04:56
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2010-07-16 21:38] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2010-07-16 21:38] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2010-12-02 11:26] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ===

bgriff · 2012/09/16

Broni,

also I forgot to add that I have even removed and downloaded new network drivers hoping the would solve my network access issues, but the same connectivity issue still occurs.

broni · 2012/09/16

Everytime I try to access [C:\Documents and Settings] I get the following message, "C:\Documents and Settings is not accessible. Access is denied. "
Click to expand...

In Vista the above folder is a hidden system folder and there is no reason to access it.

Then...

Please download Farbar Service Scanner Download Link and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

bgriff · 2012/09/17

Broni,

this scan finally found a threat.

FSS.txt
---------

Farbar Service Scanner Version: 06-08-2012
Ran by BG (administrator) on 16-09-2012 at 17:01:10
Running from "C:\Users\BG\Desktop "
Windows Vista (TM) Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1

Log in or Sign up

Solved Have Trojan.zeroAccess!inf5/6 virus

bgriff Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

broni Moderator Malware Analyst

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

broni Moderator Malware Analyst

bgriff Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Have Trojan.zeroAccess!inf5/6 virus

bgriff Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

broni Moderator Malware Analyst

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

bgriff Inactive Thread Starter

broni Moderator Malware Analyst

bgriff Inactive Thread Starter

Share This Page

Useful Searches