[Resolved K] Unable to update Microsoft Security Essentials

[MikeMobes]

Well, here goes nothing.  I am trying to help my parents with their computer, which is frustratingly comparable to watching a developmentally disabled chimpanzee attempt to solve a rubick's cube.     According to my mother, she noticed an error message that had something do do with the Belkin router software, and around the same time, she noticed the Microsoft Security Essentials icon had turned to an angry orange/white exclamation point.  She ran a few quick scans with no results, then ran a full scan and found somewhere around 14 files, of which she let MSE automatically repair/quarantine.  After that, she was tinkering around in MSE, and saw the logs and cleared them all thinking that she was deleting malware.  Now, MSE is unable to install updates.  I've already reset microsoft update, and MSE will still not install updates internally or with Microsoft update.  I ran Malwarebytes for a couple seconds, and it found 4 items.  I cancelled the scan, and here i am! Thanks!

Logs:

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_33
Run by Grammaton Cleric at 22:25:22 on 2012-07-09
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Grammaton Cleric\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.dell.com
mDefault_Page_URL = hxxp://www.dell.com
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: XBTBPos00: {fcbccb87-9224-4b8d-b117-f56d924beb18} - Fast Browser Search Toolbar Helper
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8E822D78-5FA2-4F84-896F-C1DCC2A62911} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B6427DDC-7783-4E52-8833-CAD6901AFB2D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FF641C2F-EE52-4E11-A57A-CCCFDB5FFD63} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - Fast Browser Search Toolbar Helper
BHO-X64:     XBTBPos00 - No File
TB-X64: Fast Browser Search Toolbar: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} -
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Grammaton Cleric\AppData\Roaming\Mozilla\Firefox\Profiles\a4guv6qc.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Grammaton Cleric\AppData\Roaming\Mozilla\Firefox\Profiles\a4guv6qc.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? BBSvc;Bing Bar Update Service
R? btwl2cap;Bluetooth L2CAP Service
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? LMIRfsClientNP;LMIRfsClientNP
R? MozillaMaintenance;Mozilla Maintenance Service
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? PerfHost;Performance Counter DLL Host
R? QuickBooksDB17;QuickBooksDB17
R? USBAAPL64;Apple Mobile USB Driver
R? VCR2PC;VCR2PC Analog Capture
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AESTFilters;Andrea ST Filters Service
S? Belkin Local Backup Service;Belkin Local Backup Service
S? Belkin Network USB Helper;Belkin Network USB Helper
S? ElRawDisk;ElRawDisk
S? FontCache;Windows Font Cache Service
S? IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service
S? itecir;ITECIR Infrared Receiver
S? k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0
S? LMIGuardianSvc;LMIGuardianSvc
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? MpFilter;Microsoft Malware Protection Driver
S? OA001Ufd;Creative Camera OA001 Upper Filter Driver
S? OA001Vid;Creative Camera OA001 Function Driver
S? PxHlpa64;PxHlpa64
S? sxuptp;SXUPTP Driver
.
=============== File Associations ===============
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-10 04:55:19   --------   d-----w-   C:\Users\Grammaton Cleric\AppData\Local\ElevatedDiagnostics
2012-07-09 05:31:19   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9FBA859F-FEC3-4BA6-936F-BEDCF7FD1F09}\offreg.dll
2012-07-09 01:28:38   9013136   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{64DBFCED-D9AB-4130-AB6C-608CADB32C24}\mpengine.dll
2012-07-03 21:23:31   927800   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{513EA1A1-F00B-43F8-8F7A-3EB0CEF1FE94}\gapaengine.dll
2012-06-29 01:36:42   209920   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-06-29 01:36:37   2767360   ----a-w-   C:\Windows\System32\win32k.sys
2012-06-29 01:36:04   984064   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2012-06-29 01:36:04   174592   ----a-w-   C:\Windows\System32\cryptsvc.dll
2012-06-29 01:36:04   133120   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2012-06-29 01:36:04   132096   ----a-w-   C:\Windows\System32\cryptnet.dll
2012-06-29 01:36:04   1267200   ----a-w-   C:\Windows\System32\crypt32.dll
2012-06-29 01:36:03   98304   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2012-06-29 01:27:23   8955792   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9FBA859F-FEC3-4BA6-936F-BEDCF7FD1F09}\mpengine.dll
2012-06-23 19:47:04   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2012-06-23 19:46:44   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2012-06-23 19:46:44   88576   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2012-06-23 19:46:34   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2012-06-23 19:46:34   33792   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2012-06-23 19:46:34   186752   ----a-w-   C:\Windows\System32\wuwebv.dll
2012-06-23 19:46:34   171904   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2012-06-16 10:55:18   8955792   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
==================== Find3M  ====================
.
2012-07-10 04:48:24   87456   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll
2012-07-10 04:48:24   80768   ----a-w-   C:\Windows\System32\LMIinit.dll
2012-07-10 04:48:24   34688   ----a-w-   C:\Windows\System32\LMIport.dll
2012-06-23 19:38:08   70344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 19:38:08   426184   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-31 19:25:12   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2012-05-18 02:06:48   2311680   ----a-w-   C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-05-18 01:58:39   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37   1800192   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-05-09 19:21:41   476936   ----a-w-   C:\Windows\SysWow64\npdeployJava1.dll
2012-05-09 19:21:36   472840   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 22:25:40.64 ===============

Attach:
.
==== Installed Programs ======================
.
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
ARS Advanced TS Client
Belkin Setup and Router Monitor
Bing Bar
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
Dell Video Chat (remove only)
Dell Webcam Central
ECDSDesktopVersionSetup
erLT
ExactCharge Setup
Garmin USB Drivers
Garmin WebUpdater
GIMP 2.6.11
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ION EZ Video Converter
ITECIR Driver
Java Auto Updater
Java(TM) 6 Update 33
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Live! Cam Avatar Creator
LiveUpdate (Symantec Corporation)
Logitech SetPoint
Logitech Updater
LogMeIn
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.61.0.1400
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Rescue
Netflix in Windows Media Center
OpenOffice.org 3.0
palmOne
QuickBooks Pro 2007
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Segoe UI
Skype™ 4.2
SupportSoft Assisted Service
TreeSize Free V2.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Video Mover
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
 

[kevinf80]

Hello MikeMobes and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

• Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
• Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
• Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
• Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
  
• If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
• If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
• If you are using Cracked or Illegal software your thread will be locked and all help will cease.

What version of windows is this please, also do you have a memory stick?

Kevin

[MikeMobes]

Kevin,

Windows Vista Home Premium x64 Version 6.0.6002 Service Pack 2 Build 6002.  Yes, I do have memory sticks.

Thanks!

[kevinf80]

Download Farbar Recovery Scan Toolx64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for  you.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
  
• Select Your Country as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.
  

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
  
• In the command window type in notepad and press Enter.
  
• The notepad opens. Under File menu select Open.
  
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type  e:\frst64)  and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
  
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
  
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin.

[MikeMobes]

FRST.txt Part 1:

Scan result of Farbar Recovery Scan Tool Version: 10-07-01
Ran by SYSTEM at 10-07-01 1::07
Running from E:\
Windows Vista (TM) Home Premium  Service Pack 1 (X6) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [15818 008-01-0] (Microsoft Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [7187 008-06-0] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system\igfxtray.exe [186 008-06-16] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system\hkcmd.exe [0800 008-06-16] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system\igfxpers.exe [1687 008-06-16] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system\WLTRAY.exe [8600 008-06-09] (Dell Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray6.exe [9 008-05-9] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x6\LogMeInSystray.exe" [5798 008-07-] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [171168 01-0-6] (Microsoft Corporation)
HKLM-x\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode [80 008-0-19] (Creative Technology Ltd.)
HKLM-x\...\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe" [19 008-01-1] (CyberLink Corp.)
HKLM-x\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [590 011-09-7] (Apple Inc.)
HKLM-x\...\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [177000 011-0-] (Affinegy, Inc.)
HKLM-x\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [5980 01-05-0] (Apple Inc.)
HKLM-x\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [5696 01-01-18] (Sun Microsystems, Inc.)
HKLM-x\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [1888 01-0-18] (Apple Inc.)
HKLM-x\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [1776 01-06-07] (Apple Inc.)
HKU\Dad\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [180 008-01-0] (Microsoft Corporation)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 009-0-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll.exe oobefldr.dll,ShowWelcomeCenter [8656 009-0-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 009-0-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll.exe oobefldr.dll,ShowWelcomeCenter [8656 009-0-10] (Microsoft Corporation)
HKU\Grammaton Cleric\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [180 008-01-0] (Microsoft Corporation)
HKU\Grammaton Cleric\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [590 01-0-] (Apple Inc.)
HKU\Moms laptop\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [180 008-01-0] (Microsoft Corporation)
HKU\Moms laptop\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKU\QBDataServiceUser17\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 009-0-10] (Microsoft Corporation)
HKU\QBDataServiceUser17\...\Run: [WindowsWelcomeCenter] rundll.exe oobefldr.dll,ShowWelcomeCenter [8656 009-0-10] (Microsoft Corporation)
HKLM-x\...\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [608 01-0-0] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 06.1.9.1 06.1.8.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

==================== Services (Whitelisted) ======

 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [1115 010-0-18] (ArcSoft Inc.)
 AESTFilters; C:\Windows\System\DriverStore\FileRepository\stwrt6.inf_0c60\AESTSr6.exe [86016 008-05-9] (Andrea Electronics Corporation)
 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [566688 011-0-] (Affinegy, Inc.)
 Automatic LiveUpdate Scheduler; "C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe" [06 007-08-1] (Symantec Corporation)
 Belkin Local Backup Service; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe" /service [181760 010-0-17] ()
 Belkin Network USB Helper; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe" /service [5596 010-0-09] ()
 LiveUpdate; "C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer__.EXE" [1918 008-01-09] (Symantec Corporation)
 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x6\LMIGuardianSvc.exe" [75176 01-07-09] (LogMeIn, Inc.)
 LMIMaint; "C:\Program Files (x86)\LogMeIn\x6\RaMaint.exe" [176 01-07-09] (LogMeIn, Inc.)
 LogMeIn; "C:\Program Files (x86)\LogMeIn\x6\LogMeIn.exe" [07 011-06-09] (LogMeIn, Inc.)
 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [1600 01-0-6] (Microsoft Corporation)
 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [91696 01-0-6] (Microsoft Corporation)
 QBCFMonitorService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [080 006-11-8] ( )
 QuickBooksDB17; C:\PROGRA~\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [1856 006-09-1] (iAnywhere Solutions, Inc.)
 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [567 007-05-1] (Microsoft Corporation)
 STacSV; C:\Windows\System\DriverStore\FileRepository\stwrt6.inf_0c60\STacSV6.exe [67 008-05-9] (IDT, Inc.)
 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [78 007-05-1] (Microsoft Corporation)
 wltrysvc; C:\Windows\System\WLTRYSVC.EXE C:\Windows\System\bcmwltry.exe [9818 008-06-09] (Dell Inc.)
 aspnet_state; C:\Windows\Microsoft.NET\Framework\v.0.5077\aspnet_state.exe

========================== Drivers (Whitelisted) =============

0 ACPI; C:\Windows\System\Drivers\ACPI.sys [5608 009-0-10] (Microsoft Corporation)
 adp9xx; C:\Windows\System\Drivers\adp9xx.sys [8656 008-01-0] (Adaptec, Inc.)
 adpahci; C:\Windows\System\Drivers\adpahci.sys [58 008-01-0] (Adaptec, Inc.)
 adpu160m; C:\Windows\System\Drivers\adpu160m.sys [1650 008-01-0] (Adaptec, Inc.)
 adpu0; C:\Windows\System\Drivers\adpu0.sys [18591 008-01-0] (Adaptec, Inc.)
1 AFD; C:\Windows\System\Drivers\AFD.sys [099 01-01-0] (Microsoft Corporation)
 agp0; C:\Windows\System\Drivers\agp0.sys [6568 008-01-0] (Microsoft Corporation)
 aic78xx; C:\Windows\system\drivers\djsvs.sys [88168 006-11-0] (Adaptec, Inc.)
 amdide; C:\Windows\System\Drivers\amdide.sys [15976 008-01-0] (Microsoft Corporation)
 AmdK8; C:\Windows\System\Drivers\AmdK8.sys [50688 008-01-0] (Microsoft Corporation)
 arc; C:\Windows\System\Drivers\arc.sys [90680 008-01-0] (Adaptec, Inc.)
 arcsas; C:\Windows\System\Drivers\arcsas.sys [9119 008-01-0] (Adaptec, Inc.)
 AsyncMac; C:\Windows\System\Drivers\AsyncMac.sys [016 008-01-0] (Microsoft Corporation)
0 atapi; C:\Windows\System\Drivers\atapi.sys [095 009-0-10] (Microsoft Corporation)
 BCMRLY; C:\Windows\System\Drivers\BCMRLY.sys [50 008-06-09] (Broadcom Corporation)
 BCMXX; C:\Windows\System\DRIVERS\bcmwl66.sys [1766 008-06-09] (Broadcom Corporation)
 blbdrive; C:\Windows\System\Drivers\blbdrive.sys [5596 008-01-0] (Microsoft Corporation)
 bowser; C:\Windows\System\Drivers\bowser.sys [906 011-0-18] (Microsoft Corporation)
 BrFiltLo; C:\Windows\System\Drivers\BrFiltLo.sys [18 006-09-18] (Brother Industries, Ltd.)
 BrFiltUp; C:\Windows\System\Drivers\BrFiltUp.sys [870 006-09-18] (Brother Industries, Ltd.)
 Brserid; C:\Windows\System\Drivers\Brserid.sys [8658 006-11-0] (Brother Industries Ltd.)
 BrSerWdm; C:\Windows\System\Drivers\BrSerWdm.sys [710 006-09-18] (Brother Industries Ltd.)
 BrUsbMdm; C:\Windows\System\Drivers\BrUsbMdm.sys [1976 006-09-18] (Brother Industries Ltd.)
 BrUsbSer; C:\Windows\System\Drivers\BrUsbSer.sys [170 006-09-19] (Brother Industries Ltd.)
 BthEnum; C:\Windows\System\Drivers\BthEnum.sys [611 009-0-10] (Microsoft Corporation)
 BTHMODEM; C:\Windows\System\Drivers\BTHMODEM.sys [5 009-0-10] (Microsoft Corporation)
 BthPan; C:\Windows\System\Drivers\BthPan.sys [11571 008-01-0] (Microsoft Corporation)
 BthPort; C:\Windows\System\Drivers\BthPort.sys [69596 011-0-1] (Microsoft Corporation)
 BTHUSB; C:\Windows\System\Drivers\BTHUSB.sys [58 009-06-17] (Microsoft Corporation)
 btwaudio; C:\Windows\System\Drivers\btwaudio.sys [900 008-06-1] (Broadcom Corporation.)
 btwavdt; C:\Windows\System\Drivers\btwavdt.sys [1087 008-06-1] (Broadcom Corporation.)
 btwlcap; C:\Windows\System\Drivers\btwlcap.sys [69 008-06-1] (Broadcom Corporation.)
 btwrchid; C:\Windows\System\Drivers\btwrchid.sys [19880 008-06-1] (Broadcom Corporation.)
 cdfs; C:\Windows\System\Drivers\cdfs.sys [906 008-01-0] (Microsoft Corporation)
1 cdrom; C:\Windows\System\Drivers\cdrom.sys [7987 009-0-10] (Microsoft Corporation)
 circlass; C:\Windows\System\Drivers\circlass.sys [198 008-01-0] (Microsoft Corporation)
 CmBatt; C:\Windows\System\Drivers\CmBatt.sys [1779 008-01-0] (Microsoft Corporation)
0 Compbatt; C:\Windows\System\Drivers\Compbatt.sys [608 008-01-0] (Microsoft Corporation)
0 crcdisk; C:\Windows\System\Drivers\crcdisk.sys [770 008-01-0] (Microsoft Corporation)
1 DfsC; C:\Windows\System\Drivers\DfsC.sys [9779 011-0-1] (Microsoft Corporation)
0 disk; C:\Windows\System\Drivers\disk.sys [670 009-0-10] (Microsoft Corporation)
 drmkaud; C:\Windows\System\Drivers\drmkaud.sys [61 008-01-0] (Microsoft Corporation)
 DXGKrnl; C:\Windows\System\Drivers\DXGKrnl.sys [90080 011-01-0] (Microsoft Corporation)
 e1express; C:\Windows\System\DRIVERS\e1e60e.sys [1795 008-01-0] (Intel Corporation)
 E1G60; C:\Windows\System\DRIVERS\E1G60E.sys [16176 008-01-0] (Intel Corporation)
0 Ecache; C:\Windows\System\Drivers\Ecache.sys [15511 009-0-10] (Microsoft Corporation)
1 ElRawDisk; \??\C:\Windows\system\drivers\ElRawDsk.sys [6 009-09-08] (EldoS Corporation)
 ErrDev; C:\Windows\System\Drivers\ErrDev.sys [870 008-01-0] (Microsoft Corporation)
 exfat; C:\Windows\System\Drivers\exfat.sys [18790 009-0-10] (Microsoft Corporation)
 fastfat; C:\Windows\System\Drivers\fastfat.sys [1981 009-0-10] (Microsoft Corporation)
 fdc; C:\Windows\System\Drivers\fdc.sys [9696 008-01-0] (Microsoft Corporation)
0 FileInfo; C:\Windows\System\Drivers\FileInfo.sys [7000 008-01-0] (Microsoft Corporation)
 Filetrace; C:\Windows\System\Drivers\Filetrace.sys [80 008-01-0] (Microsoft Corporation)
 flpydisk; C:\Windows\System\Drivers\flpydisk.sys [576 008-01-0] (Microsoft Corporation)
0 FltMgr; C:\Windows\System\Drivers\FltMgr.sys [75 009-0-10] (Microsoft Corporation)
1 Fs_Rec; C:\Windows\System\Drivers\Fs_Rec.sys [168 01-0-9] (Microsoft Corporation)
 gagp0kx; C:\Windows\System\Drivers\gagp0kx.sys [6815 008-01-0] (Microsoft Corporation)
 HDAudBus; C:\Windows\System\Drivers\HDAudBus.sys [9876 009-0-10] (Microsoft Corporation)
 HidBth; C:\Windows\System\Drivers\HidBth.sys [0 006-11-0] (Microsoft Corporation)
 HidIr; C:\Windows\System\Drivers\HidIr.sys [5600 008-01-0] (Microsoft Corporation)
 HidUsb; C:\Windows\System\Drivers\HidUsb.sys [1587 009-0-10] (Microsoft Corporation)
 HpCISSs; C:\Windows\System\Drivers\HpCISSs.sys [767 008-01-0] (Hewlett-Packard Company)
 HTTP; C:\Windows\System\Drivers\HTTP.sys [600 010-0-0] (Microsoft Corporation)
 iomp; C:\Windows\System\Drivers\iomp.sys [5896 008-01-0] (Microsoft Corporation)
1 i80prt; C:\Windows\System\Drivers\i80prt.sys [6000 008-01-0] (Microsoft Corporation)
 iaStorV; C:\Windows\System\Drivers\iaStorV.sys [9087 008-01-0] (Intel Corporation)
 igfx; C:\Windows\System\DRIVERS\igdkmd6.sys [7709056 008-06-16] (Intel Corporation)
 iirsp; C:\Windows\System\Drivers\iirsp.sys [68 006-11-0] (Intel Corp./ICP vortex GmbH)
 IntcHdmiAddService; C:\Windows\System\drivers\IntcHdmi.sys [150 008-06-16] (Intel(R) Corporation)
 intelide; C:\Windows\System\Drivers\intelide.sys [1951 008-01-0] (Microsoft Corporation)
 intelppm; C:\Windows\System\Drivers\intelppm.sys [818 008-01-0] (Microsoft Corporation)
 IpFilterDriver; C:\Windows\System\DRIVERS\ipfltdrv.sys [6758 009-0-10] (Microsoft Corporation)
 IPMIDRV; C:\Windows\System\Drivers\IPMIDRV.sys [7688 008-01-0] (Microsoft Corporation)
 IPNAT; C:\Windows\System\Drivers\IPNAT.sys [11571 008-01-0] (Microsoft Corporation)
 IRENUM; C:\Windows\System\Drivers\IRENUM.sys [1708 008-01-0] (Microsoft Corporation)
 isapnp; C:\Windows\System\Drivers\isapnp.sys [608 008-01-0] (Microsoft Corporation)
 iScsiPrt; C:\Windows\System\DRIVERS\msiscsi.sys [1558 009-0-10] (Microsoft Corporation)
 k57nd60a; C:\Windows\System\Drivers\k57nd60a.sys [910 008-06-0] (Broadcom Corporation)
1 kbdclass; C:\Windows\System\Drivers\kbdclass.sys [00 008-01-0] (Microsoft Corporation)
1 kbdhid; C:\Windows\System\Drivers\kbdhid.sys [58 009-0-10] (Microsoft Corporation)
0 KSecDD; C:\Windows\System\Drivers\KSecDD.sys [515968 011-11-16] (Microsoft Corporation)
 ksthunk; C:\Windows\System\Drivers\ksthunk.sys [086 008-01-0] (Microsoft Corporation)
 LHidFilt; C:\Windows\System\Drivers\LHidFilt.sys [5800 008-0-9] (Logitech, Inc.)
 lltdio; C:\Windows\System\Drivers\lltdio.sys [599 008-01-0] (Microsoft Corporation)
 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x6\RaInfo.sys [1598 008-07-] (LogMeIn, Inc.)
 lmimirr; C:\Windows\System\Drivers\lmimirr.sys [1155 008-07-] (LogMeIn, Inc.)
 LMIRfsDriver; C:\Windows\System\Drivers\LMIRfsDriver.sys [716 008-07-] (LogMeIn, Inc.)
 LMouFilt; C:\Windows\System\Drivers\LMouFilt.sys [5760 008-0-9] (Logitech, Inc.)
 LSI_FC; C:\Windows\System\Drivers\LSI_FC.sys [1170 008-01-0] (LSI Logic)
 LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [105016 008-01-0] (LSI Logic)
 LSI_SCSI; C:\Windows\System\Drivers\LSI_SCSI.sys [1170 008-01-0] (LSI Logic)
 luafv; C:\Windows\System\Drivers\luafv.sys [109568 008-01-0] (Microsoft Corporation)
 megasas; C:\Windows\System\Drivers\megasas.sys [5896 008-01-0] (LSI Corporation)
 MegaSR; C:\Windows\System\Drivers\MegaSR.sys [88 008-01-0] (LSI Corporation, Inc.)
 Modem; C:\Windows\System\Drivers\Modem.sys [08 008-01-0] (Microsoft Corporation)
 monitor; C:\Windows\System\Drivers\monitor.sys [915 008-01-0] (Microsoft Corporation)
1 mouclass; C:\Windows\System\Drivers\mouclass.sys [999 008-01-0] (Microsoft Corporation)
 mouhid; C:\Windows\System\Drivers\mouhid.sys [19968 008-01-0] (Microsoft Corporation)
0 MountMgr; C:\Windows\System\Drivers\MountMgr.sys [7000 008-01-0] (Microsoft Corporation)
0 MpFilter; C:\Windows\System\Drivers\MpFilter.sys [0888 01-0-0] (Microsoft Corporation)
 mpio; C:\Windows\System\Drivers\mpio.sys [18056 008-01-0] (Microsoft Corporation)
 mpsdrv; C:\Windows\System\Drivers\mpsdrv.sys [8108 008-01-0] (Microsoft Corporation)
 Mraid5x; C:\Windows\System\Drivers\Mraid5x.sys [9016 006-11-0] (LSI Logic Corporation)
 MRxDAV; C:\Windows\System\Drivers\MRxDAV.sys [196 009-0-10] (Microsoft Corporation)
 mrxsmb; C:\Windows\System\Drivers\mrxsmb.sys [15680 011-0-9] (Microsoft Corporation)
 mrxsmb10; C:\Windows\System\Drivers\mrxsmb10.sys [7556 011-07-06] (Microsoft Corporation)
 mrxsmb0; C:\Windows\System\Drivers\mrxsmb0.sys [107008 011-0-9] (Microsoft Corporation)
0 msahci; C:\Windows\System\Drivers\msahci.sys [9656 009-0-10] (Microsoft Corporation)
 msdsm; C:\Windows\System\Drivers\msdsm.sys [1170 008-01-0] (Microsoft Corporation)
1 Msfs; C:\Windows\System\Drivers\Msfs.sys [611 008-01-0] (Microsoft Corporation)
0 msisadrv; C:\Windows\System\Drivers\msisadrv.sys [17976 008-01-0] (Microsoft Corporation)
 MSKSSRV; C:\Windows\System\Drivers\MSKSSRV.sys [11008 008-01-0] (Microsoft Corporation)
 MSPCLOCK; C:\Windows\System\Drivers\MSPCLOCK.sys [700 006-11-0] (Microsoft Corporation)
 MSPQM; C:\Windows\System\Drivers\MSPQM.sys [6656 006-11-0] (Microsoft Corporation)
 MsRPC; C:\Windows\System\Drivers\MsRPC.sys [10760 009-0-10] (Microsoft Corporation)
 mssmbios; C:\Windows\System\Drivers\mssmbios.sys [87 008-01-0] (Microsoft Corporation)
 MSTEE; C:\Windows\System\Drivers\MSTEE.sys [796 008-01-0] (Microsoft Corporation)
0 Mup; C:\Windows\System\Drivers\Mup.sys [59880 009-0-10] (Microsoft Corporation)
 NativeWifiP; C:\Windows\System\DRIVERS\nwifi.sys [1879 009-0-10] (Microsoft Corporation)
0 NDIS; C:\Windows\System\Drivers\NDIS.sys [786 009-0-10] (Microsoft Corporation)
 NdisTapi; C:\Windows\System\Drivers\NdisTapi.sys [06 008-01-0] (Microsoft Corporation)
 Ndisuio; C:\Windows\System\Drivers\Ndisuio.sys [016 008-01-0] (Microsoft Corporation)
 NdisWan; C:\Windows\System\Drivers\NdisWan.sys [1697 009-0-10] (Microsoft Corporation)
 NDProxy; C:\Windows\System\Drivers\NDProxy.sys [5990 008-01-0] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System\Drivers\NetBIOS.sys [5 008-01-0] (Microsoft Corporation)
1 netbt; C:\Windows\System\Drivers\netbt.sys [80 009-0-10] (Microsoft Corporation)
 NisDrv; C:\Windows\System\DRIVERS\NisDrvWFP.sys [98688 01-0-0] (Microsoft Corporation)
1 Npfs; C:\Windows\System\Drivers\Npfs.sys [5 009-0-10] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System\Drivers\nsiproxy.sys [06 008-01-0] (Microsoft Corporation)
 Ntfs; C:\Windows\System\Drivers\Ntfs.sys [151596 009-0-10] (Microsoft Corporation)
1 Null; C:\Windows\System\Drivers\Null.sys [61 006-11-0] (Microsoft Corporation)
 nvraid; C:\Windows\System\Drivers\nvraid.sys [18056 008-01-0] (NVIDIA Corporation)
 nvstor; C:\Windows\System\Drivers\nvstor.sys [58 008-01-0] (NVIDIA Corporation)
 nv_agp; C:\Windows\System\Drivers\nv_agp.sys [1650 008-01-0] (Microsoft Corporation)
 OA001Ufd; C:\Windows\System\Drivers\OA001Ufd.sys [15980 009-0-06] (Creative Technology Ltd.)
 OA001Vid; C:\Windows\System\Drivers\OA001Vid.sys [1980 009-0-08] (Creative Technology Ltd.)
 ohci19; C:\Windows\System\Drivers\ohci19.sys [78 009-0-10] (Microsoft Corporation)
 Parport; C:\Windows\System\Drivers\Parport.sys [96768 006-11-0] (Microsoft Corporation)
0 partmgr; C:\Windows\System\Drivers\partmgr.sys [7576 01-0-0] (Microsoft Corporation)
0 pci; C:\Windows\System\Drivers\pci.sys [17866 009-0-10] (Microsoft Corporation)
 pciide; C:\Windows\System\Drivers\pciide.sys [116 008-01-0] (Microsoft Corporation)
 pcmcia; C:\Windows\System\Drivers\pcmcia.sys [068 006-11-0] (Microsoft Corporation)
 PEAUTH; C:\Windows\System\Drivers\PEAUTH.sys [7170 006-10-] (Microsoft Corporation)
 PptpMiniport; C:\Windows\System\DRIVERS\raspptp.sys [98816 009-0-10] (Microsoft Corporation)
 Processor; C:\Windows\system\drivers\processr.sys [710 008-01-0] (Microsoft Corporation)
1 PSched; C:\Windows\System\DRIVERS\pacer.sys [908 009-0-10] (Microsoft Corporation)
 QWAVEdrv; C:\Windows\System\Drivers\QWAVEdrv.sys [659 008-01-0] (Microsoft Corporation)
 R00; C:\Windows\System\DRIVERS\atikmdag.sys [880 006-11-01] (ATI Technologies Inc.)
1 RasAcd; C:\Windows\System\Drivers\RasAcd.sys [188 008-01-0] (Microsoft Corporation)
 Rasltp; C:\Windows\System\Drivers\Rasltp.sys [198 009-0-10] (Microsoft Corporation)
 RasPppoe; C:\Windows\System\Drivers\RasPppoe.sys [50176 009-0-10] (Microsoft Corporation)
 RasSstp; C:\Windows\System\Drivers\RasSstp.sys [786 009-0-10] (Microsoft Corporation)
1 rdbss; C:\Windows\System\Drivers\rdbss.sys [877 009-0-10] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System\Drivers\RDPCDD.sys [7168 008-01-0] (Microsoft Corporation)
 rdpdr; C:\Windows\System\Drivers\rdpdr.sys [168 008-01-0] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System\Drivers\RDPENCDD.sys [7168 008-01-0] (Microsoft Corporation)
 RDPWD; C:\Windows\System\Drivers\RDPWD.sys [0990 01-05-01] (Microsoft Corporation)
 RFCOMM; C:\Windows\System\Drivers\RFCOMM.sys [178176 009-0-10] (Microsoft Corporation)
 rimmptsk; C:\Windows\System\DRIVERS\rimmpx6.sys [6976 008-06-0] (REDC)
 rimsptsk; C:\Windows\System\DRIVERS\rimspx6.sys [5596 008-06-0] (REDC)
 rismxdp; C:\Windows\System\DRIVERS\rixdpx6.sys [57856 008-06-0] (REDC)
 rspndr; C:\Windows\System\Drivers\rspndr.sys [75776 008-01-0] (Microsoft Corporation)
 sbpport; C:\Windows\System\Drivers\sbpport.sys [9016 006-11-0] (Microsoft Corporation)
 sdbus; C:\Windows\System\Drivers\sdbus.sys [11110 009-0-10] (Microsoft Corporation)
 Serenum; C:\Windows\System\Drivers\Serenum.sys [00 006-11-0] (Microsoft Corporation)
 Serial; C:\Windows\System\Drivers\Serial.sys [908 006-11-0] (Microsoft Corporation)
 sermouse; C:\Windows\System\Drivers\sermouse.sys [66 008-01-0] (Microsoft Corporation)
 sffdisk; C:\Windows\System\Drivers\sffdisk.sys [188 009-0-10] (Microsoft Corporation)
 sffp_mmc; C:\Windows\System\Drivers\sffp_mmc.sys [16 008-01-0] (Microsoft Corporation)
 sffp_sd; C:\Windows\System\Drivers\sffp_sd.sys [18 009-0-10] (Microsoft Corporation)
 sfloppy; C:\Windows\System\Drivers\sfloppy.sys [168 006-11-0] (Microsoft Corporation)
1 Smb; C:\Windows\System\Drivers\Smb.sys [8806 009-0-10] (Microsoft Corporation)
0 spldr; C:\Windows\System\Drivers\spldr.sys [19 009-0-10] (Microsoft Corporation)
 srv; C:\Windows\System\Drivers\srv.sys [50560 011-0-18] (Microsoft Corporation)
 srv; C:\Windows\System\Drivers\srv.sys [17618 011-0-9] (Microsoft Corporation)
 srvnet; C:\Windows\System\Drivers\srvnet.sys [1590 011-0-9] (Microsoft Corporation)
 swenum; C:\Windows\System\Drivers\swenum.sys [10 008-01-0] (Microsoft Corporation)
 sxuptp; C:\Windows\System\Drivers\sxuptp.sys [915 009-06-] (silex technology, Inc.)
 Symc8xx; C:\Windows\System\Drivers\Symc8xx.sys [956 006-11-0] (LSI Logic)
 Sym_hi; C:\Windows\System\Drivers\Sym_hi.sys [68 006-11-0] (LSI Logic)
 Sym_u; C:\Windows\System\Drivers\Sym_u.sys [8 006-11-0] (LSI Logic)
0 Tcpip; C:\Windows\System\Drivers\Tcpip.sys [170 01-0-0] (Microsoft Corporation)
 Tcpip6; C:\Windows\System\DRIVERS\tcpip.sys [170 01-0-0] (Microsoft Corporation)
 tcpipreg; C:\Windows\System\Drivers\tcpipreg.sys [08 01-0-9] (Microsoft Corporation)
 TDPIPE; C:\Windows\System\Drivers\TDPIPE.sys [168 008-01-0] (Microsoft Corporation)
 TDTCP; C:\Windows\System\Drivers\TDTCP.sys [9696 008-01-0] (Microsoft Corporation)
1 tdx; C:\Windows\System\Drivers\tdx.sys [970 009-0-10] (Microsoft Corporation)
1 TermDD; C:\Windows\System\Drivers\TermDD.sys [60 009-0-10] (Microsoft Corporation)
 tssecsrv; C:\Windows\System\Drivers\tssecsrv.sys [918 008-01-0] (Microsoft Corporation)
 tunmp; C:\Windows\System\Drivers\tunmp.sys [18 008-01-0] (Microsoft Corporation)
 tunnel; C:\Windows\System\Drivers\tunnel.sys [9696 010-0-18] (Microsoft Corporation)
 uagp5; C:\Windows\System\Drivers\uagp5.sys [6718 008-01-0] (Microsoft Corporation)
 udfs; C:\Windows\System\Drivers\udfs.sys [99008 009-0-10] (Microsoft Corporation)
 uliagpkx; C:\Windows\System\Drivers\uliagpkx.sys [6815 008-01-0] (Microsoft Corporation)
 umbus; C:\Windows\System\Drivers\umbus.sys [198 008-01-0] (Microsoft Corporation)
 USBAAPL6; C:\Windows\System\Drivers\USBAAPL6.sys [5171 011-05-10] (Apple, Inc.)
 usbccgp; C:\Windows\System\Drivers\usbccgp.sys [957 008-01-0] (Microsoft Corporation)
 usbcir; C:\Windows\System\Drivers\usbcir.sys [7960 006-11-0] (Microsoft Corporation)
 usbehci; C:\Windows\System\Drivers\usbehci.sys [966 009-0-10] (Microsoft Corporation)
 usbhub; C:\Windows\System\Drivers\usbhub.sys [790 009-0-10] (Microsoft Corporation)
 usbohci; C:\Windows\System\Drivers\usbohci.sys [06 006-11-0] (Microsoft Corporation)
 usbprint; C:\Windows\System\Drivers\usbprint.sys [06 008-01-0] (Microsoft Corporation)
 usbscan; C:\Windows\System\Drivers\usbscan.sys [198 008-01-0] (Microsoft Corporation)
 USBSTOR; C:\Windows\System\Drivers\USBSTOR.sys [778 009-0-10] (Microsoft Corporation)
 usbuhci; C:\Windows\System\Drivers\usbuhci.sys [918 008-01-0] (Microsoft Corporation)
 usb_rndisx; C:\Windows\System\DRIVERS\usb80x.sys [1956 009-0-10] (Microsoft Corporation)
 VCRPC; C:\Windows\System\DRIVERS\010_ION.sys [0150 011-01-08] (Trident Multimedia Technologies Co.,Ltd)
 vga; C:\Windows\System\Drivers\vga.sys [867 008-01-0] (Microsoft Corporation)
1 VgaSave; C:\Windows\System\drivers\vga.sys [867 008-01-0] (Microsoft Corporation)
0 volmgr; C:\Windows\System\Drivers\volmgr.sys [6708 009-0-10] (Microsoft Corporation)
0 volmgrx; C:\Windows\System\Drivers\volmgrx.sys [080 009-0-10] (Microsoft Corporation)
 WacomPen; C:\Windows\System\Drivers\WacomPen.sys [66 006-11-0] (Microsoft Corporation)
 Wanarp; C:\Windows\System\Drivers\Wanarp.sys [8658 009-0-10] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System\DRIVERS\wanarp.sys [8658 009-0-10] (Microsoft Corporation)
 Wd; C:\Windows\System\Drivers\Wd.sys [10 008-01-0] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System\Drivers\Wdf01000.sys [88170 008-01-0] (Microsoft Corporation)
 WpdUsb; C:\Windows\System\Drivers\WpdUsb.sys [659 009-09-0] (Microsoft Corporation)
1 wsifsl; C:\Windows\System\Drivers\wsifsl.sys [099 008-01-0] (Microsoft Corporation)
 WUDFRd; C:\Windows\System\Drivers\WUDFRd.sys [1085 008-01-0] (Microsoft Corporation)
 IpInIp; C:\Windows\System\DRIVERS\ipinip.sys

 LMIRfsClientNP;  

 NwlnkFlt; C:\Windows\System\DRIVERS\nwlnkflt.sys

 NwlnkFwd; C:\Windows\System\DRIVERS\nwlnkfwd.sys

 SymIMMP; C:\Windows\System\DRIVERS\SymIM.sys

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

01-07-10 1: - 01-07-10 1: - 00000000 ____D C:\FRST
01-07-10 1:6 - 01-07-10 1:7 - 015085 ____A (Farbar) C:\Users\Grammaton Cleric\Downloads\FRST6.exe
01-07-10 1: - 01-07-10 1: - 00000000 ___RD C:\Program Files (x86)\Skype
01-07-10 1:1 - 01-07-10 1:1 - 00965 ____A (Skype Technologies S.A.) C:\Users\Grammaton Cleric\Downloads\SkypeSetup.exe
01-07-10 1:7 - 01-07-10 1:9 - 00000000 ____D C:\Users\Grammaton Cleric\AppData\Roaming\Skype
01-07-10 00:0 - 01-07-10 00:0 - 008896 ____A (BillP Studios) C:\Users\Grammaton Cleric\Downloads\wpsetup.exe
01-07-10 00:0 - 01-07-10 00:0 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
01-07-10 00:0 - 01-07-10 00:0 - 00000000 ____D C:\Program Files\iTunes
01-07-10 00:0 - 01-07-10 00:0 - 00000000 ____D C:\Program Files (x86)\iTunes
01-07-10 00:0 - 01-07-10 00:0 - 00000000 ____D C:\Program Files\iPod
01-07-09 :59 - 01-07-10 00:00 - 00000000 ____D C:\Windows\LastGood
01-07-09 :5 - 01-07-09 :5 - 00000000 ____D C:\Program Files (x86)\QuickTime
01-07-09 :5 - 01-07-09 :5 - 00001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
01-07-09 :16 - 01-07-09 :16 - 00000000 ____D C:\Users\Grammaton Cleric\AppData\Local\Macromedia
01-07-09 1:06 - 01-07-09 1:06 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
01-07-09 1:0 - 01-07-09 1:05 - 1006000 ____A (Malwarebytes Corporation                                    ) C:\Users\Grammaton Cleric\Downloads\mbam-setup-1.61.0.100.exe
01-07-09 0:58 - 01-07-09 0:59 - 0101656 ____A C:\Users\Grammaton Cleric\Downloads\iExplore.exe
01-07-0 1:5 - 01-07-0 1:5 - 00000000 ____D C:\Users\Dad\AppData\Local\Macromedia
01-06-8 18:09 - 01-05-17 18:7 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
01-06-8 18:09 - 01-05-17 18:16 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
01-06-8 18:09 - 01-05-17 18:06 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
01-06-8 18:09 - 01-05-17 17:59 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
01-06-8 18:09 - 01-05-17 17:59 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
01-06-8 18:09 - 01-05-17 17:58 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
01-06-8 18:09 - 01-05-17 17:58 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
01-06-8 18:09 - 01-05-17 17:56 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
01-06-8 18:09 - 01-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
01-06-8 18:09 - 01-05-17 17:55 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
01-06-8 18:09 - 01-05-17 17:5 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
01-06-8 18:09 - 01-05-17 17:51 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
01-06-8 18:09 - 01-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
01-06-8 18:09 - 01-05-17 17:7 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
01-06-8 18:09 - 01-05-17 15:11 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
01-06-8 18:09 - 01-05-17 1:8 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
01-06-8 18:09 - 01-05-17 1:5 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
01-06-8 18:09 - 01-05-17 1:6 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
01-06-8 18:09 - 01-05-17 1:5 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
01-06-8 18:09 - 01-05-17 1:5 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
01-06-8 18:09 - 01-05-17 1: - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
01-06-8 18:09 - 01-05-17 1:1 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
01-06-8 18:09 - 01-05-17 1:9 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
01-06-8 18:09 - 01-05-17 1:9 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
01-06-8 18:09 - 01-05-17 1:7 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
01-06-8 18:09 - 01-05-17 1:5 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
01-06-8 18:09 - 01-05-17 1: - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
01-06-8 18:09 - 01-05-17 1:0 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
01-06-8 17:6 - 01-05-15 1:15 - 076760 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
01-06-8 17:6 - 01-05-01 06:9 - 000990 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
01-06-8 17:6 - 01-0- 08:5 - 016700 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
01-06-8 17:6 - 01-0- 08:5 - 001759 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
01-06-8 17:6 - 01-0- 08:5 - 001096 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
01-06-8 17:6 - 01-0- 08:00 - 009806 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
01-06-8 17:6 - 01-0- 08:00 - 00110 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
01-06-8 17:6 - 01-0- 08:00 - 000980 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
01-06- 18:0 - 01-05-09 11:18 - 001578 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW6\javaws.exe
01-06- 18:0 - 01-05-09 11:17 - 001956 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW6\javaw.exe
01-06- 18:0 - 01-05-09 11:17 - 001956 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW6\java.exe
01-06- 18:0 - 01-06- 18:0 - 000057 ____A C:\Windows\SysWOW6\jupdate-1.6.0_-b0.log
01-06- 11:7 - 01-06-0 1:19 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
01-06- 11:7 - 01-06-0 1:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
01-06- 11:7 - 01-06-0 1:19 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06- 11:7 - 01-06-0 1:15 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
01-06- 11:6 - 01-06-0 1:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
01-06- 11:6 - 01-06-0 1:19 - 0057708 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wuapi.dll
01-06- 11:6 - 01-06-0 1:19 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
01-06- 11:6 - 01-06-0 1:19 - 0017190 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wuwebv.dll
01-06- 11:6 - 01-06-0 1:19 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06- 11:6 - 01-06-0 1:19 - 000586 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wups.dll
01-06- 11:6 - 01-06-0 1:15 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
01-06- 11:6 - 01-06-0 1:15 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
01-06- 11:6 - 01-06-0 1:1 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wudriver.dll
01-06- 11:6 - 01-06-0 1:1 - 00079 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wuapp.exe
01-06- 11:9 - 01-06- 11:9 - 00000000 ____D C:\Users\Moms laptop\AppData\Local\Macromedia

[MikeMobes]

FRST.txt Part 2:

============  Months Modified Files ========================

01-07-10 1:9 - 008-07-09 :1 - 0000001 ____A C:\Windows\bthservsdp.dat
01-07-10 1:9 - 008-07-09 17:06 - 0191180 ____A C:\Windows\WindowsUpdate.log
01-07-10 1:9 - 006-11-0 07: - 000650 ____A C:\Windows\Tasks\SCHEDLGU.TXT
01-07-10 1:9 - 006-11-0 07: - 00000006 ___AH C:\Windows\Tasks\SA.DAT
01-07-10 1:9 - 006-11-0 07: - 0000616 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-P-1.C7856-A89-9d-8115-6016D005A0
01-07-10 1:9 - 006-11-0 07: - 0000616 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-P-0.C7856-A89-9d-8115-6016D005A0
01-07-10 1:9 - 006-11-0 0:6 - 00706 ____A C:\Windows\System\PerfStringBackup.INI
01-07-10 1:7 - 01-07-10 1:6 - 015085 ____A (Farbar) C:\Users\Grammaton Cleric\Downloads\FRST6.exe
01-07-10 1:7 - 01-0-0 11: - 0000080 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
01-07-10 1: - 010-10-07 17:8 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
01-07-10 1: - 010-0- 16:0 - 0000089 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
01-07-10 1:1 - 01-07-10 1:1 - 00965 ____A (Skype Technologies S.A.) C:\Users\Grammaton Cleric\Downloads\SkypeSetup.exe
01-07-10 00:0 - 01-07-10 00:0 - 008896 ____A (BillP Studios) C:\Users\Grammaton Cleric\Downloads\wpsetup.exe
01-07-10 00:0 - 01-07-10 00:0 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
01-07-09 :5 - 01-07-09 :5 - 00001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
01-07-09 :50 - 009-11- :0 - 00001866 ____A C:\Users\Public\Desktop\Safari.lnk
01-07-09 1:06 - 01-07-09 1:06 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
01-07-09 1:05 - 01-07-09 1:0 - 1006000 ____A (Malwarebytes Corporation                                    ) C:\Users\Grammaton Cleric\Downloads\mbam-setup-1.61.0.100.exe
01-07-09 1:01 - 011-01-6 1:57 - 000001 ____A C:\rkill.log
01-07-09 0:59 - 01-07-09 0:58 - 0101656 ____A C:\Users\Grammaton Cleric\Downloads\iExplore.exe
01-07-09 0:8 - 009-0-15 1:16 - 0008756 ____A (LogMeIn, Inc.) C:\Windows\System\LMIRfsClientNP.dll
01-07-09 0:8 - 009-0-15 1:16 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System\LMIinit.dll
01-07-09 0:8 - 009-0-15 1:16 - 000688 ____A (LogMeIn, Inc.) C:\Windows\System\LMIport.dll
01-07-09 0:8 - 010-0- 16:0 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
01-07-08 17: - 008-08-8 0:07 - 0000597 ____A C:\Users\Moms laptop\AppData\Local\dd9caps.dat
01-06-8 18: - 006-11-0 0: - 710168 ____A C:\Windows\System\config\software_previous
01-06-8 18: - 006-11-0 0: - 07 ____A C:\Windows\System\config\system_previous
01-06-8 18:17 - 006-11-0 07:1 - 00155 ____A C:\Windows\System\FNTCACHE.DAT
01-06-8 18:16 - 006-11-0 0: - 771008 ____A C:\Windows\System\config\components_previous
01-06-8 18:16 - 006-11-0 0: - 001107 ____A C:\Windows\System\config\sam_previous
01-06-8 18:0 - 006-11-0 0:5 - 589578 ____A (Microsoft Corporation) C:\Windows\System\mrt.exe
01-06-5 0:9 - 006-11-0 0: - 00588 ____A C:\Windows\System\config\default_previous
01-06-5 0:9 - 006-11-0 0: - 000576 ____A C:\Windows\System\config\security_previous
01-06- 18:0 - 01-06- 18:0 - 000057 ____A C:\Windows\SysWOW6\jupdate-1.6.0_-b0.log
01-06- 11:8 - 01-0-0 11: - 00618 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerApp.exe
01-06- 11:8 - 011-05-15 17:0 - 00070 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerCPLApp.cpl
01-06-0 1:19 - 01-06- 11:7 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
01-06-0 1:19 - 01-06- 11:7 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
01-06-0 1:19 - 01-06- 11:7 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-0 1:19 - 01-06- 11:6 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
01-06-0 1:19 - 01-06- 11:6 - 0057708 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wuapi.dll
01-06-0 1:19 - 01-06- 11:6 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
01-06-0 1:19 - 01-06- 11:6 - 0017190 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wuwebv.dll
01-06-0 1:19 - 01-06- 11:6 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-0 1:19 - 01-06- 11:6 - 000586 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wups.dll
01-06-0 1:15 - 01-06- 11:7 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
01-06-0 1:15 - 01-06- 11:6 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
01-06-0 1:15 - 01-06- 11:6 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
01-06-0 1:1 - 01-06- 11:6 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wudriver.dll
01-06-0 1:1 - 01-06- 11:6 - 00079 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wuapp.exe
01-05-1 11:5 - 010-11-18 0:1 - 0079656 ____N (Microsoft Corporation) C:\Windows\System\MpSigStub.exe
01-05-17 18:7 - 01-06-8 18:09 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
01-05-17 18:16 - 01-06-8 18:09 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
01-05-17 18:06 - 01-06-8 18:09 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
01-05-17 17:59 - 01-06-8 18:09 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
01-05-17 17:59 - 01-06-8 18:09 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
01-05-17 17:58 - 01-06-8 18:09 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
01-05-17 17:58 - 01-06-8 18:09 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
01-05-17 17:56 - 01-06-8 18:09 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
01-05-17 17:55 - 01-06-8 18:09 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
01-05-17 17:55 - 01-06-8 18:09 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
01-05-17 17:5 - 01-06-8 18:09 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
01-05-17 17:51 - 01-06-8 18:09 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
01-05-17 17:51 - 01-06-8 18:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
01-05-17 17:7 - 01-06-8 18:09 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
01-05-17 15:11 - 01-06-8 18:09 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
01-05-17 1:8 - 01-06-8 18:09 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
01-05-17 1:5 - 01-06-8 18:09 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
01-05-17 1:6 - 01-06-8 18:09 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
01-05-17 1:5 - 01-06-8 18:09 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
01-05-17 1:5 - 01-06-8 18:09 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
01-05-17 1: - 01-06-8 18:09 - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
01-05-17 1:1 - 01-06-8 18:09 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
01-05-17 1:9 - 01-06-8 18:09 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
01-05-17 1:9 - 01-06-8 18:09 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
01-05-17 1:7 - 01-06-8 18:09 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
01-05-17 1:5 - 01-06-8 18:09 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
01-05-17 1: - 01-06-8 18:09 - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
01-05-17 1:0 - 01-06-8 18:09 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
01-05-15 1:15 - 01-06-8 17:6 - 076760 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
01-05-09 11:1 - 01-05-18 :10 - 007696 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW6\npdeployJava1.dll
01-05-09 11:1 - 010-05-9 10:6 - 00780 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW6\deployJava1.dll
01-05-09 11:18 - 01-06- 18:0 - 001578 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW6\javaws.exe
01-05-09 11:17 - 01-06- 18:0 - 001956 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW6\javaw.exe
01-05-09 11:17 - 01-06- 18:0 - 001956 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW6\java.exe
01-05-01 06:9 - 01-06-8 17:6 - 000990 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
01-0-6 0:51 - 011-01-9 19:5 - 0000195 ____A C:\Windows\epplauncher.mif
01-0-6 0:50 - 011-01-9 19:5 - 0075766 ____A C:\Windows\SysWOW6\PerfStringBackup.INI
01-0- 08:5 - 01-06-8 17:6 - 016700 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
01-0- 08:5 - 01-06-8 17:6 - 001759 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
01-0- 08:5 - 01-06-8 17:6 - 001096 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
01-0- 08:00 - 01-06-8 17:6 - 009806 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
01-0- 08:00 - 01-06-8 17:6 - 00110 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
01-0- 08:00 - 01-06-8 17:6 - 000980 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
01-0-19 0:9 - 01-0-19 0:9 - 00000968 ____A C:\Users\Moms laptop\Desktop\Malwarebytes Anti-Malware.lnk
01-0-18 19:56 - 01-0-18 19:56 - 000908 ____A (Apple Inc.) C:\Windows\SysWOW6\QuickTimeVR.qtx
01-0-18 19:56 - 01-0-18 19:56 - 000696 ____A (Apple Inc.) C:\Windows\SysWOW6\QuickTime.qts


========================= Known DLLs (Whitelisted) ============

[008-01-0 18:8] - [008-01-0 18:8] - 06118 ____A (Microsoft Corporation) C:\Windows\System\clbcatq.dll
[008-01-0 18:9] - [008-01-0 18:9] - 05776 ____A (Microsoft Corporation) C:\Windows\SysWOW6\clbcatq.dll
[010-10-1 19:1] - [010-06-8 09:1] - 191590 ____A (Microsoft Corporation) C:\Windows\System\ole.dll
[010-10-1 19:1] - [010-06-8 09:00] - 11686 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ole.dll
[009-09-19 09:18] - [009-0-10 :11] - 10657 ____A (Microsoft Corporation) C:\Windows\System\advapi.dll
[009-09-19 09:18] - [009-0-10 :8] - 0800768 ____A (Microsoft Corporation) C:\Windows\SysWOW6\advapi.dll
[009-09-19 09:18] - [009-0-10 :11] - 059888 ____A (Microsoft Corporation) C:\Windows\System\COMDLG.dll
[009-09-19 09:17] - [009-0-10 :8] - 050560 ____A (Microsoft Corporation) C:\Windows\SysWOW6\COMDLG.dll
[009-09-19 09:18] - [009-0-10 :11] - 0896 ____A (Microsoft Corporation) C:\Windows\System\gdi.dll
[009-09-19 09:18] - [009-0-10 :6] - 00616 ____A (Microsoft Corporation) C:\Windows\SysWOW6\gdi.dll
[01-06-8 18:09] - [01-05-17 17:5] - 1768 ____A (Microsoft Corporation) C:\Windows\System\IERTUTIL.dll
[01-06-8 18:09] - [01-05-17 1:7] - 1790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IERTUTIL.dll
[01-0-19 0:0] - [01-0-9 07:5] - 007888 ____A (Microsoft Corporation) C:\Windows\System\IMAGEHLP.dll
[01-0-19 0:0] - [01-0-9 07:09] - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMAGEHLP.dll
[009-09-19 09:17] - [009-0-10 :11] - 01680 ____A (Microsoft Corporation) C:\Windows\System\IMM.dll
[009-09-19 09:17] - [009-0-10 :6] - 0116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMM.dll
[011-07-1 11:17] - [011-0-1 08:15] - 110880 ____A (Microsoft Corporation) C:\Windows\System\kernel.dll
[011-07-1 11:17] - [011-0-1 08:11] - 085968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\kernel.dll
[008-01-0 18:8] - [008-01-0 18:8] - 00768 ____A (Microsoft Corporation) C:\Windows\System\LPK.dll
[009-08-08 18:8] - [009-0-10 :6] - 0055 ____A (Microsoft Corporation) C:\Windows\SysWOW6\LPK.dll
[009-09-19 09:18] - [009-0-10 :11] - 100896 ____A (Microsoft Corporation) C:\Windows\System\MSCTF.dll
[009-09-19 09:18] - [009-0-10 :8] - 0807 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSCTF.dll
[01-0-16 18:15] - [011-1-1 08:8] - 061056 ____A (Microsoft Corporation) C:\Windows\System\MSVCRT.dll
[01-0-16 18:15] - [011-1-1 08:17] - 06808 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSVCRT.dll
[006-11-0 01:05] - [006-11-0 01:05] - 00007 ____A (Microsoft Corporation) C:\Windows\System\NORMALIZ.dll
[006-11-0 0:17] - [006-11-0 00:] - 000560 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NORMALIZ.dll
[008-01-0 18:9] - [008-01-0 18:9] - 00116 ____A (Microsoft Corporation) C:\Windows\System\NSI.dll
[008-01-0 18:50] - [008-01-0 18:50] - 000819 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NSI.dll
[011-10-15 1:17] - [011-08-5 08:19] - 08760 ____A (Microsoft Corporation) C:\Windows\System\OLEAUT.dll
[011-10-15 1:17] - [011-08-5 08:1] - 05671 ____A (Microsoft Corporation) C:\Windows\SysWOW6\OLEAUT.dll
[009-06-09 0:0] - [009-0- 0:5] - 105600 ____A (Microsoft Corporation) C:\Windows\System\rpcrt.dll
[009-06-09 0:0] - [009-0- 0:15] - 067776 ____A (Microsoft Corporation) C:\Windows\SysWOW6\rpcrt.dll
[009-09-19 09:18] - [009-0-10 :11] - 19510 ____A (Microsoft Corporation) C:\Windows\System\Setupapi.dll
[009-09-19 09:18] - [009-0-10 :8] - 159196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\Setupapi.dll
[011-0-08 19:5] - [011-01-1 08:50] - 189980 ____A (Microsoft Corporation) C:\Windows\System\SHELL.dll
[011-0-08 19:5] - [011-01-1 08:5] - 1158608 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHELL.dll
[011-0-08 19:5] - [011-01-1 08:50] - 05619 ____A (Microsoft Corporation) C:\Windows\System\SHLWAPI.dll
[011-0-08 19:5] - [011-01-1 08:5] - 0580 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHLWAPI.dll
[01-06-8 18:09] - [01-05-17 17:59] - 1608 ____A (Microsoft Corporation) C:\Windows\System\URLMON.dll
[01-06-8 18:09] - [01-05-17 1:6] - 11087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\URLMON.dll
[009-09-19 09:18] - [009-0-10 :11] - 080 ____A (Microsoft Corporation) C:\Windows\System\user.dll
[009-09-19 09:18] - [009-0-10 :6] - 06870 ____A (Microsoft Corporation) C:\Windows\SysWOW6\user.dll
[010-09-1 :] - [010-0-16 09:07] - 061568 ____A (Microsoft Corporation) C:\Windows\System\USP10.dll
[010-09-1 :] - [010-0-16 08:6] - 0507 ____A (Microsoft Corporation) C:\Windows\SysWOW6\USP10.dll
[01-06-8 18:09] - [01-05-17 17:59] - 1918 ____A (Microsoft Corporation) C:\Windows\System\WININET.dll
[01-06-8 18:09] - [01-05-17 1:5] - 1197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WININET.dll
[009-09-19 09:17] - [009-0-10 :11] - 0870 ____A (Microsoft Corporation) C:\Windows\System\WLDAP.dll
[009-09-19 09:17] - [009-0-10 :8] - 0877 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WLDAP.dll
[009-09-19 09:18] - [009-0-10 :11] - 0670 ____A (Microsoft Corporation) C:\Windows\System\WS_.dll
[008-01-0 18:50] - [008-01-0 18:50] - 017900 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WS_.dll

========================= Bamital & volsnap Check ============

C:\Windows\System\winlogon.exe => MD5 is legit
C:\Windows\System\wininit.exe => MD5 is legit
C:\Windows\SysWOW6\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW6\explorer.exe => MD5 is legit
C:\Windows\System\svchost.exe => MD5 is legit
C:\Windows\SysWOW6\svchost.exe => MD5 is legit
C:\Windows\System\services.exe => MD5 is legit
C:\Windows\System\User.dll => MD5 is legit
C:\Windows\SysWOW6\User.dll => MD5 is legit
C:\Windows\System\userinit.exe => MD5 is legit
C:\Windows\SysWOW6\userinit.exe => MD5 is legit
C:\Windows\System\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 4085.05 MB
Available physical RAM: 3661.39 MB
Total Pagefile: 3958.7 MB
Available Pagefile: 3639.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:288.01 GB) (Free:177.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.72 GB) (Free:3.56 GB) FAT32
4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.99 GB) NTFS

  Disk ###  Status      Size     Free     Dyn  Gpt
  --------  ----------  -------  -------  ---  ---
  Disk 0    Online       298 GB      0 B         
  Disk 1    Online      3822 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                 78 MB    32 KB
  Partition 2    Primary             10 GB    79 MB
  Partition 3    Primary            288 GB    10 GB

==================================================================================

Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4                      FAT    Partition     78 MB  Healthy    Hidden 

==================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     X   RECOVERY     NTFS   Partition     10 GB  Healthy    Boot   

==================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    288 GB  Healthy           

==================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           3821 MB    32 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E                FAT32  Removable   3821 MB  Healthy           

==================================================================================

==========================================================

Last Boot: 2012-07-09 20:33

======================= End Of Log ==========================

[kevinf80]

Log appears clean, are you sure SP2 is installed, log indicates only SP1?

Run the following scan and post log...

Go here http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html to Download Sophos tool.

Select the Download now tab as below:




In the new window select for Home User then fill out all necessary information:

The download should start automatically, if not select the link as below:




Save the download file to your Desktop, when complete double click the file to install the tool. Windows 7 or Vista user accept UAC alert.

The tool will self extract as below:





In the new window select next, as below:





Agree the licence and select next, as below:





Leave the installation folder as default, select next, as below:





In the new window select "Install" as below:





The install will progress from:





To:




At the above image ensure "Launch Sophos Virus Removal tool" is checked, then select Finish:

In the new window select "Start scanning" as below:





When the tool completes the log can be found by Navigating  Start > Computer > C:\Program data \Sophos. open the Sophos folder and expand to Logs.

[MikeMobes]

I just copied what was found using the System Information deal.  Not sure about SP1/2

That sophos link keeps giving redirecting to a 500 error page. I tried going to the main website and finding it that way, byt i get the same error page when getting into the downloads/updates section. I'll try again in a couple minutes. 

[kevinf80]

Will Malwarebytes update? if so run a quick scan, post the produced log

[MikeMobes]

I got Sophos to run finally, it didn't detect anything, and didn't generate a log.

MBAM updated and ran a quick scan. Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.10.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Grammaton Cleric :: DADS-PC [administrator]

7/11/2012 2:34:01 PM
mbam-log-2012-07-11 (14-47-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284232
Time elapsed: 13 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-2374070308-3082580766-196985646-1002\$R17V72F\SearchGuardPlus.exe (PUP.Fbsearch) -> No action taken.
C:\Users\Moms laptop\Downloads\TelevisionFanatic.exe (PUP.FunWebProducts) -> No action taken.

(end)

[kevinf80]

Please re-run Malarebytes and remove those entries. post the new log.

You have to look for the Sophos log, it does not just pop up. C:\Program Data\Sophos\SophosVirusRemovalTool\Logs

[MikeMobes]

Removed.  Log said all three files detected were quarantined and deleted successfully.

[kevinf80]

Will MSE update?

[MikeMobes]

MSE still isnt updating. Before it was giving me a different error message though.
Here's what it's saying this time:

Virus and spyware definitions: Connection failed

Security Essentials couldn't complete the virus and spyware definitions update on 7/11/2012, 3:04P< because of an Internet or network connectivity problem.

The progress bar goes through a couple cycles of "Downloading" and "Installing" but still gives the above error message.

[kevinf80]

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now open Repair_Windows.exe
• Go to Start Repairs tab.
• Choose "Custom Mode" and press "Start".
• Create a System Restore point if prompted.
• In the Custom Mode window, select the following repair options:
• Reset Registry Permissions
• Register System Files
• Repair WMI
• Repair Hosts File
• Remove Policies Set By Infections
• Repair Winsock & DNS Cache
• Repair Proxy Settings
• Repair Windows Updates

Click the Start button.


Be patient while the tool repairs the selected items.
If prompted reboot the computer for the changes to take affect, make sure other tasks in the program are not still running before re-booting..

Let me see the log which will be found in this folder:

C:\Tweaking.com_windows_Repair_Logs