SourceCode
Members-
Posts
6 -
Joined
-
Last visited
Reputation
0 Neutral-
Hosts file keeps getting something added onto it
SourceCode replied to SourceCode's topic in Resolved Malware Removal Logs
. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Administrator Yang at 16:50:48 on 2012-07-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1756 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe C:\Program Files (x86)\Notepad++\notepad++.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [AdobeBridge] uRun: [WorkForce 435(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE /FU "C:\Users\ADMINI~1\AppData\Local\Temp\E_S91F2.tmp" /EF "HKCU" uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [bible360] rundll32.exe "C:\Users\Administrator Yang\AppData\Local\BigHugeEngine\Bible360\tvzjqlnhf.dll",CreateInstance mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [<NO NAME>] mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: HideFastUserSwitching = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7E112DA7-8C88-4DBF-81F3-ABCF04B9E49D} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7E112DA7-8C88-4DBF-81F3-ABCF04B9E49D}\140707C65602E4564777F627B602666326667373 : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{7E112DA7-8C88-4DBF-81F3-ABCF04B9E49D}\144545438343 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{7E112DA7-8C88-4DBF-81F3-ABCF04B9E49D}\7516E6760214962707F62747 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7E112DA7-8C88-4DBF-81F3-ABCF04B9E49D}\B6F6269656235353 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{87C2AAF6-0AB3-4CC2-A933-B0B32E79E5ED} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun-x64: [(Default)] mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun-x64: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL Hosts: 216.239.32.20 www.google.ae # bck9 Hosts: 216.239.32.20 www.google.at # bck9 Hosts: 216.239.32.20 www.google.be # bck9 Hosts: 216.239.32.20 www.google.ca # bck9 Hosts: 216.239.32.20 www.google.ch # bck9 . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Administrator Yang\AppData\Roaming\Mozilla\Firefox\Profiles\rhrkd2cp.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Windows\system32\npmproxy.dll FF - plugin: C:\Windows\system32\npOGPPlugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 bckd;bckd;C:\Windows\system32\drivers\bckd.sys --> C:\Windows\system32\drivers\bckd.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-26 89600] R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-8-24 514232] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-19 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-26 2413056] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-6-20 2666880] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2656280] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-6-14 1098296] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/03 12:33:32;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 wmamp3DriverV32;wmamp3DriverV32;C:\Windows\system32\drivers\wmamp3DriverV32.sys --> C:\Windows\system32\drivers\wmamp3DriverV32.sys [?] . =============== Created Last 30 ================ . 2012-07-15 21:39:41 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E27C4892-9CC6-4533-8FBC-63CC63E9DC78}\mpengine.dll 2012-07-14 20:14:57 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-12 08:23:53 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Bible360 2012-07-12 08:23:08 -------- d-----w- C:\ProgramData\Bible360 2012-07-12 08:23:08 -------- d-----w- C:\Program Files (x86)\Immersion Digital 2012-07-11 10:07:38 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 08:50:11 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-09 22:03:54 -------- d-----w- C:\Program Files (x86)\LOLReplay 2012-07-08 12:10:07 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\SKIDROW 2012-07-08 11:20:07 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Skyrim 2012-07-08 11:10:36 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim 2012-07-08 08:02:29 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-08 08:02:29 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-07 10:10:57 -------- d-----w- C:\Users\Administrator Yang\AppData\Roaming\Xfire 2012-07-07 10:10:55 -------- d-----w- C:\ProgramData\Xfire 2012-07-06 00:36:54 -------- d-----w- C:\ProgramData\NexonUS 2012-07-06 00:36:54 -------- d-----w- C:\Nexon 2012-07-05 22:49:48 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Apple Computer 2012-07-05 22:48:44 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-07-05 22:47:55 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Apple 2012-07-05 22:47:17 -------- d-----w- C:\Program Files\Bonjour 2012-07-05 22:47:17 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-07-04 06:32:32 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F1EB2A2-4E48-43D8-8D97-D2A44BD4FFFE}\gapaengine.dll 2012-07-02 21:36:23 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Eclipse 2012-06-29 22:57:19 -------- d-----w- C:\Program Files\Blue Coat K9 Web Protection 2012-06-28 01:21:37 -------- d-----w- C:\Windows\SysWow64\xlive 2012-06-28 01:21:30 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2012-06-27 23:48:31 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2012-06-27 23:48:29 -------- d-----w- C:\Program Files (x86)\Steam 2012-06-23 21:39:48 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant 2012-06-23 00:11:04 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\CyberLink 2012-06-22 21:29:06 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-22 21:28:59 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-22 21:28:49 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-22 21:28:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-21 02:25:19 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\AuthenTec 2012-06-20 23:19:30 -------- d-----w- C:\Users\Administrator Yang\AppData\Roaming\TeamViewer 2012-06-20 23:12:20 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-06-20 04:23:06 -------- d-----w- C:\Users\Administrator Yang\AppData\Roaming\LolClient 2012-06-18 00:28:33 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Hewlett-Packard_Developme 2012-06-16 00:17:26 28096 ----a-w- C:\Windows\System32\xfcodec64.dll 2012-06-16 00:17:24 42432 ----a-w- C:\Windows\SysWow64\xfcodec.dll . ==================== Find3M ==================== . 2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-23 21:13:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 21:13:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-03 19:31:35 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2012-06-03 19:31:34 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-25 21:02:52 43800 ----a-w- C:\Windows\System32\drivers\Accelerometer.sys 2012-04-25 21:02:52 31000 ----a-w- C:\Windows\System32\hpservice.exe 2012-04-25 21:02:52 30488 ----a-w- C:\Windows\System32\drivers\hpdskflt.sys 2012-04-25 21:02:52 21272 ----a-w- C:\Windows\System32\accelerometerdll.DLL 2012-04-25 21:02:52 18200 ----a-w- C:\Windows\System32\HPMDPCoInst12.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-17 22:05:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 16:51:44.31 =============== I don't know how to zip a file so (Attach) . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/25/2011 7:55:37 AM System Uptime: 7/15/2012 3:49:49 PM (1 hours ago) . Motherboard: Hewlett-Packard | | 1802 Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU1 | 1980/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 579 GiB total, 487.691 GiB free. D: is FIXED (NTFS) - 17 GiB total, 1.845 GiB free. E: is CDROM () F: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Loopback Adapter Device ID: ROOT\NET\0000 Manufacturer: Microsoft Name: Microsoft Loopback Adapter PNP Device ID: ROOT\NET\0000 Service: msloop . ==== System Restore Points =================== . RP171: 7/8/2012 1:02:35 AM - Windows Update RP172: 7/11/2012 3:00:17 AM - Windows Update RP173: 7/12/2012 1:19:09 AM - Windows Update RP174: 7/12/2012 3:00:12 AM - Windows Update RP175: 7/13/2012 3:00:14 AM - Windows Update RP176: 7/14/2012 3:00:15 AM - Windows Update RP177: 7/15/2012 4:19:33 PM - Removed Skype™ 5.10 RP178: 7/15/2012 4:20:29 PM - Removed Skype Click to Call . ==== Hosts File Hijack ====================== . Hosts: 216.239.32.20 www.google.ae # bck9 Hosts: 216.239.32.20 www.google.at # bck9 Hosts: 216.239.32.20 www.google.be # bck9 Hosts: 216.239.32.20 www.google.ca # bck9 Hosts: 216.239.32.20 www.google.ch # bck9 Hosts: 216.239.32.20 www.google.cl # bck9 Hosts: 216.239.32.20 www.google.co.il # bck9 Hosts: 216.239.32.20 www.google.co.in # bck9 Hosts: 216.239.32.20 www.google.co.jp # bck9 Hosts: 216.239.32.20 www.google.co.kr # bck9 Hosts: 216.239.32.20 www.google.co.nz # bck9 Hosts: 216.239.32.20 www.google.co.uk # bck9 Hosts: 216.239.32.20 www.google.co.ve # bck9 Hosts: 216.239.32.20 www.google.co.za # bck9 Hosts: 216.239.32.20 www.google.com # bck9 Hosts: 216.239.32.20 www.google.com.ar # bck9 Hosts: 216.239.32.20 www.google.com.au # bck9 Hosts: 216.239.32.20 www.google.com.br # bck9 Hosts: 216.239.32.20 www.google.com.co # bck9 Hosts: 216.239.32.20 www.google.com.gr # bck9 Hosts: 216.239.32.20 www.google.com.hk # bck9 Hosts: 216.239.32.20 www.google.com.mx # bck9 Hosts: 216.239.32.20 www.google.com.my # bck9 Hosts: 216.239.32.20 www.google.com.pe # bck9 Hosts: 216.239.32.20 www.google.com.ph # bck9 Hosts: 216.239.32.20 www.google.com.pk # bck9 Hosts: 216.239.32.20 www.google.com.sg # bck9 Hosts: 216.239.32.20 www.google.com.tr # bck9 Hosts: 216.239.32.20 www.google.com.tw # bck9 Hosts: 216.239.32.20 www.google.com.ua # bck9 Hosts: 216.239.32.20 www.google.de # bck9 Hosts: 216.239.32.20 www.google.dk # bck9 Hosts: 216.239.32.20 www.google.es # bck9 Hosts: 216.239.32.20 www.google.fi # bck9 Hosts: 216.239.32.20 www.google.fr # bck9 Hosts: 216.239.32.20 www.google.it # bck9 Hosts: 216.239.32.20 www.google.lt # bck9 Hosts: 216.239.32.20 www.google.lv # bck9 Hosts: 216.239.32.20 www.google.nl # bck9 Hosts: 216.239.32.20 www.google.pl # bck9 Hosts: 216.239.32.20 www.google.pt # bck9 Hosts: 216.239.32.20 www.google.ro # bck9 Hosts: 216.239.32.20 www.google.ru # bck9 . ==== Installed Programs ====================== . µTorrent ABBYY FineReader 9.0 Sprint Adobe AIR Adobe Download Assistant Adobe Flash Player 11 Plugin Adobe Flash Professional CS6 Adobe Help Manager Adobe Photoshop CS5.1 Adobe Reader X (10.1.3) MUI Adobe Shockwave Player 11.5 Alliance of Valiant Arms Apple Application Support Apple Software Update Audacity 2.0 Bandisoft MPEG-1 Decoder Bible360 [en-us] CyberLink PowerDVD CyberLink YouCam D3DX10 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Energy Star Digital Logo Epson Connect Epson FAX Utility EPSON Scan EpsonNet Print ESU for Microsoft Windows 7 Evernote v. 4.2.2 Fraps Hewlett-Packard ACLM.NET v1.1.2.0 HP Connection Manager HP Customer Experience Enhancements HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP SimplePass 2011 HP Software Framework HP Support Assistant IDT Audio Intel® Control Center Intel® Identity Protection Technology 1.2.22.0 Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 31 Kingdoms of Amalur Reckoning LAME v3.99.3 (for Windows) League of Legends Malwarebytes Anti-Malware version 1.62.0.1300 MapleStory Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nexon Game Manager Notepad++ Pando Media Booster PDF Settings CS5 PDF Settings CS6 PlayReady PC Runtime x86 Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager Renesas Electronics USB 3.0 Host Controller Driver RoxioNow Player Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Steam TeamViewer 7 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VIP Access SDK (1.1.0.4) Xfire (remove only) . ==== Event Viewer Messages From Past Week ======== . 7/15/2012 4:14:57 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). 7/15/2012 4:11:49 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 7/14/2012 1:05:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/14/2012 1:05:52 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%- 1073473535. 7/11/2012 10:37:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer7 service. . ==== End Of File =========================== -
Hosts file keeps getting something added onto it
SourceCode replied to SourceCode's topic in Resolved Malware Removal Logs
I did not mean to make multiple threads of this topic. Everytime I posted it would say 400 Bad Request - Your browser sent a request that this server could not understand. I did not know that it already posted. -
Hosts file keeps getting something added onto it
SourceCode replied to SourceCode's topic in Resolved Malware Removal Logs
I did not mean to make multiple threads of this topic. Everytime I posted it would say 400 Bad Request - Your browser sent a request that this server could not understand. I did not know that it already posted. -
Hi there, so today while surfing the web I got infected by the Security Shield virus. After scanning my computer with MalwareBytes it detected 3 items and I deleted it. I was also aware that the Security Shield virus or rogue, was redirecting me onto different sites when I went and search on Google. It doesn't redirect me anymore but I notice that my Host file as some weird addons that keeps getting add to it. I'll copy it here the original and how it keeps getting changed evertime I go to a site even after I delete it. Original: # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost Constantly changed version: # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost 216.239.32.20 www.google.ae # bck9 216.239.32.20 www.google.at # bck9 216.239.32.20 www.google.be # bck9 216.239.32.20 www.google.ca # bck9 216.239.32.20 www.google.ch # bck9 216.239.32.20 www.google.cl # bck9 216.239.32.20 www.google.co.il # bck9 216.239.32.20 www.google.co.in # bck9 216.239.32.20 www.google.co.jp # bck9 216.239.32.20 www.google.co.kr # bck9 216.239.32.20 www.google.co.nz # bck9 216.239.32.20 www.google.co.uk # bck9 216.239.32.20 www.google.co.ve # bck9 216.239.32.20 www.google.co.za # bck9 216.239.32.20 www.google.com # bck9 216.239.32.20 www.google.com.ar # bck9 216.239.32.20 www.google.com.au # bck9 216.239.32.20 www.google.com.br # bck9 216.239.32.20 www.google.com.co # bck9 216.239.32.20 www.google.com.gr # bck9 216.239.32.20 www.google.com.hk # bck9 216.239.32.20 www.google.com.mx # bck9 216.239.32.20 www.google.com.my # bck9 216.239.32.20 www.google.com.pe # bck9 216.239.32.20 www.google.com.ph # bck9 216.239.32.20 www.google.com.pk # bck9 216.239.32.20 www.google.com.sg # bck9 216.239.32.20 www.google.com.tr # bck9 216.239.32.20 www.google.com.tw # bck9 216.239.32.20 www.google.com.ua # bck9 216.239.32.20 www.google.de # bck9 216.239.32.20 www.google.dk # bck9 216.239.32.20 www.google.es # bck9 216.239.32.20 www.google.fi # bck9 216.239.32.20 www.google.fr # bck9 216.239.32.20 www.google.it # bck9 216.239.32.20 www.google.lt # bck9 216.239.32.20 www.google.lv # bck9 216.239.32.20 www.google.nl # bck9 216.239.32.20 www.google.pl # bck9 216.239.32.20 www.google.pt # bck9 216.239.32.20 www.google.ro # bck9 216.239.32.20 www.google.ru # bck9 I am not sure if it was Security Shield that caused this, I hope there isn't any spyware from it still hidden inside my computer. I am not sure what these extra tags does but its annoying me. Can someone help? Is it safe or not and what is this actually doing. Thank you!
-
Hi there, so today while surfing the web I got infected by the Security Shield virus. After scanning my computer with MalwareBytes it detected 3 items and I deleted it. I was also aware that the Security Shield virus or rogue, was redirecting me onto different sites when I went and search on Google. It doesn't redirect me anymore but I notice that my Host file as some weird addons that keeps getting add to it. I'll copy it here the original and how it keeps getting changed evertime I go to a site even after I delete it. Original: # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost Constantly changed version: # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost 216.239.32.20 www.google.ae # bck9 216.239.32.20 www.google.at # bck9 216.239.32.20 www.google.be # bck9 216.239.32.20 www.google.ca # bck9 216.239.32.20 www.google.ch # bck9 216.239.32.20 www.google.cl # bck9 216.239.32.20 www.google.co.il # bck9 216.239.32.20 www.google.co.in # bck9 216.239.32.20 www.google.co.jp # bck9 216.239.32.20 www.google.co.kr # bck9 216.239.32.20 www.google.co.nz # bck9 216.239.32.20 www.google.co.uk # bck9 216.239.32.20 www.google.co.ve # bck9 216.239.32.20 www.google.co.za # bck9 216.239.32.20 www.google.com # bck9 216.239.32.20 www.google.com.ar # bck9 216.239.32.20 www.google.com.au # bck9 216.239.32.20 www.google.com.br # bck9 216.239.32.20 www.google.com.co # bck9 216.239.32.20 www.google.com.gr # bck9 216.239.32.20 www.google.com.hk # bck9 216.239.32.20 www.google.com.mx # bck9 216.239.32.20 www.google.com.my # bck9 216.239.32.20 www.google.com.pe # bck9 216.239.32.20 www.google.com.ph # bck9 216.239.32.20 www.google.com.pk # bck9 216.239.32.20 www.google.com.sg # bck9 216.239.32.20 www.google.com.tr # bck9 216.239.32.20 www.google.com.tw # bck9 216.239.32.20 www.google.com.ua # bck9 216.239.32.20 www.google.de # bck9 216.239.32.20 www.google.dk # bck9 216.239.32.20 www.google.es # bck9 216.239.32.20 www.google.fi # bck9 216.239.32.20 www.google.fr # bck9 216.239.32.20 www.google.it # bck9 216.239.32.20 www.google.lt # bck9 216.239.32.20 www.google.lv # bck9 216.239.32.20 www.google.nl # bck9 216.239.32.20 www.google.pl # bck9 216.239.32.20 www.google.pt # bck9 216.239.32.20 www.google.ro # bck9 216.239.32.20 www.google.ru # bck9 I am not sure if it was Security Shield that caused this, I hope there isn't any spyware from it still hidden inside my computer. I am not sure what these extra tags does but its annoying me. Can someone help? Is it safe or not and what is this actually doing. Thank you!
-
Hi there, so today while surfing the web I got infected by the Security Shield virus. After scanning my computer with MalwareBytes it detected 3 items and I deleted it. I was also aware that the Security Shield virus or rogue, was redirecting me onto different sites when I went and search on Google. It doesn't redirect me anymore but I notice that my Host file as some weird addons that keeps getting add to it. I'll copy it here the original and how it keeps getting changed evertime I go to a site even after I delete it. Original: # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost Constantly changed version: # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost 216.239.32.20 www.google.ae # bck9 216.239.32.20 www.google.at # bck9 216.239.32.20 www.google.be # bck9 216.239.32.20 www.google.ca # bck9 216.239.32.20 www.google.ch # bck9 216.239.32.20 www.google.cl # bck9 216.239.32.20 www.google.co.il # bck9 216.239.32.20 www.google.co.in # bck9 216.239.32.20 www.google.co.jp # bck9 216.239.32.20 www.google.co.kr # bck9 216.239.32.20 www.google.co.nz # bck9 216.239.32.20 www.google.co.uk # bck9 216.239.32.20 www.google.co.ve # bck9 216.239.32.20 www.google.co.za # bck9 216.239.32.20 www.google.com # bck9 216.239.32.20 www.google.com.ar # bck9 216.239.32.20 www.google.com.au # bck9 216.239.32.20 www.google.com.br # bck9 216.239.32.20 www.google.com.co # bck9 216.239.32.20 www.google.com.gr # bck9 216.239.32.20 www.google.com.hk # bck9 216.239.32.20 www.google.com.mx # bck9 216.239.32.20 www.google.com.my # bck9 216.239.32.20 www.google.com.pe # bck9 216.239.32.20 www.google.com.ph # bck9 216.239.32.20 www.google.com.pk # bck9 216.239.32.20 www.google.com.sg # bck9 216.239.32.20 www.google.com.tr # bck9 216.239.32.20 www.google.com.tw # bck9 216.239.32.20 www.google.com.ua # bck9 216.239.32.20 www.google.de # bck9 216.239.32.20 www.google.dk # bck9 216.239.32.20 www.google.es # bck9 216.239.32.20 www.google.fi # bck9 216.239.32.20 www.google.fr # bck9 216.239.32.20 www.google.it # bck9 216.239.32.20 www.google.lt # bck9 216.239.32.20 www.google.lv # bck9 216.239.32.20 www.google.nl # bck9 216.239.32.20 www.google.pl # bck9 216.239.32.20 www.google.pt # bck9 216.239.32.20 www.google.ro # bck9 216.239.32.20 www.google.ru # bck9 I am not sure if it was Security Shield that caused this, I hope there isn't any spyware from it still hidden inside my computer. I am not sure what these extra tags does but its annoying me. Can someone help? Is it safe or not and what is this actually doing. Thank you!