Jump to content

RockunRoll

Honorary Members
 View Profile  See their activity

  • Posts

    36

  • Joined

  • Last visited

 Content Type 

Everything posted by RockunRoll

  1. RockunRoll
    OK I believe I found the 2 TDSS logs - u want me to cut and paste them over to you - its very long when I did a scroll down. I cannot tell you how is my computer running because I still get the scan disk request at start up after the windows colour flag appears. And similarly I canclled the scan within 10 mins if not the scan will auto run in 3 stages I believe.
  2. RockunRoll
    Hello again. This is the log for the MBAM scan. Where is the log location of the TDSS scan? I made 2 screen shots does it help? But I do not know how to attach the shots if you need. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.18.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Terence :: TERENCEHPENVY14 [administrator] 18-Jul-12 17:46:55 mbam-log-2012-07-18 (17-46-55).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 450611 Time elapsed: 51 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. RockunRoll
    Hi. I am terribly sorry, feeling somewhat bad. Actually I made a mistake when I imnformed you I had a clean TDSS scan earlier. It is not. I didnt know what prompted me now I did a rescan just mins ago, and the scan discovered 5 medium risks, which was the same that I had but as I said I mistakenly informed you nothing found. Before proceed to the MBAM scan, here are the screen shots of the results of this new TDSS scan which is exactly the same as I said done couple of days ago I do not know how to attach screen shots here - this is the text that appears of the 5 all the same medium level threats, and ALL I had them quarantined: Unsigned File, Service bufscvr, Unsigned File Creative Media Toolbox 6 licensing service, Unsigned File FLEXnet Licensing service, Unsigned File Service IDriverT Unsigned File Service SwitchBoard. Next post is the MBAM scan as you request.
  4. RockunRoll
    Hi I am gonna snooze fo the day MrC. Thanks for your efforts so far.
  5. RockunRoll
    Hi. Just a few things I wish to highlight if its relevant for you to note: The whole combo fx scan took about 32 mins all in including the report preparation. The 'illegal operation attempted....' did not occur, and thus there was no rebooting at all, anytime. The scan got stuck in stage 5 for about 12 mins or so before resuming stage 6, if this is something unique you like to pay attn. to I disable all the av , forewall stuff like the the win defender, win firewall, super anti spyware, my eset, and I remove the spybot as I cudnt find a way to stop it. I forgot to stop the win patrol - does this impact anything on the combo fix scan, I wonder? Heres the log report, wow indeed I find it super-long in length: ComboFix 12-07-16.01 - Terence 17-Jul-12 23:53:52.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3350.1729 [GMT 8:00] Running from: c:\users\Terence\Desktop\ComboFix.exe AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))))) . . 2012-07-17 16:23 . 2012-07-17 16:23 -------- d-----w- c:\users\Terence\AppData\Local\temp 2012-07-17 16:23 . 2012-07-17 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-17 15:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95DC9459-9FDF-4726-ACAB-DC68EF94C1CD}\mpengine.dll 2012-07-15 15:14 . 2012-07-15 15:14 -------- d-----w- c:\users\Terence\AppData\Roaming\SUPERAntiSpyware.com 2012-07-15 15:13 . 2012-07-15 15:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-07-14 17:47 . 2012-07-14 17:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-14 17:47 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-11 07:14 . 2012-07-11 07:14 -------- d-----w- c:\programdata\McAfee 2012-07-11 05:44 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 04:31 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-08 16:48 . 2012-07-14 17:45 -------- d-----w- c:\users\Terence\AppData\Roaming\vlc 2012-07-02 05:50 . 2012-07-02 05:50 -------- d-----w- c:\program files (x86)\Canon 2012-06-30 10:23 . 2012-07-17 15:51 -------- d-----r- c:\users\Terence\SkyDrive 2012-06-30 10:23 . 2012-06-30 10:23 -------- d-----w- c:\programdata\Microsoft SkyDrive 2012-06-30 10:10 . 2012-06-30 10:10 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2012-06-30 10:09 . 2012-06-30 10:10 -------- dc----w- c:\program files\TrueCrypt 2012-06-24 04:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-24 04:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-24 04:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-24 04:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-24 04:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-24 04:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-24 04:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-24 04:00 . 2012-06-02 07:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-24 04:00 . 2012-06-02 07:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 04:57 . 2012-04-19 08:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 04:57 . 2011-11-18 02:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-29 02:57 . 2011-11-12 06:49 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-06-29 02:57 . 2011-11-12 06:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-06-29 02:57 . 2011-11-12 06:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-28 03:12 . 2011-12-07 03:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-06-28 03:12 . 2011-12-07 03:37 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-28 03:12 . 2011-12-07 03:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-28 03:11 . 2011-12-06 01:50 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-05-31 04:25 . 2011-11-07 14:02 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-09 04:21 . 2012-05-07 07:54 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-09 04:21 . 2011-11-12 07:40 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-09 02:13 . 2012-05-09 02:13 388096 ----a-r- c:\users\Terence\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-04 11:06 . 2012-06-13 04:46 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 11:00 . 2012-06-13 04:46 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-05-04 10:03 . 2012-06-13 04:46 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 04:46 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-04 09:59 . 2012-06-13 04:46 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-05-01 05:40 . 2012-06-13 04:46 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 04:46 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 04:47 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 04:47 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 04:47 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 04:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 04:46 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 04:46 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 04:46 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-23 06:03 . 2012-04-23 06:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-04-23 06:03 . 2012-04-23 06:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-04-23 06:03 . 2012-04-23 06:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-04-23 06:03 . 2012-04-23 06:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-04-23 06:03 . 2012-04-23 06:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-04-23 06:03 . 2012-04-23 06:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-04-23 06:03 . 2012-04-23 06:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-04-23 06:03 . 2012-04-23 06:03 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-04-23 06:03 . 2012-04-23 06:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-04-23 06:03 . 2012-04-23 06:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-04-23 06:03 . 2012-04-23 06:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-04-23 06:03 . 2012-04-23 06:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-04-23 06:03 . 2012-04-23 06:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-04-23 06:03 . 2012-04-23 06:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-04-23 06:03 . 2012-04-23 06:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-04-23 06:03 . 2012-04-23 06:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-04-23 06:03 . 2012-04-23 06:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-04-23 06:03 . 2012-04-23 06:03 222208 ----a-w- c:\windows\system32\msls31.dll 2012-04-23 06:03 . 2012-04-23 06:03 12288 ----a-w- c:\windows\system32\mshta.exe 2012-04-23 06:03 . 2012-04-23 06:03 114176 ----a-w- c:\windows\system32\admparse.dll 2012-04-23 06:03 . 2012-04-23 06:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-04-23 06:03 . 2012-04-23 06:03 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-04-23 06:03 . 2012-04-23 06:03 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-04-23 06:03 . 2012-04-23 06:03 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-04-23 06:03 . 2012-04-23 06:03 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-04-23 06:03 . 2012-04-23 06:03 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-04-23 06:03 . 2012-04-23 06:03 448512 ----a-w- c:\windows\system32\html.iec 2012-04-23 06:03 . 2012-04-23 06:03 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-04-23 06:03 . 2012-04-23 06:03 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-04-23 06:03 . 2012-04-23 06:03 160256 ----a-w- c:\windows\system32\wextract.exe 2012-04-23 06:03 . 2012-04-23 06:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-04-23 06:03 . 2012-04-23 06:03 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-11-09 04:01 . 2011-11-09 06:05 446464 -c--a-w- c:\program files\TFC.exe 2010-07-04 14:34 . 2011-11-08 15:34 388608 -c--a-w- c:\program files\HijackThis204.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-13 02:00 220632 ----a-w- c:\users\Terence\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-13 02:00 220632 ----a-w- c:\users\Terence\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-13 02:00 220632 ----a-w- c:\users\Terence\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSyncU.exe"="c:\program files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-11-23 851968] "SkyDrive"="c:\users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-13 238552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-24 284696] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2012-05-15 5164120] "BuffaloTools"="c:\program files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe" [2010-03-05 169336] "Backup Utility TaskTray Tool"="c:\program files (x86)\BUFFALO\Backup_Utility\BUTray.exe" [2010-04-28 1824120] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-04-03 296056] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Terence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320] BUFFALO RAMDISK Tray Utility.lnk - c:\program files\BUFFALO\BFRD4G\BRDUtilTray.exe [2011-11-7 2557304] BUFFALO RAMDISK Utility.lnk - c:\program files\BUFFALO\BFRD4G\BRDUtil.exe [2010-3-10 1383288] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2010-8-3 1387688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 116648] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-25 40448] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] R3 bautpw64;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautpw64.sys [2010-01-20 16000] R3 bftpusbx64;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx64.sys [2010-01-18 20608] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 344616] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464] R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-06-23 79360] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 116648] R3 Jukebox3_x64;Jukebox3_x64;c:\windows\system32\DRIVERS\ctpdusbx.sys [2006-01-18 27264] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-08-24 349800] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-06 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024] S0 BFRD4G;BUFFALO RAM Disk Driver;c:\windows\system32\DRIVERS\BFRD4G.sys [2010-03-10 47232] S0 bftpdskc64;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc64.sys [2010-01-12 67712] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 203264] S2 BFBackupUtilityService;Backup Utility Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe [2010-04-28 320888] S2 BFBackupUtilityVSSService;Backup Utility VSS Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [2010-04-28 359288] S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656] S2 bufssvr;bufssvr;c:\program files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [2010-03-12 90112] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-24 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-09 7767552] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-09 279040] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-28 10610400] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] . . Contents of the 'Scheduled Tasks' folder . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 04:57] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 07:55] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 07:55] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3563281658-2379863367-1239264620-1000Core.job - c:\users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 05:28] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3563281658-2379863367-1239264620-1000UA.job - c:\users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 05:28] . 2012-07-08 c:\windows\Tasks\HPCeeScheduleForTERENCEHPENVY14$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 14:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-13 02:00 244688 ----a-w- c:\users\Terence\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-13 02:00 244688 ----a-w- c:\users\Terence\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-13 02:00 244688 ----a-w- c:\users\Terence\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-25 324096] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-13 487424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-12-03 464744] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://news.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-BMW Performance Screensaver - c:\windows\system32\BMW Performance Screensaver.scr AddRemove-screensaver_carLaunch_en - c:\windows\system32\screensaver_carLaunch_en.scr AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{71576546-354D-41C9-AAE8-31F2EC22BF0D}"=hex:51,66,7a,6c,4c,1d,38,12,28,66,44, 75,7f,7b,a7,04,d5,fe,72,b2,e9,7c,fb,19 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a, 34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}"=hex:51,66,7a,6c,4c,1d,38,12,24,e7,33, cd,4a,31,0a,0b,c2,c1,e6,30,23,b9,ba,a3 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:62,72,73,5e,b4,3f,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,78,1d,09,04,27,0f,4c,b5,09,50,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,78,1d,09,04,27,0f,4c,b5,09,50,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-18 00:26:24 ComboFix-quarantined-files.txt 2012-07-17 16:26 . Pre-Run: 27,943,084,032 bytes free Post-Run: 27,437,678,592 bytes free . - - End Of File - - F5071F130D9B1E26C913A7B4F21691DE
  6. RockunRoll
    Hi there MrC. I got to go, tomorrow work. See you here tomorrow.
  7. RockunRoll
    OK sir, I believe this is the RK report you requested, as below a cut and paste jib again. RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Terence [Admin rights] Mode: Scan -- Date: 07/16/2012 23:35:23 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : SkyDrive ("C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background) -> FOUND [sUSP PATH] HKUS\S-1-5-21-3563281658-2379863367-1239264620-1000[...]\Run : SkyDrive ("C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEKT-60V5T1 (TurboPC) +++++ --- User --- [MBR] bf6a4742ae845801c1ff19aef6c5700a [bSP] d56ff638e715e4375a249bd3f849a94a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 110200 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 225896448 | Size: 95000 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 420456448 | Size: 99943 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Goodness sorry, didnt know the font is that tiny. Apologies. Trying again below: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Terence [Admin rights] Mode: Scan -- Date: 07/16/2012 23:35:23 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : SkyDrive ("C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background) -> FOUND [sUSP PATH] HKUS\S-1-5-21-3563281658-2379863367-1239264620-1000[...]\Run : SkyDrive ("C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEKT-60V5T1 (TurboPC) +++++ --- User --- [MBR] bf6a4742ae845801c1ff19aef6c5700a [bSP] d56ff638e715e4375a249bd3f849a94a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 110200 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 225896448 | Size: 95000 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 420456448 | Size: 99943 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  8. RockunRoll
    Hi when you said close out the roguekiller program, just simply click the X , nothing else? I was prompted yes or no to quit, how?
  9. RockunRoll
    heres the first one dds: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Terence at 23:21:37 on 2012-07-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3350.1075 [GMT 8:00] . AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe C:\Program Files (x86)\Stardock\MyColors\WBVista.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe C:\Windows\system32\CISVC.EXE C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Users\Terence\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe C:\Users\Terence\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\SysWOW64\CPdeSrvU.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://news.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe" uRun: [skyDrive] "C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background uRun: [Google Update] "C:\Users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey mRun: [buffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe mRun: [backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe" mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Terence\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~1.LNK - C:\Program Files (x86)\BUFFALO\BFRD4G\BRDUtilTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~2.LNK - C:\Program Files (x86)\BUFFALO\BFRD4G\BRDUtil.exe mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796} : DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\35471627865726 : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\544656E605F696E647 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\65964716C634F6D6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\75962756C6563737043574 : DhcpNameServer = 10.138.0.1 TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\75962756C656373704D4C4 : DhcpNameServer = 165.21.100.88 165.21.83.88 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey mRun-x64: [buffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe mRun-x64: [backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe" mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 BFRD4G;BUFFALO RAM Disk Driver;C:\Windows\system32\DRIVERS\BFRD4G.sys --> C:\Windows\system32\DRIVERS\BFRD4G.sys [?] R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\Windows\system32\drivers\bftpdskc64.sys --> C:\Windows\system32\drivers\bftpdskc64.sys [?] R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2011-11-7 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 BFBackupUtilityService;Backup Utility Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?] R2 BFBackupUtilityVSSService;Backup Utility VSS Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute [?] R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656] R2 bufssvr;bufssvr;C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [2010-3-12 90112] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-7 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-7 1153368] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-1 116648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250056] S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] S3 bautpw64;BUFFALO eco manager for HD Filter;C:\Windows\system32\drivers\bautpw64.sys --> C:\Windows\system32\drivers\bautpw64.sys [?] S3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\Windows\system32\drivers\bftpusbx64.sys --> C:\Windows\system32\drivers\bftpusbx64.sys [?] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-6-24 79360] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-1 116648] S3 Jukebox3_x64;Jukebox3_x64;C:\Windows\system32\DRIVERS\ctpdusbx.sys --> C:\Windows\system32\DRIVERS\ctpdusbx.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128] S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024] . =============== Created Last 30 ================ . 2012-07-15 15:14:06 -------- d-----w- C:\Users\Terence\AppData\Roaming\SUPERAntiSpyware.com 2012-07-15 15:13:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-07-14 17:47:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-14 17:47:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-14 06:34:48 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76BECA1B-68BF-45E7-B3BB-4A5F70B9B394}\mpengine.dll 2012-07-11 05:44:24 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 04:31:59 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-02 05:50:38 -------- d-----w- C:\Program Files (x86)\Canon 2012-06-30 10:23:51 -------- d-----r- C:\Users\Terence\SkyDrive 2012-06-30 10:23:39 -------- d-----w- C:\ProgramData\Microsoft SkyDrive 2012-06-30 10:10:03 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys 2012-06-30 10:09:36 -------- dc----w- C:\Program Files\TrueCrypt 2012-06-24 04:01:14 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-24 04:01:07 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-24 04:00:55 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-24 04:00:55 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-17 13:04:02 -------- d-----w- C:\Users\Terence\AppData\Roaming\AccurateRip 2012-06-17 13:03:56 -------- d-----w- C:\Program Files (x86)\Illustrate 2012-06-17 07:16:40 -------- d-----w- C:\Program Files (x86)\NCH_EN 2012-06-17 07:15:10 -------- d-----w- C:\Program Files (x86)\NCH Software 2012-06-17 07:15:05 -------- d-----w- C:\Users\Terence\AppData\Roaming\NCH Software 2012-06-17 06:09:28 -------- d-----w- C:\Users\Terence\AppData\Roaming\VSRevoGroup . ==================== Find3M ==================== . 2012-07-12 04:57:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 04:57:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-09 04:21:41 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-05-09 04:21:36 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2011-11-09 04:01:34 446464 -c--a-w- C:\Program Files\TFC.exe 2010-07-04 14:34:10 388608 -c--a-w- C:\Program Files\HijackThis204.exe . ============= FINISH: 23:23:27.41 =============== and the next, attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 07-Nov-11 18:10:33 System Uptime: 16-Jul-12 20:26:20 (3 hours ago) . Motherboard: Hewlett-Packard | | 1436 Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU | 1190/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 108 GiB total, 26.154 GiB free. D: is FIXED (NTFS) - 93 GiB total, 78.847 GiB free. E: is FIXED (NTFS) - 98 GiB total, 90.575 GiB free. F: is CDROM () G: is FIXED (FAT32) - 0 GiB total, 0.48 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&27A7FBF2&0&01 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&27A7FBF2&0&01 Service: vwifimp . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN Miniport (IKEv2) Device ID: ROOT\MS_AGILEVPNMINIPORT\0000 Manufacturer: Microsoft Name: WAN Miniport (IKEv2) PNP Device ID: ROOT\MS_AGILEVPNMINIPORT\0000 Service: RasAgileVpn . ==== System Restore Points =================== . RP252: 07-Jul-12 13:28:13 - Windows Update RP253: 08-Jul-12 23:51:02 - Restore Operation RP254: 10-Jul-12 18:02:46 - Windows Update RP255: 11-Jul-12 13:39:28 - Windows Update RP256: 11-Jul-12 15:14:41 - Installed Java 6 Update 33 RP257: 14-Jul-12 14:34:20 - Windows Update . ==== Installed Programs ====================== . 7-Zip 9.20 Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.5.1 - CPSID_83708 Adobe AIR Adobe Community Help Adobe Creative Suite 5 Design Premium Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Shockwave Player 11.6 Alcor Micro USB Card Reader Any Video Converter 3.3.4 Apple Software Update Bing Desktop BMW Performance Screensaver BUFFALO Backup Utility BUFFALO BuffaloTools Launcher BUFFALO eco Manager for HD BUFFALO SecureLockManagerEasy for HD BUFFALO TurboCopy BUFFALO TurboPC for FLASH/HDD Business Contact Manager for Microsoft Outlook 2010 Business Contact Manager for Outlook 2010 Database Tool Canon Easy-PhotoPrint EX Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Creative Jukebox Driver Creative Media Toolbox 6 Creative Media Toolbox 6 (Shared Components) Creative MediaSource 5 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell PC Suite DVD Menu Pack for HP MediaSmart Video DVDFab 8.1.6.3 (11/02/2012) Qt Edraw Max 6.3 ESU for Microsoft Windows 7 Fences Pro FreeMind Gadwin PrintScreen Google Chrome Google Update Helper GSview 5.0 Hewlett-Packard ACLM.NET v1.1.2.0 HiJackThis HijackThis 2.0.2 HP Customer Experience Enhancements HP MovieStore HP Quick Launch HP Software Framework HP Support Assistant IDT Audio Intel® Rapid Storage Technology Intel® Turbo Boost Technology Driver IrfanView (remove only) Java Auto Updater Java 6 Update 33 LogonStudio Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Creative Writer 2 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Communicator 2007 R2 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) MiniTool Partition Wizard Home Edition 7.1 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK OLYMPUS Digital Camera Updater OLYMPUS Viewer 2 Panda USB Vaccine 1.0.1.4 PDF Settings CS5 Publish It Lifestyle Edition PX Profile Update RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver RealUpgrade 1.1 Revo Uninstaller 1.94 Samsung Master Samsung RAW Converter 3 screensaver_carLaunch_en Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Service Pack 3 for SQL Server 2008 (KB2546951) Spybot - Search & Destroy Sql Server Customer Experience Improvement Program Stardock MyColors swMSM TrueCrypt UMPlayer 0.98 [P4] Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VLC media player 2.0.2 Web Publishing Wizard WebM Media Foundation Components Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Messenger Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 16-Jul-12 23:23:36, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 16-Jul-12 23:23:36, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. . ==== End Of File =========================== Now I ll do the roguekiller scan and come back later.
  10. RockunRoll
    Ok MrC - I read and reread, maybe I got you. You need me to click the link, go to that page, get the 2 things done, then come back here and post the logs, ie the dds and the attach, continue at this page where we are, d/l the Roguekiller and post its report, and the same time adhere to all the instructions. Ok that should be it. I will return once all done.
  11. RockunRoll
    Hi there, many thanks for your involvement. But I am unsure whats your instructions are please clarify. If I read you, you wanted me first and foremost to click the link immediately below your welcome message, right? But when I did, it open to another page where it is stated as locked. Sorry I m very new to cooperate in this kind of help forums, please bear with me.
  12. RockunRoll
    -- SOS -- SOS -- Hi all. I am a new member here, only just signed up. I believed I am infected with the Windows Command Processor malware. My computer is a HP laptop running WIn 7 OS home premium 64 bit. I believed I happened to click on allowing the Windows Command processor when it seeked permission to run some days ago. My suspicion is based on 2 issues. One is previously I have the habit of running TFC exe each time whle I logged off and for many years, after the TCF has scanned all the temp file, cookies, when I cliked on the X or exit, the computer will boot off to restart. But recent days, the reboot did not happen, and instead the next thing appeared was it brings up my library folder which contains the default picture, video and docs folders. This is DEFINITELY strange! Next tell tale sign is after so-called infection for 3-5 days, now it began to tell me whenever after I start my computer, at the Windows 4- colours Wndow flag picture, out came a black screen with instructions telling me that it is advisable to do a disk check for blah blah blah. Press any key to stop the check within the next 10 seconds. A few times I did NOT proceed with the disk check. I press any key to continue boot up, and it went smoothly a few times. However I changed my mind after so many bootups asking me to check disks, then I tought ok lets do a disk check let it run. I had it ran a couple of times. The first time the disk check ran, I was feeling strange. When step one begans, it proceeded normally but only for a minute or two, the texts r scripts that ran scrolling downwards turned INTO a garbled texts, overlapping sentences instead of clear line by line of texts. I let it continue further to observe, and still unchanged. That I decided to force stop by disconnnecting the electricity. Once i did that the boot up resumes. Next I retry again to see how the diskc check repeats itself or not again in similar fashion. True enough it does again. My computer is installed with uptodate Java, Eset Smart Security version5. I did a av scan couple of times nothing turned up. I scanned with malwarebytes anti malare also a few times, again, no detection of malware. I used TDSS to scan twice also nothing. I sued GMER, again no malware positive results.Finally I scanned with Super antispware also detected nothing. BUT I am very very worried and concerned that this Windows COmmand Proccessor is doing nasty things inside so far undetectable. Can someone please help ME !!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.