Jump to content

erosenmarkle

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here are the fresh DDS logs you requested: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35 Run by Ed at 17:57:46 on 2012-10-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2814 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Launch Manager\LManager.EXE C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSService.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810tz&r=273607121406l04d3z175t44l1d10r mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810tz&r=273607121406l04d3z175t44l1d10r BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [spyEmergency] "C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe" mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{278B2A4B-EE94-4C66-B604-D5787F184627} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{278B2A4B-EE94-4C66-B604-D5787F184627}\762602E65647 : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{6E24CF78-6E71-49FE-8976-3139FDF51AA9} : DhcpNameServer = 202.96.209.5 202.96.209.133 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [(Default)] mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ed.Eds-PC\AppData\Roaming\Mozilla\Firefox\Profiles\3qyvfg35.default\ FF - prefs.js: browser.startup.homepage - chrome://desktop/content/desktop.html FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 SpyEmrg;Spy Emergency Driver;C:\Windows\system32\Drivers\spyemrg.sys --> C:\Windows\system32\Drivers\spyemrg.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-28 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-10-28 253952] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000] R2 SpyEmrgSrv;Spy Emergency Engine Service;C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2012-10-2 4111200] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-10-28 240160] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\Windows\system32\Drivers\spyemrg_guard.sys --> C:\Windows\system32\Drivers\spyemrg_guard.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-8 250808] S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-15 115168] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;C:\Windows\system32\Drivers\spyemrg_access.sys --> C:\Windows\system32\Drivers\spyemrg_access.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-10-17 20:45:05 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07214E37-12AC-4548-AE71-361A1CB5EF59}\mpengine.dll 2012-10-17 09:16:33 9308616 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-15 23:17:03 -------- d-----w- C:\Users\Ed.Eds-PC\FrostWire 2012-10-15 11:27:25 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-10-12 10:22:41 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-10-12 10:22:40 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-10-12 10:22:28 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-10-10 21:50:09 -------- d-----w- C:\Program Files (x86)\ESET 2012-10-10 09:16:25 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-10-10 09:15:29 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-10-10 09:15:27 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-10-10 09:15:27 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-10-10 09:14:36 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-10 09:14:36 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-10 09:10:16 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 09:10:16 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 09:10:15 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 09:10:15 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 09:10:15 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 09:10:14 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-10-10 09:01:30 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-10 09:01:30 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-10 09:01:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-10 09:01:08 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-09 19:52:41 -------- d-----w- C:\$RECYCLE.BIN 2012-10-09 19:40:03 98816 ----a-w- C:\Windows\sed.exe 2012-10-09 19:40:03 518144 ----a-w- C:\Windows\SWREG.exe 2012-10-09 19:40:03 256000 ----a-w- C:\Windows\PEV.exe 2012-10-09 19:40:03 208896 ----a-w- C:\Windows\MBR.exe 2012-10-08 13:05:41 -------- d-----w- C:\Program Files\Nightly 2012-10-05 23:08:49 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C372D9FC-B236-4300-9F18-F71DCFFE1CA1}\gapaengine.dll 2012-10-05 09:51:20 181808 ----a-w- C:\Windows\RegBootClean.exe 2012-10-05 09:17:37 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2012-10-05 08:47:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-02 22:53:48 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Roaming\Spy Emergency 2012-10-02 22:53:42 24408 ----a-w- C:\Windows\System32\drivers\spyemrg_access.sys 2012-10-02 22:53:42 18776 ----a-w- C:\Windows\System32\drivers\spyemrg_guard.sys 2012-10-02 22:53:42 17240 ----a-w- C:\Windows\System32\drivers\spyemrg.sys 2012-10-02 22:53:36 -------- d-----w- C:\ProgramData\NETGATE 2012-10-02 22:53:33 -------- d-----w- C:\Program Files\NETGATE 2012-10-01 22:48:52 63488 ---ha-w- C:\Windows\System32\mshtover64.dll 2012-10-01 22:34:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-10-01 22:34:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-09-30 23:02:49 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Roaming\FreeFixer 2012-09-30 23:02:49 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local\FreeFixer 2012-09-30 23:02:31 -------- d-----w- C:\Program Files\FreeFixer 2012-09-30 20:58:15 16200 ----a-w- C:\Windows\stinger.sys 2012-09-30 20:57:56 -------- d-----w- C:\Program Files (x86)\stinger 2012-09-30 20:36:17 388096 ----a-r- C:\Users\Ed.Eds-PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-30 20:36:16 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-09-28 12:08:18 -------- d-sha-r- C:\Users\Ed.Eds-PC\AppData\Roaming\b86d 2012-09-28 12:08:18 -------- d-sha-r- C:\Program Files\a765a 2012-09-28 12:08:18 -------- d---a-r- C:\b930 2012-09-26 06:12:26 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-21 10:24:58 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local\{5E7381ED-4C38-4BBE-8571-65C1410BD052} 2012-09-19 21:11:21 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Roaming\Mp3tag 2012-09-19 21:11:01 -------- d-----w- C:\Program Files (x86)\Mp3tag 2012-09-19 20:46:00 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local\Garmin 2012-09-19 20:45:39 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local\GARMIN_Corp 2012-09-19 20:39:52 -------- d-----w- C:\Program Files (x86)\Garmin 2012-09-19 20:28:10 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local\TopoGrafix 2012-09-19 20:28:07 -------- d-----w- C:\Program Files (x86)\EasyGPS 2012-09-19 20:12:53 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Roaming\Garmin . ==================== Find3M ==================== . 2012-10-09 19:30:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 19:30:13 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-29 00:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-08-29 00:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-15 16:52:50 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll . ============= FINISH: 18:00:11.94 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/7/2012 4:24:23 PM System Uptime: 10/17/2012 5:54:59 PM (1 hours ago) . Motherboard: Acer | | JM11-MS Processor: Genuine Intel® CPU U4100 @ 1.30GHz | CPU | 1196/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 112.256 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP77: 10/7/2012 12:00:01 AM - Scheduled Checkpoint RP78: 10/9/2012 3:39:29 PM - Windows Update RP79: 10/9/2012 10:09:27 PM - Windows Update RP80: 10/10/2012 8:52:59 PM - Windows Update RP81: 10/12/2012 6:21:46 AM - Installed Java 7 Update 7 (64-bit) RP82: 10/14/2012 12:27:09 PM - Windows Update RP83: 10/17/2012 4:43:26 PM - Windows Update . ==== Installed Programs ====================== . Acer Assist Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer GridVista Acer Registration Acer ScreenSaver Acer Updater Acer VCM Acrobat.com Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Digital Editions Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Alcor Micro USB Card Reader Ashampoo Burning Studio 6 FREE v.6.80 ASUS WebStorage Sync Agent Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Auto Gordian Knot 2.55 AviSynth 2.5 calibre Compatibility Pack for the 2007 Office system ConvertXtoDVD 4.1.2.336 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DVD Catalyst 4.2.5.1 DVDFab 8.1.9.0 (06/07/2012) Qt EasyGPS 4.45 ESET Online Scanner v3 FreeArc 0.666 Garmin BaseCamp Garmin POI Loader Garmin USB Drivers Garmin WebUpdater HiJackThis HP USB Disk Storage Format Tool Identity Card Java Auto Updater Java 6 Update 35 Junk Mail filter update Launch Manager Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Messenger Companion Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Label 2012 v7.0.1 Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.52 MSVCRT MSVCRT_amd64 Picasa 3 PowerISO Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Skype Click to Call Skype™ 5.10 TubeHunter Ultra 4.31 Ultra Video Converter 5.1.0108 Ultra Video Joiner 6.1.0108 Ultra Video Splitter 6.0.1201 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VLC media player 2.0.2 VobSub v2.23 (Remove Only) Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.1 XviD MPEG4 Video Codec (remove only) YouTube Downloader 3.3 . ==== Event Viewer Messages From Past Week ======== . 10/17/2012 5:55:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 10/17/2012 4:16:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spy Emergency Engine Service service to connect. 10/17/2012 4:16:35 PM, Error: Service Control Manager [7000] - The Spy Emergency Engine Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/16/2012 2:52:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 10/13/2012 9:05:53 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/12/2012 5:03:27 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/12/2012 5:03:27 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. . ==== End Of File ===========================
  2. Maniac, -Backed up my Firefox profile using MozBackup. -Uninstalled Firefox completely. -Restarted my computer and now IE automaticall starts and goes to http://www.google.com/fsquirt.exe with the error: 404. That’s an error. The requested URL /fsquirt.exe was not found on this server. That’s all we know. -Reinstalled Firefox as default default browser without restoring profile. -Restarted my computer and Firefox automaticall starts and goes to http://www.google.com/fsquirt.exe with the error: 404. That’s an error. The requested URL /fsquirt.exe was not found on this server. That’s all we know. -Apparently the default browser is what starts up with the computer, regardless of personal data. I changed the default browser back and forth between IE and Firefox, restarting each time and everytime the default browser automatically starts to http://www.google.com/fsquirt.exe. Not sure why it's looking for the file fsquirt.exe? Isn't fsquirt.exe associated with bluetooth. Noted the following site has a scan to fix fquirt errors. Not sure how legit it is. http://www.liutilities.com/products/wintaskspro/processlibrary/fsquirt/ Just guessing at this point. Ed
  3. When I reinstalled Firefox, I did not delete personal data.
  4. Uninstalled Firefox and reinstalled using your link and then restarted my computer. Same thing happened with Firefox automatically starting up.It seems to be over-riding my default homepage because if I select the home button, it goes to my default homepage. Thats the only problem I still see. Everything else seems to be functioning normally.
  5. Maniac, Followed your instructions and while Firefox no longer goes to http://sftwred.info/. It now goes to http://www.google.com/fsquirt.exe.'>http://www.google.com/fsquirt.exe. I noticed this happen before when I made the registry changes. Changed default hompage to Google, closed Firefox, started Firefox and Google was the homepage. To make sure, rebooted and again http://www.google.com/fsquirt.exe became the homepage. Maybe whatever is causing Firefox to automatically startup when the computer boots is causing the firefox problem. I looked at startup programs using msconfig but didn't see anything obvious. Ed
  6. Firefox only, Not sure if it's because it's my default browser. Load IE and stays on my homepage (Google). Couple of days ago I tried deleting Firefox (without deleting customized settings) and re-install but that didn't work. Ran Regedit and searched on the redirect site (sftwred), found two hits and changed them to Google. Then closed the browser and restarted Firefox and again loaded http://sftwred.info/. I'm infected somewhere, just not sure what.
  7. Maniac, Programs seem to be updating okay but still getting the browser redirect/hijack to http://sftwred.info/redirect.cgi. If I can get my data off the computer okay, I might think about reloading windows this weekend. Your thoughts? Ed
  8. Maniac, Here's the log from the ESET scan: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-11 12:45:54 # local_time=2012-10-10 08:45:54 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 782361 782361 0 0 # compatibility_mode=5893 16776574 66 85 7954831 101449587 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9472 16777215 100 0 601324 601324 0 0 # scanned=181243 # found=0 # cleaned=0 # scan_time=10217 Thanks Ed
  9. Maniac, Sorry it took so long to get back to you, just got home from work a bit ago.I followed your instructions and ran ComboFix. The only problem was when ComboFix rebooted the computer, Firefox automatically loaded durng startup and I immediately shut it down. One question, can I safely connect external drives to transfer data or should I wait until the problem is resolved? Here is the ComboFix log: ComboFix 12-10-09.01 - Ed 10/09/2012 15:42:02.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2798 [GMT -4:00] Running from: c:\users\Ed.Eds-PC\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - Windows: deleted 108 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ed.Eds-PC\AppData\Roaming\2.1.0.0 c:\users\Ed.Eds-PC\AppData\Roaming\vso_ts_preview.xml c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . ((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 ))))))))))))))))))))))))))))))) . . 2012-10-08 17:26 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC72B081-8EA2-439A-AA57-6705B640936F}\mpengine.dll 2012-10-08 13:05 . 2012-10-08 14:41 -------- d-----w- c:\program files\Nightly 2012-10-07 14:33 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-05 23:08 . 2012-10-05 23:07 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C372D9FC-B236-4300-9F18-F71DCFFE1CA1}\gapaengine.dll 2012-10-05 09:51 . 2012-10-05 09:51 181808 ----a-w- c:\windows\RegBootClean.exe 2012-10-05 09:17 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2012-10-05 08:47 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-02 22:53 . 2012-10-09 19:28 -------- d-----w- c:\users\Ed.Eds-PC\AppData\Roaming\Spy Emergency 2012-10-02 22:53 . 2011-04-21 15:31 24408 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys 2012-10-02 22:53 . 2011-04-21 15:31 18776 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys 2012-10-02 22:53 . 2011-04-21 15:31 17240 ----a-w- c:\windows\system32\drivers\spyemrg.sys 2012-10-02 22:53 . 2012-10-02 22:53 -------- d-----w- c:\programdata\NETGATE 2012-10-02 22:53 . 2012-10-02 22:53 -------- d-----w- c:\program files\NETGATE 2012-10-01 22:48 . 2012-10-01 22:48 63488 ---ha-w- c:\windows\system32\mshtover64.dll 2012-10-01 22:34 . 2012-10-09 19:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-10-01 22:34 . 2012-10-09 19:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-09-30 23:02 . 2012-10-02 00:08 -------- d-----w- c:\users\Ed.Eds-PC\AppData\Roaming\FreeFixer 2012-09-30 23:02 . 2012-09-30 23:02 -------- d-----w- c:\users\Ed.Eds-PC\AppData\Local\FreeFixer 2012-09-30 23:02 . 2012-10-08 12:52 -------- d-----w- c:\program files\FreeFixer 2012-09-30 20:58 . 2012-09-30 20:58 16200 ----a-w- c:\windows\stinger.sys 2012-09-30 20:57 . 2012-10-05 08:42 -------- d-----w- c:\program files (x86)\stinger 2012-09-30 20:36 . 2012-09-30 20:36 388096 ----a-r- c:\users\Ed.Eds-PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-30 20:36 . 2012-09-30 20:36 -------- d-----w- c:\program files (x86)\Trend Micro 2012-09-28 12:08 . 2012-09-28 12:08 -------- d---a-r- C:\b930 2012-09-28 12:08 . 2012-09-28 12:08 -------- d-sha-r- c:\users\Ed.Eds-PC\AppData\Roaming\b86d 2012-09-28 12:08 . 2012-09-28 12:08 -------- d-sha-r- c:\program files\a765a 2012-09-26 06:12 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-22 07:00 . 2012-08-24 11:15 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-09-22 07:00 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-09-19 23:51 . 2012-09-19 23:51 -------- d-----w- c:\windows\Sun 2012-09-19 21:11 . 2012-09-20 22:29 -------- d-----w- c:\users\Ed.Eds-PC\AppData\Roaming\Mp3tag 2012-09-19 21:11 . 2012-09-19 21:11 -------- d-----w- c:\program files (x86)\Mp3tag 2012-09-19 20:46 . 2012-09-19 20:46 -------- d-----w- c:\users\Ed.Eds-PC\AppData\Local\Garmin 2012-09-19 20:45 . 2012-09-19 20:45 -------- d-----w- c:\users\Ed.Eds-PC\AppData\Local\GARMIN_Corp 2012-09-19 20:40 . 2012-09-19 20:40 -------- d-----w- c:\program files\DIFX 2012-09-19 20:39 . 2012-09-21 09:32 -------- d-----w- c:\program files (x86)\Garmin 2012-09-19 20:28 . 2012-09-19 20:28 -------- d-----w- c:\users\Ed.Eds-PC\AppData\Local\TopoGrafix 2012-09-19 20:28 . 2012-09-19 20:28 -------- d-----w- c:\program files (x86)\EasyGPS 2012-09-19 20:12 . 2012-09-19 20:45 -------- d-----w- c:\users\Ed.Eds-PC\AppData\Roaming\Garmin 2012-09-16 22:56 . 2012-09-16 22:57 -------- d-----w- c:\program files (x86)\Google 2012-09-16 12:45 . 2012-09-16 22:30 -------- d-----w- c:\users\Ed.Eds-PC\AppData\Roaming\DVD Catalyst 4 2012-09-16 12:45 . 2012-09-16 12:45 -------- d-----w- c:\program files (x86)\DVD Catalyst 2012-09-12 09:11 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 09:11 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 09:11 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 09:11 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 09:11 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 09:11 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 09:11 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 19:30 . 2012-07-08 09:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 19:30 . 2012-07-08 09:15 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-13 00:37 . 2012-07-07 22:09 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 02:03 . 2012-03-21 00:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-29 00:24 . 2012-07-09 22:56 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-08-29 00:24 . 2012-07-09 22:56 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-07-18 18:15 . 2012-08-14 22:53 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-17 825864] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-05-31 336992] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe" [2012-08-31 3422592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-28 708608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys [2011-04-21 24408] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-08 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2011-04-21 17240] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000] S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2012-07-19 4111200] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-04-27 57344] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2011-04-21 18776] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-07 c:\windows\Tasks\Acer Registration Data Sending.job - c:\program files (x86)\Acer\Registration\GREG.exe [2009-08-28 09:40] . 2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 19:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U] @="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}" [HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}] 2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810tz&r=273607121406l04d3z175t44l1d10r mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1810tz&r=273607121406l04d3z175t44l1d10r mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 FF - ProfilePath - c:\users\Ed.Eds-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5nfkt9to.default\ FF - prefs.js: browser.startup.homepage - hxxp://sftwred.info/redirect.cgi FF - user.js: browser.startup.homepage - hxxp://sftwred.info/redirect.cgi . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3184506123-1178500404-135810342-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3184506123-1178500404-135810342-1001) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.eml.14" . [HKEY_USERS\S-1-5-21-3184506123-1178500404-135810342-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-3184506123-1178500404-135810342-1001) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.vcf.14" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2012-10-09 15:59:02 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-09 19:59 . Pre-Run: 136,542,720,000 bytes free Post-Run: 136,155,332,608 bytes free . - - End Of File - - B5C2C8B58820501CEEC32528782B4208 Thanks again Ed
  10. Maniac, Thank you very much for taking the time to help with my problem. No, I am not a paying customer although after this I may rethink my decision. Followed your instructions to the letter. Posted all logs below. MBAM found no items, however aswMBR did find C:\windows\system32\mshtover64.dll **INFECTED** win32:crypt-nwy [Trj] mbam-log-2012-10-08 (19-22-48) Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.08.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ed :: EDS-PC [administrator] 10/8/2012 7:22:48 PM mbam-log-2012-10-08 (19-22-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202291 Time elapsed: 1 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR Log aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-08 20:33:17 ----------------------------- 20:33:17.299 OS Version: Windows x64 6.1.7601 Service Pack 1 20:33:17.299 Number of processors: 2 586 0x170A 20:33:17.299 ComputerName: EDS-PC UserName: Ed 20:33:27.580 Initialize success 20:33:42.852 AVAST engine defs: 12100801 20:33:47.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 20:33:48.000 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3 20:33:48.047 Disk 0 MBR read successfully 20:33:48.047 Disk 0 MBR scan 20:33:48.094 Disk 0 Windows 7 default MBR code 20:33:48.125 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048 20:33:48.172 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872 20:33:48.218 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292855 MB offset 25372672 20:33:48.281 Disk 0 scanning C:\Windows\system32\drivers 20:34:08.436 Service scanning 20:35:03.894 Modules scanning 20:35:03.894 Disk 0 trace - called modules: 20:35:03.925 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 20:35:04.456 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800485b060] 20:35:04.456 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide \IAAStorageDevice-0[0xfffffa800467f050] 20:35:05.548 AVAST engine scan C:\Windows 20:35:10.680 AVAST engine scan C:\Windows\system32 20:36:46.355 File: C:\Windows\system32\mshtover64.dll **INFECTED** Win32:Crypt-NWY [Trj] 20:42:46.217 AVAST engine scan C:\Windows\system32\drivers 20:43:29.429 AVAST engine scan C:\Users\Ed.Eds-PC 21:11:19.189 AVAST engine scan C:\ProgramData 21:13:39.683 Scan finished successfully 21:14:50.133 Disk 0 MBR has been saved successfully to "C:\Users\Ed.Eds-PC\Desktop\MBR.dat" 21:14:50.258 The log file has been saved successfully to "C:\Users\Ed.Eds-PC\Desktop \aswMBR.txt" dds Log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35 Run by Ed at 21:18:01 on 2012-10-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2187 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Spy Emergency *Enabled/Updated* {A77BE48A-B776-F747-8A39-C3ECDC95366D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe C:\Program Files (x86)\Launch Manager\LManager.EXE C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Windows\system32\igfxext.exe C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx? b=ACAW&l=0409&m=aspire_1810tz&r=273607121406l04d3z175t44l1d10r uStart Page = hxxp://www.google.com/ mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx? b=ACAW&l=0409&m=aspire_1810tz&r=273607121406l04d3z175t44l1d10r mStart Page = hxxp://homepage.acer.com/rdr.aspx? b=ACAW&l=0409&m=aspire_1810tz&r=273607121406l04d3z175t44l1d10r uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C: \PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype \Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C: \PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files \Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File uRun: [spyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader \Reader_sl.exe" mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat \Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent \1.1.10.123\AsusWSPanel.exe /S StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C: \PROGRA~2\SPYBOT~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35 -windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35 -windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35 -windows-i586.cab TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{278B2A4B-EE94-4C66-B604-D5787F184627} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{278B2A4B-EE94-4C66-B604-D5787F184627}\762602E65647 : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{6E24CF78-6E71-49FE-8976-3139FDF51AA9} : DhcpNameServer = 202.96.209.5 202.96.209.133 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files \microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype \SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live \Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C: \PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C: \Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C: \PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files \Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader \Reader_sl.exe" mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [(Default)] mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat \Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat \Acrotray.exe" mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent \1.1.10.123\AsusWSPanel.exe /S SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ed.Eds-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5nfkt9to.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Ed.Eds-PC\AppData\Roaming\Mozilla\Firefox\Profiles\5nfkt9to.default \extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.startup.homepage - hxxp://sftwred.info/redirect.cgi ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C: \Windows\system32\DRIVERS\MpFilter.sys [?] R1 SpyEmrg;Spy Emergency Driver;C:\Windows\system32\Drivers\spyemrg.sys --> C:\Windows \system32\Drivers\spyemrg.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows \system32\DRIVERS\vwififlt.sys [?] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-28 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C: \Windows\system32\DRIVERS\NisDrvWFP.sys [?] R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-10-28 253952] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy \SDWinSec.exe [2012-10-1 1153368] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service \c2c_service.exe [2012-8-13 3064000] R2 SpyEmrgSrv;Spy Emergency Engine Service;C:\Program Files\NETGATE\Spy Emergency \SpyEmergencySrv.exe [2012-10-2 4111200] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009- 10-28 240160] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers \IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C: \Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C: \Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\Windows\system32\Drivers \spyemrg_guard.sys --> C:\Windows\system32\Drivers\spyemrg_guard.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows \Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows \Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed \Flash\FlashPlayerUpdateService.exe [2012-7-8 250568] S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows \system32\drivers\AmUStor.SYS [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS \fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety \fsssvc.exe [2012-3-8 1492840] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C: \Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-8 114144] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared \OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;C:\Windows\system32\Drivers\spyemrg_access.sys --> C:\Windows\system32\Drivers\spyemrg_access.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers \tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows \system32\DRIVERS\wdcsam64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh \wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-10-08 17:26:53 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware \Definition Updates\{FC72B081-8EA2-439A-AA57-6705B640936F}\mpengine.dll 2012-10-08 13:05:41 -------- d-----w- C:\Program Files\Nightly 2012-10-07 14:33:24 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware \Definition Updates\Backup\mpengine.dll 2012-10-05 23:08:49 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware \Definition Updates\{C372D9FC-B236-4300-9F18-F71DCFFE1CA1}\gapaengine.dll 2012-10-05 09:51:20 181808 ----a-w- C:\Windows\RegBootClean.exe 2012-10-05 09:17:37 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2012-10-05 08:47:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-02 22:53:48 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Roaming\Spy Emergency 2012-10-02 22:53:42 24408 ----a-w- C:\Windows\System32\drivers\spyemrg_access.sys 2012-10-02 22:53:42 18776 ----a-w- C:\Windows\System32\drivers\spyemrg_guard.sys 2012-10-02 22:53:42 17240 ----a-w- C:\Windows\System32\drivers\spyemrg.sys 2012-10-02 22:53:36 -------- d-----w- C:\ProgramData\NETGATE 2012-10-02 22:53:33 -------- d-----w- C:\Program Files\NETGATE 2012-10-01 22:48:52 63488 ---ha-w- C:\Windows\System32\mshtover64.dll 2012-10-01 22:34:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-10-01 22:34:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-09-30 23:02:49 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Roaming \FreeFixer 2012-09-30 23:02:49 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local \FreeFixer 2012-09-30 23:02:31 -------- d-----w- C:\Program Files\FreeFixer 2012-09-30 20:58:15 16200 ----a-w- C:\Windows\stinger.sys 2012-09-30 20:57:56 -------- d-----w- C:\Program Files (x86)\stinger 2012-09-30 20:36:17 388096 ----a-r- C:\Users\Ed.Eds-PC\AppData\Roaming\Microsoft \Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-30 20:36:16 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-09-28 12:08:18 -------- d-sha-r- C:\Users\Ed.Eds-PC\AppData\Roaming\b86d 2012-09-28 12:08:18 -------- d-sha-r- C:\Program Files\a765a 2012-09-28 12:08:18 -------- d-sha-r- C:\b930 2012-09-26 06:12:26 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-21 10:24:58 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local \{5E7381ED-4C38-4BBE-8571-65C1410BD052} 2012-09-19 21:11:21 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Roaming\Mp3tag 2012-09-19 21:11:01 -------- d-----w- C:\Program Files (x86)\Mp3tag 2012-09-19 20:46:00 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local\Garmin 2012-09-19 20:45:39 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local \GARMIN_Corp 2012-09-19 20:39:52 -------- d-----w- C:\Program Files (x86)\Garmin 2012-09-19 20:28:10 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local \TopoGrafix 2012-09-19 20:28:07 -------- d-----w- C:\Program Files (x86)\EasyGPS 2012-09-19 20:12:53 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Roaming\Garmin 2012-09-16 15:49:41 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local \{441A3EC6-649C-465B-A210-3A43C579FFB2} 2012-09-16 15:49:41 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Local \{1D00269F-77DD-44E9-B0F7-1CBA42A8AD09} 2012-09-16 12:45:57 -------- d-----w- C:\Users\Ed.Eds-PC\AppData\Roaming\DVD Catalyst 4 2012-09-16 12:45:16 -------- d-----w- C:\Program Files (x86)\DVD Catalyst 2012-09-12 09:11:08 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 09:11:08 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 09:11:06 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 09:11:06 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 09:11:04 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 09:11:04 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-12 09:11:04 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-29 00:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-08-29 00:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-28 11:06:21 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-28 11:06:21 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-15 16:52:50 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 21:19:31.21 ===============
  11. When starting up my Acer Notebook, Firefox automatically loads and is redirected to http://sftwred.info/redirect.cgi. changed default homepage to google and closed browser. firefox again defaulted to http://sftwred.info/redirect.cgi. Same redirect occurs in IE. I started jumping around to a few other programs recommended on various sites and here's what they found: ran rkill.exe. * C:\Windows\PLFSetI.exe (PID: 2084) [WD-HEUR] 1 proccess terminated! see attached log. spybot search and destroy found coolwwwsearch and mysoft hijackers. hijackthis tries to start then shuts down. changed execute file name and ran hijackthis. see attached log spy emergency found trojan.win32.malware (c:\windows\syswow64\mshtover.dll) and cool web search (C:\windows\image.dll). removed both and rebooted. same problems persist. Initially MWB wouldn't run. Changed the name of the execute file and ran MWB and nothing found. ran again in safe mode and again nothing. I've been using MWB for a couple of years and this is the first time the problem wasn't solved. microsoft security essentials wouldn't update. downloaded and manually installed latest definitions (02 Oct). ran scan. windows update cannot currently check for updates because the service is not running. you may need to restart your computer. Ran microsoft fixit and update function restored. MSE scan found nothing. As you can see, I've been all over the place trying to find a solution. I uninstalled firefox (without deleting customization) and no change. One item I found a bit strange was the listing of D: drive as a cdrom drive. I don't have an internal CD/DVD drive, but use an external USB drive. When I check D: under device manager-hardware, it shows the same as the C: drive (Hitachi hts545032b9a300 hard drive). I thought D: was my recovery/restore partitioned from C: drive. I'm stuck and not sure what to do next. Your help would be most appreciated. Thanks Ed Attach.txt DDS.txt freefixer-log.txt hijackthis.log Rkill.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.