NewarkWilder
-
Posts
3 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by NewarkWilder
-
-
Thanks very much MrCharlie!
I've uninstalled utorrent, never used it much but i understand why its a threat!
It also seems like every time I reboot the computer more stuff is quarantined-- up to 16 items now. Anyway, here is the RK report:
RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Rain [Admin rights]
Mode : Scan -- Date : 01/05/2013 17:43:32
¤¤¤ Bad processes : 2 ¤¤¤
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Users\Rain\AppData\Local\Nico Mak Computing\xjdoeves.dll -> UNLOADED
[DLL] rundll32.exe -- C:\WINDOWS\System32\rundll32.exe : C:\Users\Rain\AppData\Local\Nico Mak Computing\xjdoeves.dll -> KILLED [TermProc]
¤¤¤ Registry Entries : 104 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Nico Mak Computing (RUNDLL32.EXE "C:\Users\Rain\AppData\Local\Nico Mak Computing\xjdoeves.dll",IZDSP_GetBassBoost) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-19[...]\Run : FSP (rundll32.exe "C:\Users\Rain\AppData\Local\Google\FSP\vyvpmfvn.dll",CreateInstance) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-20[...]\Run : FSP (rundll32.exe "C:\Users\Rain\AppData\Local\Google\FSP\vyvpmfvn.dll",CreateInstance) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1184743540-3147673709-1241068237-1000[...]\Run : Nico Mak Computing (RUNDLL32.EXE "C:\Users\Rain\AppData\Local\Nico Mak Computing\xjdoeves.dll",IZDSP_GetBassBoost) -> FOUND
[TASK][sUSP PATH] At17.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At16.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At15.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At14.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At13.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At12.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At11.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At10.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At1.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At26.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At25.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At24.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At23.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At22.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At21.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At20.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At2.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At19.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At18.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At35.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At34.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At33.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At32.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At31.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At30.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At3.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At29.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At28.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At27.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At44.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At43.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At42.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At41.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At40.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At4.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At39.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At38.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At37.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At36.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At9.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At8.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At7.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At6.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At5.job : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At48.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At47.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At46.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At45.job : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At1 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At10 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At11 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At12 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At13 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At14 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At15 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At16 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At17 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At18 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At19 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At2 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At20 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At21 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At22 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At23 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At24 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At25 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At26 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At27 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At28 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At29 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At3 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At30 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At31 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At32 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At33 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At34 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At35 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At36 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At37 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At38 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At39 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At4 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At40 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At41 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At42 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At43 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At44 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At45 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At46 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At47 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At48 : C:\ProgramData\bI2q4Xo8.exe_ -> FOUND
[TASK][sUSP PATH] At5 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At6 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At7 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At8 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[TASK][sUSP PATH] At9 : C:\ProgramData\bI2q4Xo8.exe -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{70ca22f3-6136-65fc-51ef-5981a715ec43}\@ --> FOUND
[ZeroAccess][FILE] @ : C:\Users\Rain\AppData\Local\{70ca22f3-6136-65fc-51ef-5981a715ec43}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{70ca22f3-6136-65fc-51ef-5981a715ec43}\U --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Rain\AppData\Local\{70ca22f3-6136-65fc-51ef-5981a715ec43}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{70ca22f3-6136-65fc-51ef-5981a715ec43}\L --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Rain\AppData\Local\{70ca22f3-6136-65fc-51ef-5981a715ec43}\L --> FOUND
[susp.ASLR|Sig - ZeroAccess][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] e264a005b0d2eec03d5b4f9af0badb12
[bSP] f4a7516ce92af5df718c4a017f9ecf22 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12378 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25350570 | Size: 102398 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 235063080 | Size: 362160 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Multiple Card Reader USB Device +++++
--- User ---
[MBR] 2e2e67a90b695e047c25c66e4f567233
[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 253 | Size: 1922 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_S_01052013_02d1743.txt >>
RKreport[1]_S_01042013_02d2153.txt ; RKreport[2]_S_01052013_02d1743.txt
-
Ok, so I got hit with this back in October, and was able to successfully run MBAM and deal with it--so I thought, at least. One major problem it left me with is that it deleted all my restore points before I got the virus, so I haven't been able to do a proper system restore. Still, I was able to get past it and get my computer unlocked. A couple of weeks ago the dreaded screen popped up again, a little different this time, and even though I was able to run MBAM again I couldn't get around the screen.
So.... a couple weeks go by, I'm dealing with the holidays and all, thinking I am just gonna wipe my system. I decided to give this one more shot though--booted up in safe mode w/ networking again, updated the MBAM database and was finally able to get past the screen again, which is the state I'm at now. I've still got 13 items quarantined that leave me wondering if its still lingering my system somehow. Here are my DDS & Attatch files. If someone can tell me if I am finally safe or if I need to do something manually to get rid of it for good please let me know. Thanks very much!
DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16671 BrowserJavaVersion: 1.6.0_29
Run by Rain at 22:03:27 on 2013-01-04
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2999.1590 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Configuration Center\bin\DeviceControlService.exe
C:\Program Files\Kensington TrackballWorks\KTbWorksS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\rpcnet.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Configuration Center\bin\McaMaster.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\FSP\FspUip.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Kensington TrackballWorks\KTbWorksL.exe
C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kensington TrackballWorks\KTbWorks.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Nico Mak Computing] RUNDLL32.EXE "c:\users\rain\appdata\local\nico mak computing\xjdoeves.dll",IZDSP_GetBassBoost
mRun: [Configuration Center] c:\program files\configuration center\bin\McaMaster.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [fspuip] c:\program files\fsp\fspuip.exe
mRun: [TrayServer] c:\program files\magix\movie_edit_pro_15\TrayServer.exe
mRun: [KTbWorks] "c:\program files\kensington trackballworks\KTbWorksL.exe"
mRun: [bSDAppUpdater] c:\program files\common files\bsd\appupdater\BSDChecker.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] c:\program files\sminst\Launcher.exe
StartupFolder: c:\users\rain\appdata\roaming\micros~1\windows\startm~1\programs\startup\config~1.lnk - c:\program files\configuration center\bin\CCStartup.exe
StartupFolder: c:\users\rain\appdata\roaming\microsoft\windows\start menu\programs\startup\TO DO.txt
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveAutorun = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A0C67C27-DEF9-4C82-B910-F07407AE38DA} : DHCPNameServer = 12.127.16.67 12.127.17.71
TCP: Interfaces\{CA1ABEBE-1218-497F-9BF1-AE49A07713B9} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rain\appdata\roaming\mozilla\firefox\profiles\c4stxr0m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.easycgi.com/mail/index.bml
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10171.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\rain\appdata\roaming\mozilla\firefox\profiles\c4stxr0m.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
.
============= SERVICES / DRIVERS ===============
.
R2 DcsService;Device Control Service;c:\program files\configuration center\bin\DeviceControlService.exe [2010-2-23 622592]
R2 HMuKstE;Kensington TrackballWorks Expert USB HID Device Filter Driver;c:\windows\system32\drivers\HMuKstE.sys [2010-11-9 51280]
R2 KTbWorksService;Kensington TrackballWorks Service;c:\program files\kensington trackballworks\KTbWorksS.exe [2010-11-9 50256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-4 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-4 682344]
R3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2010-7-19 44032]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-15 132480]
R3 IPMLEBL;Intel IPML ACPI Device;c:\windows\system32\drivers\ipmlebl.sys [2010-7-19 10368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-4 21104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-19 189440]
R3 VKBD;Virtual Keyboard Device;c:\windows\system32\drivers\virkbd.sys [2010-7-19 18432]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-19 29472]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-7-19 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-7-19 8456]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-11-2 1527900]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-8-17 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 L6PODHDBEAN;Service - Line 6 POD HD;c:\windows\system32\drivers\L6PODHDBEAN.sys [2011-11-30 583168]
S3 Saffire;Saffire;c:\windows\system32\drivers\Saffire.sys [2010-8-21 129376]
S3 SaffireAudio;Saffire Audio;c:\windows\system32\drivers\SaffireAudio.sys [2010-8-21 28256]
S3 SaffireMidi;Saffire MIDI;c:\windows\system32\drivers\SaffireMidi.sys [2010-8-21 31584]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-9-30 52824]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 VIRUSUSB;USB ASIO driver for Virus TI USB;c:\windows\system32\drivers\VirusUSB.sys [2010-5-27 389696]
S3 VTIAUDIO;Virus TI Audio;c:\windows\system32\drivers\vtiaudio.sys [2010-5-27 39488]
S3 VTIMIDEV01;Virus TI MIDI Driver;c:\windows\system32\drivers\vtimidi.sys [2010-5-11 56136]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-7-19 13336]
S4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-7-19 2320920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-01-05 02:14:28 -------- d-----w- c:\users\rain\appdata\local\Programs
.
==================== Find3M ====================
.
2013-01-05 02:44:22 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-01-05 02:44:20 58288 ----a-w- c:\windows\system32\rpcnet.dll
2013-01-05 02:43:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-05 02:43:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-05 02:42:46 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-19 17:16:42 13160 ----a-w- c:\windows\system32\Upgrd.exe
2012-10-19 17:16:38 58288 ------w- c:\windows\system32\rpcnet.exe
.
============= FINISH: 22:03:34.48 ===============
Attatch:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/19/2010 8:30:05 AM
System Uptime: 1/4/2013 9:44:03 PM (1 hours ago)
.
Motherboard: To be filled by O.E.M. | | To be filled by O.E.M.
Processor: Intel® Core™ i7 CPU M 620 @ 2.67GHz | CPU 1 | 2661/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 40.198 GiB free.
D: is FIXED (NTFS) - 354 GiB total, 13.825 GiB free.
E: is CDROM (UDF)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Bluetooth 2.1 module
Device ID: USB\VID_13D3&PID_3250\0025D3B5A09C
Manufacturer: Broadcom
Name: Bluetooth 2.1 module
PNP Device ID: USB\VID_13D3&PID_3250\0025D3B5A09C
Service: BTHUSB
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Card Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTIPLE&PROD_CARD__READER&REV_1.00#058F63666433&0#
Manufacturer: Multiple
Name: Q3HD_SD
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTIPLE&PROD_CARD__READER&REV_1.00#058F63666433&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP16: 11/12/2012 8:29:44 PM - Scheduled Checkpoint
RP17: 11/21/2012 4:19:57 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
1.2.1
Ableton Live 8
ACDSee 32
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Amazon MP3 Downloader 1.0.17
Analog Factory 2.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARP2600 V2 2.0
Arturia CS-80V v1.5
Arturia Prophet V VSTi RTAS v1.2.1
Atheros Client Installation Program
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Auslogics Disk Defrag
Bing Bar
Bonjour
Camera Recorder
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Configuration Center
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Driver Whiz
DVD Suite
EASEUS Partition Master 4.1.1 Professional
eLicenser Control
erLT
Finger Sensing Pad Driver
Firebird SQL Server - MAGIX Edition
FLAC To MP3 V4.0.4
Focusrite Plug-in Suite 1.0.3
foobar2000 v1.1.10
iCloud
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® TV Wizard
iPodCopy
iTunes
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Kensington TrackballWorks
KhalInstallWrapper
Line 6 Uninstaller
Live 8.0.9
Live 8.1.5
Live 8.2.1
Live 8.2.5
Live 8.2.7
Logitech SetPoint
MAGIX Movie Edit Pro 15 8.0.5.8 (UK)
MAGIX Photo Manager 8 6.0.1.465 (UK)
MAGIX Screenshare 4.3.6.1987 (UK)
Malwarebytes Anti-Malware version 1.70.0.1100
MediaWidget 6.0
Mesh Runtime
Messenger Companion
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
PC Recovery Center
PhotoNow! 1.0
PIXresizer 2.0.4
Power2Go 5.0
PowerDirector Express
PowerDVD
PowerDVD Copy
PowerProducer
QuickTime
Realtek High Definition Audio Driver
Safari
Saffire MixControl 2.2
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
SoundTap Streaming Audio Recorder
Spelling Dictionaries Support For Adobe Reader 9
Switch Sound File Converter
TouchCopy 11
uTorrentControl2 Toolbar
Virus TI Software Suite
WavePad Sound Editor
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 16.5
.
==== Event Viewer Messages From Past Week ========
.
1/4/2013 9:44:19 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/4/2013 9:44:18 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/4/2013 9:44:17 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/4/2013 9:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/4/2013 9:17:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/4/2013 9:16:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/4/2013 9:16:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/4/2013 9:16:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr vmm Wanarpv6
1/4/2013 9:16:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2013 9:14:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2013 9:14:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/4/2013 9:14:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/4/2013 9:13:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vmm vwififlt Wanarpv6 WfpLwf
1/4/2013 9:13:55 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2013 9:13:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 9:13:55 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 9:13:55 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2013 9:13:55 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2013 9:13:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 9:13:55 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2013 9:13:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2013 9:13:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
Round 2 with Moneypak-- quarantined but really gone?
in Resolved Malware Removal Logs
Posted
Ok-- in light of that news, I think I am just going to do a full restore. I'd been leaning that way anyhow and have all my resources gathered to re-install all the essential programs.
Thanks once again for your help!!