Jump to content

Search the Community

Showing results for tags 'malware'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I have been cleaning this for a week now and it was a lot more sites than just this one. The ip is 146.185.218.87 and its an outgoing request. Obviously something Ran through the regsitry ran TDSSkiller, combo fix, super anti spyware, malware bytes, rkill, etc etc etc!!! the DDS report is : . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Administrator at 11:38:27 on 2012-05-22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2002.1121 [GMT -5:00] . AV: AVG Internet Security Network Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Kaseya\DLLBRT82204215057080\AgentMon.exe C:\Program Files\Kaseya\DLLBRT82204215057080\KasAVSrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Rey\Bin\Ucsinsvc.exe C:\rey\bin\PscVersionService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\SearchIndexer.exe c:\kworking\KRlyCLis.exe C:\WINDOWS\Explorer.EXE C:\Program Files\RealVNC\VNC4\vncclipboard.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Kaseya\DLLBRT82204215057080\KaUsrTsk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ChromeData\AutoBook\AUS.exe -k netsvcs C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.siddillon.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [KASHDLLBRT82204215057080] "c:\program files\kaseya\dllbrt82204215057080\KaUsrTsk.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\chromedata\autobook\AUS.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: mswsock.dll DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309466389420 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 10.12.191.100 TCP: Interfaces\{82C9FC30-898F-4472-A025-80D6BD9CDDF8} : DhcpNameServer = 10.12.191.100 Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\mmkjcr7v.default\ FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoff.dll FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoff.dll FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npwbe.dll FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npwbe.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2012-1-24 52872] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2011-1-3 24064] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2012-1-24 29712] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2012-1-24 308136] R2 KADLLBRT82204215057080;Kaseya Agent;c:\program files\kaseya\dllbrt82204215057080\AgentMon.exe [2012-1-20 856064] R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\dllbrt82204215057080\KasAVSrv.exe [2012-1-24 229376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-15 654408] R2 REY Install NT Service;REY Install NT Service;c:\rey\bin\UcsInSvc.exe [2011-4-15 98304] R2 REY PSCVersionService;REY PSCVersionService;c:\rey\bin\PSCVersionService.exe [2011-7-1 61440] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-1-3 44800] R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [2012-1-20 17920] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-15 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-22 40776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S2 UCS Install NT Service;UCS Install NT Service;c:\ucc\services\ucsinsvc.exe --> c:\ucc\services\UcsInSvc.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-14 257696] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-15 129976] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2012-1-3 1188624] . =============== Created Last 30 ================ . 2012-05-22 16:29:57 -------- d-----w- c:\windows\system32\drivers\etc\archived 2012-05-22 15:37:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-05-22 15:06:00 57344 ------w- c:\windows\system32\ssdevm.dll 2012-05-22 15:06:00 49152 ------w- c:\windows\system32\ssusbpn.dll 2012-05-22 15:05:05 484592 ----a-w- c:\windows\SSndii.exe 2012-05-22 15:05:04 -------- d-----w- c:\windows\Dell 2012-05-22 15:05:03 21776 ----a-w- c:\windows\system32\msxml2a.dll 2012-05-22 15:03:31 26624 ----a-w- c:\windows\system32\sdp1ml3.dll 2012-05-22 15:03:25 19968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\sdp1mpc.dll 2012-05-22 15:03:21 151552 ----a-w- c:\windows\system32\sdp1mci.exe 2012-05-22 15:03:20 65536 ----a-w- c:\windows\system32\sdp1mci.dll 2012-05-22 15:02:48 -------- d-----w- c:\program files\Dell 2012-05-22 15:00:04 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2012-05-22 15:00:04 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2012-05-15 20:36:17 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes 2012-05-15 20:36:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-05-15 20:36:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-15 20:36:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-15 20:33:37 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-15 20:17:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla 2012-05-15 20:17:04 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-15 20:17:02 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-05-15 20:17:01 866992 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2012-05-11 15:27:59 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment 2012-05-11 15:27:07 -------- d-----w- c:\documents and settings\administrator\application data\MicroST 2012-05-10 15:18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-05-10 15:18:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-05-10 14:50:43 -------- d-----w- c:\windows\pss 2012-05-05 20:30:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-05-05 20:14:02 -------- d-----w- c:\program files\common files\WSecEdit 2012-05-04 17:49:56 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache 2012-04-25 12:48:07 -------- d-----w- c:\documents and settings\administrator\local settings\application data\offsync . ==================== Find3M ==================== . 2012-05-22 15:58:28 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-05-05 16:44:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 16:44:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ============= FINISH: 11:46:02.65 =============== ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Any help would be appreciated!!!
  2. Hi every time I reboot my server and log on I get about 5 pop ups to do with internet explorer blocking access to random websites
  3. Hello. After running a deep scan with Malwarebytes, two files and a registry key were reported in the results: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4Sync (PUP.BundleInstaller.4S) C:\Documents and Settings\Administrator\My documents\Apps\Installations\4Sync_102.exe (PUP.BundleInstaller.4S) C:\Programmes\4Sync\uninstall.exe (PUP.BundleInstaller.4S) This three results are related with 4Sync desktop application. I downloaded it to try, it is not my main cloud storage service. I have no experience with malware infections, is this a serious threat or a false positive (since it is related with an genuine application)? What kind of malware is this? Should I delete it from my PC? What are the risks involved if I keep it installed? Thank you very much in advance.
  4. today i noticed windows7 professional os was laboring hard. ping.exe is coming in and out taking huge amount of resources from cpu. ran malware and trend micro business security with no avail. they both removed threats so i will post logs from both DDS log file is attached Your log file after most recent scan: Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.17.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 christian :: MAC-WIN7CD [administrator] Protection: Enabled 5/17/2012 8:24:28 PM mbam-log-2012-05-17 (20-24-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 281184 Time elapsed: 16 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS.txt
  5. Hello, I got infected by the said names above and I have been using MBAM to remove them. However, they have been coming back "everyday". So I figured, there was an exploit that keeps my pc re-infected. I downloaded and ran Kaspersky Rescue Disk 10 and it found some trojan downloader etc.. and I removed it. Now I ran MBAM and updated again and it did not find anything anymore... so I was expecting everything is okay. (by the way I also tried TDSSKiller by Kaspersky and it did not find anything) My issue now is that when I google something and click on the link on the results... It still redirect me to a numeric ip with /c.php?blahblah something. I went ahead and downloaded and ran ComboFix and below is the result. (please delete after) Thanks! =============================================================== ComboFix 12-05-10.04 - michaelrp 05/10/2012 14:31:37.2.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16366.14243 [GMT -7:00] Running from: c:\users\michaelrp\Desktop\ComboFix.exe SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 ))))))))))))))))))))))))))))))) . . 2012-05-10 21:34 . 2012-05-10 21:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-05-10 21:34 . 2012-05-10 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-10 18:13 . 2012-04-13 21:28 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys 2012-05-10 18:10 . 2012-04-23 21:18 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-05-10 18:10 . 2012-05-10 18:12 -------- d-----w- c:\programdata\PC Tools 2012-05-10 18:10 . 2012-05-10 18:10 -------- d-----w- c:\users\michaelrp\AppData\Roaming\TestApp 2012-05-10 17:12 . 2012-05-10 17:12 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-10 16:39 . 2012-05-10 16:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-10 16:39 . 2012-05-10 16:39 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-10 02:48 . 2012-05-10 03:12 -------- d-----w- c:\users\michaelrp\DoctorWeb 2012-05-10 02:29 . 2012-05-10 02:29 -------- d-----w- c:\windows\system32\appmgmt 2012-05-08 21:32 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-08 21:32 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-08 21:32 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-08 21:32 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-08 21:32 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-08 21:32 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-08 21:32 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-08 21:32 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-08 21:32 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-08 21:32 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 21:32 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-08 21:32 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 21:31 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-08 21:29 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E798604E-7681-4A80-8BE7-1DC15512EB01}\mpengine.dll 2012-05-06 00:01 . 2012-05-06 00:01 -------- d-----w- c:\program files (x86)\TopCMM 2012-05-02 06:21 . 2012-05-02 06:21 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-02 06:21 . 2012-05-02 06:21 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-05-02 06:21 . 2012-05-02 06:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-04-12 10:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 10:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 10:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 10:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 10:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-12 10:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-12 10:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-11 18:16 . 2012-05-06 07:16 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-11 00:14 . 2012-04-11 00:31 -------- d-----w- c:\program files (x86)\Canon 2012-04-11 00:14 . 2012-04-11 00:14 -------- d-----w- c:\programdata\Canon IJ Network Tool 2012-04-11 00:14 . 2012-04-11 00:14 -------- d-----w- c:\programdata\CanonIJFAX 2012-04-11 00:14 . 2010-09-13 21:44 106496 ----a-w- c:\windows\SysWow64\CNC880U.dll 2012-04-11 00:14 . 2010-09-07 00:03 315392 ----a-w- c:\windows\SysWow64\CNC880L.dll 2012-04-11 00:14 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll 2012-04-11 00:14 . 2012-04-11 00:14 -------- d-----w- c:\windows\system32\STRING 2012-04-11 00:14 . 2010-09-08 23:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL 2012-04-11 00:14 . 2010-09-08 23:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL 2012-04-11 00:14 . 2010-09-08 23:26 342016 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL 2012-04-11 00:13 . 2012-04-11 00:13 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-04-11 00:13 . 2012-04-11 00:13 -------- d-----w- c:\programdata\CanonBJ 2012-04-11 00:13 . 2010-10-18 12:00 88576 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAN.DLL 2012-04-11 00:13 . 2010-10-18 12:00 29696 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAN.DLL 2012-04-11 00:13 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMLMAN.DLL 2012-04-11 00:13 . 2010-10-19 12:00 302080 ----a-w- c:\windows\system32\CNCALAN.DLL 2012-04-11 00:13 . 2010-09-07 17:58 248320 ----a-w- c:\windows\system32\CNMIUAN.DLL 2012-04-11 00:13 . 2012-04-11 00:13 -------- d-----w- c:\program files\CanonBJ . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-13 20:55 . 2012-05-10 18:13 3488 ----a-w- c:\windows\UDB.zip 2012-04-13 20:55 . 2012-05-10 18:13 131 ----a-w- c:\windows\IDB.zip 2012-04-04 22:56 . 2012-03-05 04:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-07 22:45 . 2012-03-08 23:50 69632 ----a-w- C:\nporbit.dll 2012-02-25 05:40 . 2012-02-25 05:40 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2012-02-25 05:40 . 2012-02-25 05:40 31232 ----a-w- c:\windows\system32\prevhost.exe 2012-02-25 05:40 . 2012-02-25 05:40 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe 2012-02-25 05:40 . 2012-02-25 05:40 778752 ----a-w- c:\windows\system32\mssvp.dll 2012-02-25 05:40 . 2012-02-25 05:40 75264 ----a-w- c:\windows\system32\msscntrs.dll 2012-02-25 05:40 . 2012-02-25 05:40 666624 ----a-w- c:\windows\SysWow64\mssvp.dll 2012-02-25 05:40 . 2012-02-25 05:40 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll 2012-02-25 05:40 . 2012-02-25 05:40 591872 ----a-w- c:\windows\system32\SearchIndexer.exe 2012-02-25 05:40 . 2012-02-25 05:40 491520 ----a-w- c:\windows\system32\mssph.dll 2012-02-25 05:40 . 2012-02-25 05:40 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2012-02-25 05:40 . 2012-02-25 05:40 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe 2012-02-25 05:40 . 2012-02-25 05:40 337408 ----a-w- c:\windows\SysWow64\mssph.dll 2012-02-25 05:40 . 2012-02-25 05:40 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2012-02-25 05:40 . 2012-02-25 05:40 288256 ----a-w- c:\windows\system32\mssphtb.dll 2012-02-25 05:40 . 2012-02-25 05:40 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2012-02-25 05:40 . 2012-02-25 05:40 2315776 ----a-w- c:\windows\system32\tquery.dll 2012-02-25 05:40 . 2012-02-25 05:40 2223616 ----a-w- c:\windows\system32\mssrch.dll 2012-02-25 05:40 . 2012-02-25 05:40 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll 2012-02-25 05:40 . 2012-02-25 05:40 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe 2012-02-25 05:40 . 2012-02-25 05:40 1549312 ----a-w- c:\windows\SysWow64\tquery.dll 2012-02-25 05:40 . 2012-02-25 05:40 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll 2012-02-25 05:40 . 2012-02-25 05:40 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe 2012-02-25 05:40 . 2012-02-25 05:40 976896 ----a-w- c:\windows\system32\inetcomm.dll 2012-02-25 05:40 . 2012-02-25 05:40 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2012-02-25 05:40 . 2012-02-25 05:40 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2012-02-25 05:40 . 2012-02-25 05:40 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll 2012-02-25 05:40 . 2012-02-25 05:40 723456 ----a-w- c:\windows\system32\EncDec.dll 2012-02-25 05:40 . 2012-02-25 05:40 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2012-02-25 05:40 . 2012-02-25 05:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2012-02-25 05:40 . 2012-02-25 05:40 613888 ----a-w- c:\windows\system32\psisdecd.dll 2012-02-25 05:40 . 2012-02-25 05:40 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-02-25 05:40 . 2012-02-25 05:40 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2012-02-25 05:40 . 2012-02-25 05:40 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2012-02-25 05:40 . 2012-02-25 05:40 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-02-25 05:40 . 2012-02-25 05:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2012-02-25 05:40 . 2012-02-25 05:40 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2012-02-25 05:40 . 2012-02-25 05:40 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-02-25 05:40 . 2012-02-25 05:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-02-25 05:40 . 2012-02-25 05:40 294912 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-02-25 05:40 . 2012-02-25 05:40 2871808 ----a-w- c:\windows\explorer.exe 2012-02-25 05:40 . 2012-02-25 05:40 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2012-02-25 05:40 . 2012-02-25 05:40 2616320 ----a-w- c:\windows\SysWow64\explorer.exe 2012-02-25 05:40 . 2012-02-25 05:40 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2012-02-25 05:40 . 2012-02-25 05:40 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-25 05:40 . 2012-02-25 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-02-25 05:40 . 2012-02-25 05:40 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2012-02-25 05:40 . 2012-02-25 05:40 1395712 ----a-w- c:\windows\system32\mfc42.dll 2012-02-25 05:40 . 2012-02-25 05:40 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2012-02-25 05:40 . 2012-02-25 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll 2012-02-25 05:40 . 2012-02-25 05:40 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-02-25 05:40 . 2012-02-25 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll 2012-02-25 05:40 . 2012-02-25 05:40 108032 ----a-w- c:\windows\system32\psisrndr.ax 2012-02-25 05:40 . 2012-02-25 05:40 100864 ----a-w- c:\windows\system32\fontsub.dll 2012-02-25 05:40 . 2012-02-25 05:40 961024 ----a-w- c:\windows\system32\CPFilters.dll 2012-02-25 05:40 . 2012-02-25 05:40 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-02-25 05:40 . 2012-02-25 05:40 861696 ----a-w- c:\windows\system32\oleaut32.dll 2012-02-25 05:40 . 2012-02-25 05:40 850944 ----a-w- c:\windows\SysWow64\sbe.dll 2012-02-25 05:40 . 2012-02-25 05:40 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2012-02-25 05:40 . 2012-02-25 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-02-25 05:40 . 2012-02-25 05:40 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-02-25 05:40 . 2012-02-25 05:40 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2012-02-25 05:40 . 2012-02-25 05:40 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2012-02-25 05:40 . 2012-02-25 05:40 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-02-25 05:40 . 2012-02-25 05:40 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-02-25 05:40 . 2012-02-25 05:40 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-02-25 05:40 . 2012-02-25 05:40 421888 ----a-w- c:\windows\system32\KernelBase.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-02-25 05:40 . 2012-02-25 05:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-10_18.46.37 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-05-10 21:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-10 18:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-10 21:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-10 18:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-10 21:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-10 18:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-05-10 21:07 41036 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-10 21:07 41066 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-03-02 01:44 . 2012-05-10 21:12 98488 c:\windows\system32\perfc014.dat - 2012-03-02 01:44 . 2012-05-10 18:45 98488 c:\windows\system32\perfc014.dat + 2012-03-02 01:17 . 2012-05-10 21:12 88106 c:\windows\system32\perfc00D.dat - 2012-03-02 01:17 . 2012-05-10 18:45 88106 c:\windows\system32\perfc00D.dat + 2012-03-02 01:13 . 2012-05-10 21:12 97996 c:\windows\system32\perfc001.dat - 2012-03-02 01:13 . 2012-05-10 18:45 97996 c:\windows\system32\perfc001.dat - 2012-02-29 04:40 . 2012-05-10 16:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-02-29 04:40 . 2012-05-10 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-02-29 04:40 . 2012-05-10 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-02-29 04:40 . 2012-05-10 16:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-10 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-10 16:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-02 00:06 . 2012-05-10 21:07 3752 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2901076305-1060788400-636371674-1001_UserData.bin - 2012-05-10 18:26 . 2012-05-10 18:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-10 21:06 . 2012-05-10 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-10 18:26 . 2012-05-10 18:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-10 21:06 . 2012-05-10 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-03-02 01:39 . 2012-05-10 18:45 674092 c:\windows\system32\perfh01D.dat + 2012-03-02 01:39 . 2012-05-10 21:12 674092 c:\windows\system32\perfh01D.dat - 2012-03-02 01:46 . 2012-05-10 18:45 734876 c:\windows\system32\perfh019.dat + 2012-03-02 01:46 . 2012-05-10 21:12 734876 c:\windows\system32\perfh019.dat - 2012-03-02 01:44 . 2012-05-10 18:45 504926 c:\windows\system32\perfh014.dat + 2012-03-02 01:44 . 2012-05-10 21:12 504926 c:\windows\system32\perfh014.dat + 2012-03-02 01:28 . 2012-05-10 21:12 753522 c:\windows\system32\perfh013.dat - 2012-03-02 01:28 . 2012-05-10 18:45 753522 c:\windows\system32\perfh013.dat + 2012-03-02 01:36 . 2012-05-10 21:12 439728 c:\windows\system32\perfh012.dat - 2012-03-02 01:36 . 2012-05-10 18:45 439728 c:\windows\system32\perfh012.dat + 2012-03-02 01:14 . 2012-05-10 21:12 750344 c:\windows\system32\perfh010.dat - 2012-03-02 01:14 . 2012-05-10 18:45 750344 c:\windows\system32\perfh010.dat - 2012-03-02 01:23 . 2012-05-10 18:45 693830 c:\windows\system32\perfh00E.dat + 2012-03-02 01:23 . 2012-05-10 21:12 693830 c:\windows\system32\perfh00E.dat + 2012-03-02 01:17 . 2012-05-10 21:12 403136 c:\windows\system32\perfh00D.dat - 2012-03-02 01:17 . 2012-05-10 18:45 403136 c:\windows\system32\perfh00D.dat - 2012-03-02 01:13 . 2012-05-10 18:45 755808 c:\windows\system32\perfh00C.dat + 2012-03-02 01:13 . 2012-05-10 21:12 755808 c:\windows\system32\perfh00C.dat - 2012-03-02 01:25 . 2012-05-10 18:45 491790 c:\windows\system32\perfh00B.dat + 2012-03-02 01:25 . 2012-05-10 21:12 491790 c:\windows\system32\perfh00B.dat - 2012-03-02 01:20 . 2012-05-10 18:45 755652 c:\windows\system32\perfh00A.dat + 2012-03-02 01:20 . 2012-05-10 21:12 755652 c:\windows\system32\perfh00A.dat - 2009-07-14 02:36 . 2012-05-10 18:45 672700 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-05-10 21:12 672700 c:\windows\system32\perfh009.dat + 2012-03-02 01:41 . 2012-05-10 21:12 617028 c:\windows\system32\perfh008.dat - 2012-03-02 01:41 . 2012-05-10 18:45 617028 c:\windows\system32\perfh008.dat + 2012-03-02 01:10 . 2012-05-10 21:12 707092 c:\windows\system32\perfh007.dat - 2012-03-02 01:10 . 2012-05-10 18:45 707092 c:\windows\system32\perfh007.dat + 2012-03-02 01:34 . 2012-05-10 21:12 678848 c:\windows\system32\perfh005.dat - 2012-03-02 01:34 . 2012-05-10 18:45 678848 c:\windows\system32\perfh005.dat + 2012-03-02 01:13 . 2012-05-10 21:12 489570 c:\windows\system32\perfh001.dat - 2012-03-02 01:13 . 2012-05-10 18:45 489570 c:\windows\system32\perfh001.dat + 2012-03-02 01:39 . 2012-05-10 21:12 145680 c:\windows\system32\perfc01D.dat - 2012-03-02 01:39 . 2012-05-10 18:45 145680 c:\windows\system32\perfc01D.dat + 2012-03-02 01:46 . 2012-05-10 21:12 153686 c:\windows\system32\perfc019.dat - 2012-03-02 01:46 . 2012-05-10 18:45 153686 c:\windows\system32\perfc019.dat + 2012-03-02 01:28 . 2012-05-10 21:12 156122 c:\windows\system32\perfc013.dat - 2012-03-02 01:28 . 2012-05-10 18:45 156122 c:\windows\system32\perfc013.dat + 2012-03-02 01:36 . 2012-05-10 21:12 123688 c:\windows\system32\perfc012.dat - 2012-03-02 01:36 . 2012-05-10 18:45 123688 c:\windows\system32\perfc012.dat - 2012-03-02 01:14 . 2012-05-10 18:45 149994 c:\windows\system32\perfc010.dat + 2012-03-02 01:14 . 2012-05-10 21:12 149994 c:\windows\system32\perfc010.dat - 2012-03-02 01:23 . 2012-05-10 18:45 174190 c:\windows\system32\perfc00E.dat + 2012-03-02 01:23 . 2012-05-10 21:12 174190 c:\windows\system32\perfc00E.dat + 2012-03-02 01:13 . 2012-05-10 21:12 152498 c:\windows\system32\perfc00C.dat - 2012-03-02 01:13 . 2012-05-10 18:45 152498 c:\windows\system32\perfc00C.dat + 2012-03-02 01:25 . 2012-05-10 21:12 104338 c:\windows\system32\perfc00B.dat - 2012-03-02 01:25 . 2012-05-10 18:45 104338 c:\windows\system32\perfc00B.dat + 2012-03-02 01:20 . 2012-05-10 21:12 161530 c:\windows\system32\perfc00A.dat - 2012-03-02 01:20 . 2012-05-10 18:45 161530 c:\windows\system32\perfc00A.dat - 2009-07-14 02:36 . 2012-05-10 18:45 125400 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-05-10 21:12 125400 c:\windows\system32\perfc009.dat - 2012-03-02 01:41 . 2012-05-10 18:45 114198 c:\windows\system32\perfc008.dat + 2012-03-02 01:41 . 2012-05-10 21:12 114198 c:\windows\system32\perfc008.dat - 2012-03-02 01:10 . 2012-05-10 18:45 151988 c:\windows\system32\perfc007.dat + 2012-03-02 01:10 . 2012-05-10 21:12 151988 c:\windows\system32\perfc007.dat - 2012-03-02 01:34 . 2012-05-10 18:45 144302 c:\windows\system32\perfc005.dat + 2012-03-02 01:34 . 2012-05-10 21:12 144302 c:\windows\system32\perfc005.dat + 2012-05-10 19:34 . 2012-05-10 19:34 352176 c:\windows\system32\FNTCACHE.DAT - 2012-05-10 18:26 . 2012-05-10 18:26 352176 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 05:01 . 2012-05-10 18:25 298528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-05-10 21:05 298528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-03-01 20:08 . 2012-05-10 21:05 37816072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2901076305-1060788400-636371674-1001-8192.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\users\michaelrp\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-04-23 402336] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-03-21 89600] S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-03-22 15296] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-04-13 575416] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2372096] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-09-22 1692480] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272] S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2011-11-01 994064] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 16:39] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2901076305-1060788400-636371674-1001Core.job - c:\users\michaelrp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 02:50] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2901076305-1060788400-636371674-1001UA.job - c:\users\michaelrp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 02:50] . 2012-03-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\AlienAutopsy\uaclauncher.exe [2012-02-07 23:24] . 2012-03-02 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\AlienAutopsy\uaclauncher.exe [2012-02-07 23:24] . . --------- x86-64 ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.orbitdownloader.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\michaelrp\AppData\Roaming\Mozilla\Firefox\Profiles\5om7u5hj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.pinoypinay.tv/videos FF - prefs.js: network.proxy.type - 0 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2901076305-1060788400-636371674-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BFCF35CD-3309-B6C8-8B8B-B688139B5834}*] "jbdbldihdmojaplakaihnknfbimmhlaikjgofmjfamgknenllcll"=hex:68,61,68,64,66,6e, 66,68,63,67,6b,6c,6c,6c,63,65,00,00 "dbdbldihdmojaplakaihlkicbmlakhahmgghicpm"=hex:62,61,6f,70,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-05-10 14:36:38 ComboFix-quarantined-files.txt 2012-05-10 21:36 ComboFix2.txt 2012-05-10 18:48 . Pre-Run: 125,811,314,688 bytes free Post-Run: 125,556,989,952 bytes free . - - End Of File - - 8517F4BE3642ECBCE4A5C31EE9BA59BA
  6. Hello. I thought i finally had this licked after I ran Malware removal software and it found issues, which i thought i deleted. Still getting the same issues and all the steps to fix require using command line, or run, or typing information in a field. Thing is whenever i do, computer freezes, at least keyboard does. I can still clock moving and screen blinks but can't type. Even in safe mode. What in the HECK do i do to now if I can't type! One of the instructions is to use MSCONFIG but whenever I start to type it in it run it comes to a halt. Help anybody? I am trying to get an IBM r50 thinkpad back with windoxs xp (1985-2001) back up and running. I deduced that it has worm which caused initial problems, now trying to repair whatever worm screwed up.
  7. Merged post We look for post with 0 replies, so when you reply to your own topic, we assume you were being helped. Hi, I'm afraid of being infected. My laptop's webcam was turned on suddenly. After that, I opened Yahoo Messenger and turn on and off my webcam manually. I think it is OK. But now I lose settings that started my VPN software with administrator rights. Without that, I'm not protected against secret surveillance. And I can't access to Intel Graphics Properties via right click on Intel Graphics tray icon. So I decide to put my HijackThis log here. I hope you guys can help me identify any threat in my laptop. Thanks. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:05:53 AM, on 4/27/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\IDriveWindows\idwbg_501.exe C:\Program Files (x86)\IDriveWindows\idwmonitor.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe" O4 - HKLM\..\Run: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [GoTiengViet] "D:\Setup\Office\GoTiengViet1\GoTiengViet64.exe" /RunAtLogin O4 - HKCU\..\Run: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe" O4 - HKCU\..\Run: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29}: NameServer = 198.153.192.50,198.153.194.50 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing) O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: IDriveService - Unknown owner - C:\Program Files (x86)\IDriveWindows\idwservice_501.exe O23 - Service: IDWAdmin - Unknown owner - C:\Program Files (x86)\IDriveWindows\idwadminsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: tuEagles Service (tuEaglesService) - Unknown owner - C:\Program Files (x86)\tuEagles\eglsrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WinMagic SecureDoc Service - WinMagic Inc. - C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14401 bytes Here is the DDS log. I am very appreciated that anyone here can help me . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1 Run by Martin at 0:25:06 on 2012-04-27 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3996.914 [GMT 7:00] . AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\tuEagles\eglsrv.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\system32\AEADISRV.EXE C:\Program Files\LSI SoftModem\agr64svc.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\CISVC.EXE C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe C:\Program Files (x86)\IDriveWindows\idwservice_501.exe C:\Program Files (x86)\IDriveWindows\idwadminsrv.exe C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\tuEagles\eaglesvr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\tuEagles\EaglePrx.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\BatteryCare\BatteryCare.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\WinMagic\SecureDoc-NT\SDPin.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\Setup\Office\GoTiengViet1\GoTiengViet64.exe C:\Program Files (x86)\IDriveWindows\idwbg_501.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\IDriveWindows\idw_web.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\IDriveWindows\idwmonitor.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\StikyNot.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\explorer.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Comodo\Dragon\dragon.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = about:blank uInternet Settings,ProxyOverride = local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit=userinit.exe BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet uRun: [GoTiengViet] "D:\Setup\Office\GoTiengViet1\GoTiengViet64.exe" /RunAtLogin uRun: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe" uRun: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart mRun: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe" mRun: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min dRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab TCP: DhcpNameServer = 208.67.222.123 208.67.220.123 TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29} : NameServer = 198.153.192.50,198.153.194.50 TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29} : DhcpNameServer = 208.67.222.123 208.67.220.123 TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29}\05564727F6C696D656870264C6F6F6270213 : NameServer = 198.153.192.50,198.153.194.50 TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29}\05564727F6C696D656870264C6F6F6270213 : DhcpNameServer = 10.59.254.1 10.0.0.203 10.0.0.201 TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29}\13038302855716E60244965657 : NameServer = 198.153.192.50,198.153.194.50 TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29}\13038302855716E60244965657 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{A8481C7C-56FC-4F49-B0D0-495788FD45EC} : DhcpNameServer = 204.152.204.10 204.152.204.100 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: N/A: {a5be62ca-de0f-4764-a0cb-4044816db174} - C:\PROGRA~2\tuEagles\EagleObj.dll BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO-X64: IEVkbdBHO - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll BHO-X64: Babylon IE plugin - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll BHO-X64: link filter bho - No File mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun-x64: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart mRun-x64: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe" mRun-x64: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min mRunOnce-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRunOnce-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" mRunOnce-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRunOnce-x64: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe mRunOnce-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRunOnce-x64: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart mRunOnce-x64: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe" mRunOnce-x64: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm SEH-X64: : {A5BE62CA-DE0F-4764-A0CB-4044816DB174} - C:\PROGRA~2\tuEagles\EagleObj.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\2im1zf05.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\system32\npdeployJava1.dll FF - plugin: C:\Windows\system32\npmproxy.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll . ============= SERVICES / DRIVERS =============== . R0 PinFile;PinFile;C:\Windows\system32\DRIVERS\PinFile.sys --> C:\Windows\system32\DRIVERS\PinFile.sys [?] R0 SDDisk2K;SDDisk2K;C:\Windows\system32\DRIVERS\SDDisk2K.sys --> C:\Windows\system32\DRIVERS\SDDisk2K.sys [?] R0 SDDToki;SDDToki;C:\Windows\system32\DRIVERS\SDDToki.sys --> C:\Windows\system32\DRIVERS\SDDToki.sys [?] R0 SDDVD;SDDVD;C:\Windows\system32\DRIVERS\SDDVD.sys --> C:\Windows\system32\DRIVERS\SDDVD.sys [?] R0 SDUPC;SDUPC;C:\Windows\system32\DRIVERS\SDUPC.sys --> C:\Windows\system32\DRIVERS\SDUPC.sys [?] R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296] R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-4-13 409232] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-30 13592] R2 IDriveService;IDriveService;C:\Program Files (x86)\IDriveWindows\idwservice_501.exe [2012-4-10 181728] R2 IDWAdmin;IDWAdmin;C:\Program Files (x86)\IDriveWindows\idwadminsrv.exe [2012-4-10 124384] R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-3-25 204304] R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2012-3-29 227896] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2012-4-5 14544] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 egldrv;egldrv;C:\Program Files (x86)\tuEagles\egldrv.sys [2012-4-23 67480] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253088] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\system32\DRIVERS\cmnsusbser.sys --> C:\Windows\system32\DRIVERS\cmnsusbser.sys [?] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] . =============== Created Last 30 ================ . 2012-04-26 17:00:29 388096 ----a-r- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-04-26 17:00:29 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-04-26 06:12:43 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63951FE7-97A2-48F4-B710-8D85909728AD}\offreg.dll 2012-04-25 16:43:21 -------- d-----w- C:\Windows\System32\appmgmt 2012-04-25 02:25:39 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63951FE7-97A2-48F4-B710-8D85909728AD}\mpengine.dll 2012-04-23 05:52:03 122760 ----a-w- C:\Windows\NFCHS.exe 2012-04-23 05:51:55 -------- d-sh--r- C:\Program Files (x86)\tuEagles 2012-04-21 16:56:39 -------- d-----w- C:\Users\Martin\AppData\Roaming\TeamViewer 2012-04-18 03:20:56 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-04-16 16:45:24 -------- d-----w- C:\IBWINTEMP 2012-04-16 14:41:21 -------- d-----w- C:\IBCOMMON 2012-04-16 12:43:22 -------- d-----w- C:\Program Files\COMODO 2012-04-15 01:50:41 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-11 01:03:32 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-11 01:03:29 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-11 01:03:28 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-11 00:59:27 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-11 00:59:27 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-11 00:59:27 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-11 00:59:24 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-11 00:59:24 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-11 00:59:24 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-11 00:59:24 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-10 05:55:39 -------- d-----w- C:\IDrive 2012-04-10 05:15:30 -------- d-----w- C:\Program Files (x86)\cygdrive 2012-04-10 05:14:50 -------- d-----w- C:\Windows\SysWow64\IBCOMMON 2012-04-10 05:14:10 -------- d-----w- C:\Users\Martin\AppData\Local\IDrive 2012-04-10 05:13:02 644400 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX 2012-04-10 05:13:02 533776 ----a-w- C:\Windows\SysWow64\msxml.dll 2012-04-10 05:13:02 24064 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2012-04-10 05:13:02 140288 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX 2012-04-10 05:13:02 108336 ----a-w- C:\Windows\SysWow64\MSWINSCK.OCX 2012-04-10 05:13:01 94208 ----a-w- C:\Windows\SysWow64\IBColIml.ocx 2012-04-10 05:13:01 40960 ----a-w- C:\Windows\SysWow64\IBSSubTmr.dll 2012-04-10 05:13:01 103184 ----a-w- C:\Windows\SysWow64\asctrls.ocx 2012-04-10 05:13:01 -------- d-----w- C:\Program Files (x86)\IDriveWindows 2012-04-09 17:24:47 -------- d-----w- C:\Users\Martin\AppData\Roaming\ElephantDrive 2012-04-09 16:56:18 -------- d-----w- C:\Users\Martin\AppData\Roaming\Wuala 2012-04-09 16:55:45 -------- d-----w- C:\Users\Martin\AppData\Local\Wuala 2012-04-07 12:54:38 -------- d-----w- C:\Users\Martin\AppData\Roaming\Synaptics 2012-04-07 08:37:41 -------- d-----w- C:\VideoOutput 2012-04-07 07:34:47 -------- d-----w- C:\ProgramData\PDFC 2012-04-07 06:52:11 -------- d-----w- C:\Users\Martin\AppData\Local\PDFC 2012-04-07 05:03:59 -------- d-----w- C:\ProgramData\Synaptics 2012-04-07 05:03:29 274728 ----a-w- C:\Windows\System32\SynCtrl.dll 2012-04-07 05:03:29 225576 ----a-w- C:\Windows\System32\SynTPAPI.dll 2012-04-07 05:03:29 218408 ----a-w- C:\Windows\SysWow64\SynCtrl.dll 2012-04-07 05:03:29 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll 2012-04-07 05:03:29 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll 2012-04-07 05:03:28 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll 2012-04-07 05:03:28 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll 2012-04-07 05:03:27 1424944 ----a-w- C:\Windows\System32\drivers\SynTP.sys 2012-04-06 12:14:47 -------- d-----w- C:\Program Files\WinMagic 2012-04-05 01:46:30 -------- d-----w- C:\Users\Martin\AppData\Roaming\BatteryCare 2012-04-05 01:45:56 -------- d-----w- C:\Program Files (x86)\BatteryCare 2012-04-04 02:07:23 -------- d-----w- C:\Users\Martin\AppData\Roaming\uTorrent 2012-04-03 08:00:47 -------- d-----w- C:\Users\Martin\AppData\Roaming\.purple 2012-04-02 17:58:01 -------- d-----w- C:\Program Files (x86)\pidgin-otr 2012-04-02 17:53:33 -------- d-----w- C:\Program Files (x86)\Pidgin 2012-03-31 14:21:53 -------- d-----w- C:\Program Files (x86)\Garena Classic 2012-03-31 03:26:10 -------- d-----w- C:\Users\Martin\AppData\Local\Comodo 2012-03-31 03:26:00 -------- d-----w- C:\Program Files (x86)\Comodo 2012-03-31 03:25:34 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2012-03-31 03:25:34 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2012-03-30 18:01:19 -------- d-----w- C:\ProgramData\TrueCrypt 2012-03-30 17:20:25 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys 2012-03-30 16:51:51 -------- d-----w- C:\Windows\pss 2012-03-30 13:21:16 -------- d-----w- C:\Users\Martin\AppData\Local\Apps 2012-03-30 12:46:09 -------- d-----w- C:\Program Files (x86)\Oracle 2012-03-30 12:45:27 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-03-30 11:27:41 -------- d-----w- C:\Program Files (x86)\NextUp-ScanSoft 2012-03-30 11:24:37 -------- d-----w- C:\Program Files (x86)\NeoSpeech 2012-03-30 11:11:40 -------- d-----w- C:\Users\Martin\AppData\Local\Babylon 2012-03-30 11:11:30 142336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\BabyFox.dll 2012-03-30 11:11:23 -------- d-----w- C:\Program Files (x86)\Babylon 2012-03-30 11:11:08 -------- d-----w- C:\Users\Martin\AppData\Roaming\Babylon 2012-03-30 11:11:08 -------- d-----w- C:\ProgramData\Babylon 2012-03-30 11:08:36 -------- d-----w- C:\Users\Martin\AppData\Local\{BC3D31C5-181C-4856-A140-6E2A58C46ADF} 2012-03-30 11:07:50 -------- d-----w- C:\Program Files (x86)\Mobipocket.com 2012-03-30 10:01:08 -------- d-----w- C:\Users\Martin\AppData\Roaming\JonDo 2012-03-30 09:52:44 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-30 09:49:37 -------- d-----w- C:\Program Files (x86)\JonDo 2012-03-30 09:14:54 -------- d-----w- C:\Program Files (x86)\OpenVPN 2012-03-30 09:10:04 -------- d-----w- C:\Program Files (x86)\OpenVPN Technologies 2012-03-30 04:16:16 117888 ----a-w- C:\Windows\System32\drivers\cmnsusbser.sys 2012-03-30 04:15:16 -------- d-----w- C:\Program Files (x86)\HSPA MODEM 2012-03-30 04:13:42 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-03-30 04:13:41 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-03-30 04:13:40 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-03-30 04:13:40 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-03-30 04:13:40 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-03-30 04:13:38 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-03-30 04:13:37 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-03-30 04:13:15 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-03-30 04:13:05 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-03-30 03:30:22 41136 ----a-w- C:\Windows\System32\drivers\sncduvc.sys 2012-03-30 03:30:22 312368 ----a-w- C:\Windows\System32\csnp2uvc.dll 2012-03-30 03:30:22 27184 ----a-w- C:\Windows\snuvcdsm.exe 2012-03-30 03:30:22 186928 ----a-w- C:\Windows\SysWow64\rsnp2uvc.dll 2012-03-30 03:30:22 1848496 ----a-w- C:\Windows\System32\drivers\snp2uvc.sys 2012-03-30 03:30:22 183856 ----a-w- C:\Windows\System32\rsnp2uvc.dll 2012-03-30 03:30:21 -------- d-----w- C:\Program Files (x86)\Common Files\SNP2UVC 2012-03-30 03:27:42 -------- d-----w- C:\Users\Martin\AppData\Local\Broadcom 2012-03-30 03:26:46 -------- d-----w- C:\Program Files (x86)\HP Webcam Application 2012-03-30 03:26:37 61440 ------w- C:\Windows\SysWow64\agrsmdel.exe 2012-03-30 03:26:37 14848 ------w- C:\Windows\SysWow64\agrsco64.dll 2012-03-30 03:26:37 13824 ------w- C:\Windows\SysWow64\agrscoin.dll 2012-03-30 03:26:28 -------- d-----w- C:\Program Files\LSI SoftModem 2012-03-30 03:25:16 -------- d-----w- C:\Windows\Options 2012-03-30 03:25:04 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys 2012-03-30 03:25:04 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys 2012-03-30 03:25:04 21160 ----a-w- C:\Windows\System32\drivers\btwrchid.sys 2012-03-30 03:25:04 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys 2012-03-30 03:22:59 -------- d-----w- C:\Program Files (x86)\Marvell 2012-03-30 03:22:24 -------- d-----w- C:\Program Files\WIDCOMM 2012-03-30 03:20:44 -------- d-----w- C:\system.sav 2012-03-30 03:19:34 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation 2012-03-30 03:19:07 -------- d-----w- C:\Users\Martin\AppData\Roaming\Intel Corporation 2012-03-30 03:01:14 559384 ----a-w- C:\Windows\System32\drivers\iaStor.sys 2012-03-30 02:59:01 -------- d-----w- C:\Program Files (x86)\SCM Microsystems 2012-03-30 02:58:24 -------- d-----w- C:\Windows\Downloaded Installations 2012-03-30 02:42:27 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2012-03-30 00:12:04 -------- d-----w- C:\Windows\Panther 2012-03-30 00:11:49 -------- d-sh--w- C:\Boot 2012-03-29 14:24:43 -------- d-----w- C:\Users\Martin\AppData\Local\Apple Computer 2012-03-29 14:22:41 -------- dc----w- C:\Users\Martin\AppData\Local\MigWiz 2012-03-29 14:15:54 32768 ----a-w- C:\Windows\SysWow64\adidrm.dll 2012-03-29 14:15:53 60928 ----a-w- C:\Windows\SysWow64\SFFXComm.dll 2012-03-29 14:15:15 -------- d-----w- C:\ProgramData\SonicFocus 2012-03-29 14:07:54 -------- d-----w- C:\SwSetup 2012-03-29 14:07:25 -------- d-----w- C:\ProgramData\NortonInstaller 2012-03-29 14:04:45 -------- d-----w- C:\ProgramData\Norton 2012-03-29 13:56:53 -------- d-----w- C:\Windows\en 2012-03-29 13:51:11 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2012-03-29 13:51:11 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2012-03-29 13:51:09 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2012-03-29 13:51:09 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2012-03-29 13:51:06 -------- d-----w- C:\Windows\AutoKMS 2012-03-29 13:50:13 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll 2012-03-29 13:50:13 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll 2012-03-29 13:49:38 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c782e9c71cd0db207\DSETUP.dll 2012-03-29 13:49:38 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c782e9c71cd0db207\DXSETUP.exe 2012-03-29 13:49:38 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c782e9c71cd0db207\dsetup32.dll 2012-03-29 13:49:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c308c28f1cd0db206\DXSETUP.exe 2012-03-29 13:49:31 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c308c28f1cd0db206\DSETUP.dll 2012-03-29 13:49:31 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c308c28f1cd0db206\dsetup32.dll 2012-03-29 13:47:01 -------- d-----w- C:\Users\Martin\AppData\Local\Windows Live 2012-03-29 13:46:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-03-29 13:46:46 -------- d-----w- C:\Users\Martin\AppData\Local\Google 2012-03-29 13:24:19 -------- d-----w- C:\Program Files (x86)\Yahoo! 2012-03-29 12:45:24 -------- d-----r- C:\Program Files (x86)\Skype 2012-03-29 12:43:32 -------- d-----w- C:\Users\Martin\AppData\Roaming\hpqLog 2012-03-29 12:42:59 -------- d-----w- C:\Program Files\CCleaner 2012-03-29 12:40:56 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll 2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2012-03-29 12:37:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-03-29 12:37:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-03-29 12:37:12 180224 ----a-w- C:\Windows\SysWow64\QTCF.dll 2012-03-29 12:37:10 -------- d-----w- C:\Program Files (x86)\QT Lite 2012-03-29 12:35:59 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-29 12:35:59 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-03-29 12:34:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-03-29 12:34:59 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-03-29 12:34:51 -------- d-----w- C:\Program Files (x86)\Real Alternative 2012-03-29 12:26:00 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2012-03-29 12:26:00 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2012-03-29 12:26:00 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2012-03-29 12:26:00 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2012-03-29 12:26:00 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2012-03-29 12:26:00 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2012-03-29 12:26:00 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2012-03-29 12:13:14 29712 ----a-w- C:\Windows\System32\nitrolocalmon2.dll 2012-03-29 12:13:14 17936 ----a-w- C:\Windows\System32\nitrolocalui2.dll 2012-03-29 12:12:56 -------- d-----w- C:\Program Files\Common Files\Nitro PDF 2012-03-29 12:12:55 -------- d-----w- C:\Program Files (x86)\Nitro PDF 2012-03-29 12:12:55 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro PDF 2012-03-29 12:12:09 -------- d-----w- C:\Users\Martin\AppData\Roaming\SUPERAntiSpyware.com 2012-03-29 12:11:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-03-29 12:11:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-03-29 12:11:26 -------- d-----w- C:\Users\Martin\AppData\Roaming\Downloaded Installations 2012-03-29 11:48:20 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL 2012-03-29 11:48:20 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2012-03-29 11:40:29 -------- d-----w- C:\Users\Martin\AppData\Roaming\abelhadigital.com 2012-03-29 11:40:29 -------- d-----w- C:\ProgramData\abelhadigital.com 2012-03-29 11:37:47 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-03-29 11:37:32 -------- d-----w- C:\Windows\PCHEALTH 2012-03-29 11:37:32 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-03-29 11:34:24 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2012-03-29 11:33:47 -------- d-----w- C:\Users\Martin\AppData\Local\Microsoft Help 2012-03-29 11:19:12 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-03-29 11:19:12 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2012-03-29 11:08:01 -------- d-----w- C:\Users\Martin\AppData\Local\Mozilla 2012-03-29 10:43:58 -------- d-----w- C:\Windows\SysWow64\Wat 2012-03-29 10:43:58 -------- d-----w- C:\Windows\System32\Wat 2012-03-29 10:36:57 -------- d-----w- C:\Program Files (x86)\Analog Devices 2012-03-29 10:34:34 -------- d-----w- C:\Intel 2012-03-29 10:29:33 -------- d-----w- C:\ProgramData\TrueSuite 2012-03-29 10:29:31 -------- d-----w- C:\Windows\System32\wocaffe 2012-03-29 10:29:31 -------- d-----w- C:\Program Files\TrueSuite 2012-03-29 10:29:28 -------- d-----w- C:\ProgramData\Downloaded Installations 2012-03-29 10:22:42 -------- d-----w- C:\Program Files\Synaptics 2012-03-29 10:13:38 -------- d-sh--w- C:\Windows\Installer 2012-03-29 10:13:09 1919968 ----a-w- C:\Windows\System32\drivers\wdfcoinstaller01005.dll 2012-03-29 10:13:09 18432 ----a-w- C:\Windows\System32\drivers\HpqKbFiltr.sys 2012-03-29 10:13:09 11264 ----a-w- C:\Windows\System32\drivers\CPQBttn64.sys 2012-03-29 10:13:08 1885488 ----a-w- C:\Windows\SysWow64\BttnCmns.dll 2012-03-29 10:13:08 1885488 ----a-r- C:\Windows\SysWow64\BttnCmn.dll 2012-03-29 10:13:02 -------- d-----w- C:\Windows\QLB 2012-03-29 10:04:34 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-03-29 10:04:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-03-29 10:04:34 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2012-03-29 09:57:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-03-29 09:56:58 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2012-03-29 09:56:58 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2012-03-29 09:56:58 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2012-03-29 09:56:58 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2012-03-29 09:56:56 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-03-29 09:56:19 642944 ----a-w- C:\Windows\System32\winload.efi 2012-03-29 09:56:19 605552 ----a-w- C:\Windows\System32\winload.exe 2012-03-29 09:56:19 566208 ----a-w- C:\Windows\System32\winresume.efi 2012-03-29 09:56:19 518672 ----a-w- C:\Windows\System32\winresume.exe 2012-03-29 09:56:19 20352 ----a-w- C:\Windows\System32\kdusb.dll 2012-03-29 09:56:19 19328 ----a-w- C:\Windows\System32\kd1394.dll 2012-03-29 09:56:19 17792 ----a-w- C:\Windows\System32\kdcom.dll 2012-03-29 09:54:38 77312 ----a-w- C:\Windows\System32\packager.dll 2012-03-29 09:54:38 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-03-29 09:51:11 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-03-29 09:45:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-29 09:45:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-29 09:45:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-29 09:45:34 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-29 09:45:34 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-29 09:45:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-29 09:45:33 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys . ==================== Find3M ==================== . 2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2012-03-08 11:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-23 03:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-02-14 05:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 0:31:14.85 ===============
  8. Hello folks, Yesterday (Tue. 4/24/12) I was infected with the Smart Fortress 2012 virus. This is one of the standard fake anti-virus programs. It stopped me from running most programs, blocked my internet and even basic network access. Little did I know, but it also stopped my System Restore from working properly. I did some searching and found instructions on how to remove the virus by registering with its fixed registration code, which let me run programs again, then ran Malwarebytes which was supposed to remove Smart Fortress 2012. Well, it seemed to work, BUT, I still have no network connections, and of course can't access the internet. I cannot "Repair" my network connections, as when I try I get the message "Windows could not finish repairing the problem because the following action cannot be completed: Failed to query TCP/IP settings of the connection. Cannot Proceed." This happens with my Local Area Connection and Wireless connections. After a day of searching around, I've tried a few things and have exhausted my options, so I come to you for help. What I've tried: netsh int ip reset reset.log netsh int ipv6 reset reset.log netsh winsock reset catalog ipconfig /flushdns Also, when I run "ipconfig /all", I only get this message: "An internal error occurred: The request is not supported." So then after more research, I tried running a system restore going back to a restore point of a day before the infection (Mon. 4/23/12) and even last week. No success. It lets me choose a date to restore to/from, then goes through its process, reboots, etc. then tells me that no changes were made. It does NOT re-install the Smart Fortress 2012 virus, however, thankfully. It just seems like the virus has somehow disabled system restore from working properly. As it stands, I seem to have two issues. I think Smart Fortress 2012 is removed, but some of the changes it made seem to be left-over. Issue #1: No network connectivity Issue #2: System restore not working properly (but not disabled) I've followed the instructions to download and run dss.com. I am including the DSS.txt and Attach.txt logs below, generated by running dss.com. I will truly appreciate any assistance you can offer. THANK YOU! Here's DDS.TXT: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by greerste at 23:19:11 on 2012-04-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.1951 [GMT -5:00] . AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FW: McAfee Host Intrusion Prevention Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe C:\Program Files\ActivIdentity\ActivClient\acautoup.exe C:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\oracle\ora92\bin\omtsreco.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radalert.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\RA2HP\HPRAService.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ActivIdentity\ActivClient\acsagent.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://pwb.tenncare.nash.tenn/tennessee/ uWindow Title = Internet Explorer, optimized for Bing and MSN BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\office14\GROOVEEX.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll" TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [COEMsgDisplay] c:\program files\hewlett-packard\pc coe\COEMsgDisplay.exe mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe" mRun: [<NO NAME>] mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [iDA] c:\program files\hewlett-packard\pc coe\IDA.EXE mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [GetIT] "c:\program files\hewlett-packard\getit\GetIT.exe" mRun: [safeBootTrayManager] "c:\program files\safeboot tray manager\SbTrayManager.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [PasswordRegistration] c:\windows\system32\MsPwdRegistration.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [HPRAService] c:\program files\ra2hp\HPRAService.exe mRun: [eepc_SmartClient] c:\program files\smartclient\Smart.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [GetITIcon] c:\program files\hewlett-packard\getiticon\GetITShell.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [XPOff2003Excempt] c:\program files\hewlett-packard\ast\XPOff2003Excempt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico uPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1) mPolicies-system: HideFastUserSwitching = 1 (0x1) mPolicies-system: DisableNT4Policy = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\hewlett-packard\ietoolbar\HP IE Fix.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: compaq.com Trusted Zone: compaq.com.ar Trusted Zone: compaq.com.br Trusted Zone: compaq.com.co Trusted Zone: compaq.com.mx Trusted Zone: compaq.com.sg Trusted Zone: compaq.com.ve Trusted Zone: cpqcorp.net Trusted Zone: dcu.org Trusted Zone: eds.com Trusted Zone: hp.com Trusted Zone: hpqcorp.net DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.172.117.45/qcbin/capicom.dll DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} - hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab DPF: {87A7D186-27E6-11D3-A4CB-00C04F72C232} - hxxp://pve.corp.hp.com/APP/VIEWER/appl/sagraphicview.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://digitalbadge.external.hp.com/hp/capicom.cab DPF: {AB01FF2E-A848-410C-B47B-CB467C476AD9} - hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/1033/pjcintl.cab DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/pjclient.cab DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.172.117.45/qcbin/Spider10.cab TCP: DhcpNameServer = 10.170.0.2 10.170.1.2 TCP: Interfaces\{6717FA1B-0E1C-4890-AF23-69A72DE7112C} : DhcpNameServer = 10.170.0.2 10.170.1.2 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Notify: ackpbsc - c:\windows\system32\ackpbsc.dll Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\office14\GROOVEEX.DLL LSA: Notification Packages = SbNp scecli mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {922E8525-AC7E-4294-ACAA-43712D4423C0} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {9AC2D554-AC12-4F1F-AAB9-E6363ADE5381} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {AC194855-F7AC-4D04-B4C9-07BA46FCB697} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {E5BA0430-919F-46DD-B656-0796F8A5ADFF} - msiexec /fu {E5BA0430-919F-46DD-B656-0796F8A5ADFF} /qn . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\greerste\application data\mozilla\firefox\profiles\5os093az.default\ FF - prefs.js: browser.search.defaulturl - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\progra~1\office14\NPAUTHZ.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-14 344304] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2009-3-25 103760] R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [2008-8-13 44976] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-3-25 6496] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-5-1 24064] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112] R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2009-3-25 33328] R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [2009-3-25 34480] R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [2009-3-25 15248] R2 acautoup;ActivClient Auto-Update Service;c:\program files\actividentity\activclient\acautoup.exe [2009-9-14 46120] R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2009-9-14 198184] R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-6-15 1498224] R2 FIMPasswordReset;Forefront Identity Manager Password Reset Client Service;c:\program files\microsoft forefront identity manager\2010\password reset client service\PwdMgmtProxy.exe [2012-1-28 75608] R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2011-4-25 35696] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-12-16 222528] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-5-19 120128] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-9-14 69192] R2 radsched;HPCA Scheduler Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radsched.exe [2010-4-21 190184] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640] R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\mcafee\endpoint encryption for pc\SbClientManager.exe [2009-3-25 380988] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960] R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2007-4-6 13619] R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2009-9-14 9493] R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-4-6 13647] R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2009-9-14 10161] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.382.0\SeaPort.EXE [2012-4-16 240208] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-5-24 193840] R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2009-9-14 44680] R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2009-9-14 107960] R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2009-9-14 38680] R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2009-9-14 35552] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 41216] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-25 32072] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-25 40776] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-14 91832] R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.382.0\BBSvc.EXE [2012-4-16 193616] S2 radexecd;HPCA Notify Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radexecd.exe [2010-4-21 300776] S2 Radstgms;HPCA MSI Redirector;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\Radstgms.exe [2010-4-21 333544] S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2007-12-11 27008] S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2009-9-14 44680] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-14 43288] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-9-14 66600] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2009-9-10 29072] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-9-14 14336] S3 WISOVD;WISOVD;\??\c:\program files\winiso computing\winiso\bin\driver\wisovd_xp.sys --> c:\program files\winiso computing\winiso\bin\driver\WISOVD_xp.sys [?] . =============== Created Last 30 ================ . 2012-04-26 04:04:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-26 04:04:49 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-26 03:11:24 -------- d-----w- c:\program files\VS Revo Group 2012-04-26 02:00:34 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-04-26 00:26:14 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll 2012-04-25 19:01:44 -------- d-----w- C:\REGISTRY BACKUP 2012-04-24 21:12:34 -------- d-----w- c:\documents and settings\greerste\application data\Malwarebytes 2012-04-24 21:11:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-24 21:11:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-24 21:11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-24 20:56:39 389120 ----a-w- c:\windows\system32\explorer.exe 2012-04-24 18:47:58 -------- d-----w- c:\documents and settings\greerste\local settings\application data\{F7C06562-8E3D-11E1-826D-B8AC6F996F26} 2012-04-24 18:47:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-04-24 18:46:54 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3B002F77DD0003FDA7D151FC4E 2012-04-23 14:42:33 8071760 ----a-w- c:\documents and settings\all users\application data\microsoft\bingbar\bbsvc\7.1.382.0oemBingBarSetup-Partner.EXE 2012-04-20 14:33:44 -------- d-----w- c:\documents and settings\greerste\application data\HpUpdate 2012-04-20 14:33:35 -------- d-----w- c:\windows\Hewlett-Packard 2012-04-13 08:24:22 -------- d-----w- c:\program files\FastStone Image Viewer 2012-04-13 07:17:11 -------- d-----w- c:\documents and settings\greerste\local settings\application data\photoOptimizeHistoryDataBase 2012-04-13 07:17:10 -------- d-----w- c:\documents and settings\greerste\local settings\application data\Ashampoo Photo Optimizer 3 2012-04-13 07:14:06 -------- d-----w- c:\documents and settings\all users\Documents 2012-04-13 07:13:55 -------- d-----w- c:\program files\Ashampoo 2012-04-13 07:08:01 -------- d-----w- c:\documents and settings\greerste\application data\XnView 2012-04-13 07:04:44 -------- d-----w- c:\program files\XnView 2012-04-13 07:03:19 -------- d-----w- c:\program files\IrfanView 2012-04-01 05:20:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-04-01 05:20:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-04-01 05:19:46 -------- d-----w- c:\program files\iPod 2012-04-01 05:19:42 -------- d-----w- c:\program files\iTunes 2012-04-01 05:19:42 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-04-01 05:18:37 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2012-04-13 03:47:32 143008 ----a-w- c:\windows\system32\KevlarSigs.dll 2012-03-11 18:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-03-09 17:09:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec 2012-02-14 17:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-29 02:01:10 29528 ----a-w- c:\windows\system32\MsPwdGina.dll 2012-01-29 02:01:10 26984 ----a-w- c:\windows\system32\MsPwdRegistration.exe 2012-01-29 02:01:09 1242464 ----a-w- c:\windows\system32\GateFramework.dll . ============= FINISH: 23:22:04.42 =============== Here's Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/24/2010 9:37:18 PM System Uptime: 4/25/2012 7:23:01 PM (4 hours ago) . Motherboard: Hewlett-Packard | | 30DD Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | Intel® Genuine processor | 2793/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 30.908 GiB free. D: is Removable H: is FIXED (NTFS) - 932 GiB total, 792.708 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\5&2239DA31&0 Manufacturer: (Standard port types) Name: Communications Port (COM1) PNP Device ID: ACPI\PNP0501\5&2239DA31&0 Service: Serial . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMHP_DVDRAM_GT30L_________________________MP04____\4&6FF1A8C&0&0.1.0 Manufacturer: (Standard CD-ROM drives) Name: hp DVDRAM GT30L PNP Device ID: IDE\CDROMHP_DVDRAM_GT30L_________________________MP04____\4&6FF1A8C&0&0.1.0 Service: cdrom . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP450: 3/7/2012 12:27:20 PM - System Checkpoint RP451: 3/8/2012 2:31:14 PM - System Checkpoint RP452: 3/8/2012 4:14:50 PM - Installed Windows Internet Explorer 8. RP453: 3/8/2012 4:16:11 PM - Software Distribution Service 3.0 RP454: 3/9/2012 4:56:04 PM - System Checkpoint RP455: 3/10/2012 7:52:49 PM - System Checkpoint RP456: 3/11/2012 11:12:32 PM - Software Distribution Service 3.0 RP457: 3/12/2012 11:41:49 PM - System Checkpoint RP458: 3/13/2012 9:07:26 AM - Installed Rapport RP459: 3/14/2012 11:05:57 AM - System Checkpoint RP460: 3/14/2012 5:44:52 PM - Software Distribution Service 3.0 RP461: 3/16/2012 1:21:50 PM - System Checkpoint RP462: 3/19/2012 11:52:50 AM - System Checkpoint RP463: 3/19/2012 4:52:13 PM - Installed Windows XP KB2621440. RP464: 3/20/2012 5:12:38 PM - System Checkpoint RP465: 3/21/2012 7:34:30 PM - System Checkpoint RP466: 3/22/2012 10:55:10 AM - Installed SAP BusinessObjects Enterprise XI 3.1 Client Tools SP3 RP467: 3/23/2012 12:17:19 PM - System Checkpoint RP468: 3/26/2012 1:01:26 PM - System Checkpoint RP469: 3/27/2012 1:17:13 PM - System Checkpoint RP470: 3/28/2012 2:45:31 PM - System Checkpoint RP471: 3/29/2012 8:07:26 PM - System Checkpoint RP472: 3/31/2012 2:28:52 PM - System Checkpoint RP473: 4/1/2012 12:19:31 AM - Installed iTunes RP474: 4/5/2012 2:10:20 AM - System Checkpoint RP475: 4/11/2012 8:30:39 PM - System Checkpoint RP476: 4/12/2012 8:36:08 PM - System Checkpoint RP477: 4/15/2012 10:05:46 PM - System Checkpoint RP478: 4/17/2012 1:09:40 PM - System Checkpoint RP479: 4/17/2012 10:12:25 PM - Software Distribution Service 3.0 RP480: 4/18/2012 11:12:25 PM - System Checkpoint RP481: 4/20/2012 3:31:40 PM - System Checkpoint RP482: 4/23/2012 11:17:11 AM - System Checkpoint RP483: 4/24/2012 3:47:06 PM - Installed Rapport RP484: 4/25/2012 10:32:03 AM - Post 'Smart-Fortress 2012' malware removal RP485: 4/25/2012 2:31:40 PM - Restore Operation RP486: 4/25/2012 3:51:38 PM - Restore Operation RP487: 4/25/2012 5:22:29 PM - Restore Operation RP488: 4/25/2012 5:36:38 PM - Restore Operation . ==== Installed Programs ====================== . . 32 Bit HP CIO Components Installer 7-Zip 9.15 beta AC3Filter 1.63b Acrobat Professional Acrobat.com ActivClient ActivIdentity Device Installer Adobe Acrobat 9.2.0 - CPSID_50026 Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Agere Systems HDA Modem ALTools Update Anti-Twin (Installation 10/5/2010) Apple Application Support Apple Mobile Device Support Apple Software Update Ashampoo Photo Optimizer 3 v.3.13 Audacity 1.3.13 (Unicode) AudioShell 1.3.5 Auslogics Disk Defrag Avaya CMS Supervisor R15 Belarc Advisor 8.2 Bing Bar Bonjour BufferChm C4400 C4400_Help Cards_Calendar_OrderGift_DoMorePlugout CCleaner Cisco Systems VPN Client 4.8.01.0300 Copy CustomerResearchQFolder Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destination Component DeviceDiscovery DeviceManagementQFolder DocProc DocProcQFolder DVD Shrink 3.2 ECL Viewer eSupportQFolder Everything 1.2.1.371 Exact Audio Copy 1.0beta3 Fast Duplicate File Finder 3.0.0.1 FastStone Image Viewer 4.6 FastStone Photo Resizer 3.1 ffdshow v1.1.3562 [2010-09-07] FFmpeg v0.6.2 for Audacity File Shredder 2.0 FileNet IDM Viewer 3.3 FLAC 1.2.1b (remove only) foobar2000 v1.1.10 Forefront Identity Manager Add-ins and Extensions FreeCommander 2009.02a Get IT Icon GetDiz GPBaseService GroupWise GroupWise Desktop Migrator GUIPDFTK Hawking Technologies HWUG1 Wireless-G USB Adapter Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB944043-v3) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB953955) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB955567) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB961853-v2) Hotfix for Windows XP (KB969262) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB971421) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP 3D DriveGuard HP Client Automation Application Manager Agent HP Client Management Interface 1.00 D8 HP Customer Participation Program 10.0 HP Fonts HP Imaging Device Functions 10.0 HP Integrated Module with Bluetooth wireless technology HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.40 D3 HP Smart Web Printing HP Solution Center 10.0 HP Update HP Virtual Rooms 8.0 HP Wireless Assistant HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply ID3-TagIT 3 ImgBurn Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Internet Explorer Self Help Tool InterVideo DVD Check InterVideo Register Manager InterVideo WinDVD IrfanView (remove only) ISO Workshop 2.0 iTunes Japanese Fonts Support For Adobe Reader 9 JDownloader 0.9 Kat CD Ripper Korean Fonts Support For Adobe Reader 9 LADSPA_plugins-win-0.4.15 Lexmark Printer Software Uninstall LightScribe System Software 1.12.37.1 Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch McAfee Agent McAfee AntiSpyware Enterprise Module McAfee Host Intrusion Prevention McAfee SiteAdvisor Enterprise Plus McAfee VirusScan Enterprise MediaMonkey 4.0 Medieval CUE Splitter Messaging API and Collaboration Data Objects 1.2.1 Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote 2003 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Edition 2003 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2010 Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2003 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft redistributable runtime DLLs VS2008 SP1(x86) Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Software Update for Web Folders (English) 14 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC90 CRT + OMP Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Runtime Microsoft WSE 3.0 Runtime Monkey's Audio Mozilla Firefox 11.0 (x86 en-US) Mp3tag v2.49 MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser MSXML4.0 redistributable MWSnap 3 NirSoft SysExporter Notepad++ OCR Software by I.R.I.S. 10.0 Office Communicator 2007 R2 PanoStandAlone Password Safe PC COE PC COE Required Settings PC Hard Drive Maintenance PDFCreator PIXresizer 2.0.4 PS_AIO_03_C4400_ProductContext PS_AIO_03_C4400_Software PS_AIO_03_C4400_Software_Min PSSWCORE PuTTY version 0.60 QuickTime Rapport RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Remote Access to HP Network 6.2 Revo Uninstaller 1.93 Revo Uninstaller Pro 2.5.8 Roxio Activation Module Roxio Creator Audio Roxio Creator Business Roxio Creator Business v10 Roxio Creator Copy Roxio Creator Data Roxio Creator Tools Roxio Express Labeler 3 SAP Business Explorer SAP BusinessObjects Enterprise XI 3.1 Client Tools SP3 SAP GUI for Windows 7.20 SAP JNet SAP Netweaver Business Client SapInstSelectorv2 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shop for HP Supplies SmartWebPrintingOC Snagit 10 SolutionCenter StartNow Toolbar Status Sun JRE 1.6.0 Synaptics Pointing Device Driver Toolbox Trader's Little Helper 2.6.0 TrayApp UnloadSupport Unlocker 1.9.0 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2641690) Update for Windows XP (KB898461) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) vcredist_x86 VideoToolkit01 VirtualDJ Home FREE VLC media player 1.1.11 WebFldrs XP WebReg Winamp Winamp Detector Plug-in Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Enterprise Deployment Windows Search 4.0 WMP Tag Plus 1.2 Xcelsius 2008 Xiph.Org Open Codecs 0.84.17359 XnView 1.98.8 XnView Shell Extension 3.2.0 XP Netlogon Service Restarter xplorer² lite 32 bit . ==== Event Viewer Messages From Past Week ======== . 4/25/2012 5:06:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/25/2012 5:06:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Cdrom Fips Imapi intelppm IPSec mfehidk RapportKELL redbook RsvLock SbPrcCtl Tcpip 4/25/2012 5:00:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Cdrom Fips FireTDI Imapi intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT RapportKELL RasAcd Rdbss redbook RsvLock SbPrcCtl Tcpip 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:51:45 PM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The specified driver is invalid. 4/24/2012 4:51:45 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service or group failed to start. 4/24/2012 4:51:45 PM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The specified driver is invalid. 4/24/2012 4:51:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi IPSec redbook Tcpip 4/24/2012 4:50:37 PM, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ef42a. 4/24/2012 4:48:42 PM, error: Service Control Manager [7024] - The HPCA MSI Redirector service terminated with service-specific error 0 (0x0). 4/24/2012 4:48:42 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. 4/24/2012 4:48:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intel® Matrix Storage Event Monitor service to connect. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7000] - The Intel® Matrix Storage Event Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 4:48:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:44:30 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created. 4/24/2012 4:07:34 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 4:07:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. 4/24/2012 3:46:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook 4/24/2012 1:52:59 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:51:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect. 4/24/2012 1:51:30 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 1:51:00 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Enterprise Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:56 PM, error: Service Control Manager [7000] - The Forefront Identity Manager Password Reset Client Service service failed to start due to the following error: Access is denied. 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The HPCA Scheduler Daemon service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The HPCA MSI Redirector service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The BingBar Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The SafeBoot Client Manager service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The OracleMTSRecoveryService service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Indexing Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The HPCA Notify Daemon service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The ActivClient Middleware Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The ActivClient Auto-Update Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7031] - The Forefront Identity Manager Password Reset Client Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. 4/24/2012 1:50:30 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/24/2012 1:48:26 PM, error: Service Control Manager [7023] - The SISNICXP service terminated with the following error: The specified module could not be found. 4/23/2012 9:14:49 AM, error: Dhcp [1002] - The IP address lease 10.1.10.33 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.170.0.2 (The DHCP Server sent a DHCPNACK message). 4/21/2012 11:25:19 AM, error: Dhcp [1002] - The IP address lease 10.171.124.72 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.1.10.1 (The DHCP Server sent a DHCPNACK message). 4/21/2012 10:52:02 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. 4/20/2012 10:23:09 AM, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\g4w0040.americas.hpqcorp.net for the domain AMERICAS is not responsive. The current RPC call from Netlogon on \\SGREER1 to \\g4w0040.americas.hpqcorp.net has been cancelled. 4/19/2012 9:35:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'BootCode.ini' on the volume 'Disk0'. It has stopped monitoring the volume. 4/19/2012 9:29:25 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/19/2012 9:11:54 AM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.170.0.2 (The DHCP Server sent a DHCPNACK message). 4/18/2012 10:10:31 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 4/18/2012 10:10:31 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AMERICAS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 4/18/2012 10:09:12 AM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . ==== End Of File ===========================
  9. DDS.txt This is my first time posting and hope that I can be helped. My son's laptop has been infected by SMART HDD. All of the files are hidden. I do not know if he deleted any temp files before asking me for help. I tried, RKill, TDS rootkiller, and tried to use MBAMvirus removal. I ran RKill about 10 times while leaving the "warnings" open as I kept running it. I followed all the directions. Also, should I have my son stop using the laptop to go online until SMART HDD is still on it? He plays WOW and I am assuming this is why he keeps getting adware...Is that safe to say? Thank you for your assistance! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by FIXED at 12:27:43 on 2012-04-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.1571 [GMT -7:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Windows\System32\GFNEXSrv.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\sysWOW64\svchost.exe -k netsvc C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\ProgramData\RgWtsvfNRFiS.exe C:\windows\system32\igfxext.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\ProgramData\ct4yZIq59QHAej.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\DllHost.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.toshiba.com/g/ uDefault_Page_URL = hxxp://start.toshiba.com/g/ uInternet Settings,ProxyOverride = <local>;*.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [fdafebbfcbbecdct] "C:\ProgramData\fdafebbfcbbecdct.exe" mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe mRun: [RgWtsvfNRFiS.exe] C:\ProgramData\RgWtsvfNRFiS.exe dRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe dRun: [fdafebbfcbbecdct] "C:\ProgramData\fdafebbfcbbecdct.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: mswsock.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\0556163656026202C4F66756 : DhcpNameServer = 192.168.7.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\2375942554032313 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\2375942554734393 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\8686F6E6F62737 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{AEA65422-7736-4FA7-A989-0935EC6BCD79} : DhcpNameServer = 192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe mRun-x64: [RgWtsvfNRFiS.exe] C:\ProgramData\RgWtsvfNRFiS.exe Hosts: 94.63.147.16 www.google.com Hosts: 94.63.147.17 www.bing.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?] R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-12-17 1156216] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111216.001\IDSviA64.sys [2011-12-17 488568] R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-6-24 135608] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-6-24 126392] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688] R2 SPService;SPService;C:\windows\sysWOW64\svchost.exe -k netsvc --> C:\windows\sysWOW64\svchost.exe -k netsvc [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-24 2656280] R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-18 138360] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-6-24 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253088] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-19 02:32:56 -------- d--h--w- C:\TDSSKiller_Quarantine 2012-04-19 01:55:35 744590 ---ha-w- C:\windows\System32\PerfStringBackup.TMP 2012-04-17 01:18:12 220672 ---ha-w- C:\ProgramData\ct4yZIq59QHAej.exe 2012-04-17 01:06:00 -------- d--h--w- C:\Users\FIXED\AppData\Roaming\Tific 2012-04-17 01:05:48 -------- d--h--w- C:\Users\FIXED\AppData\Local\Symantec 2012-04-16 20:14:46 0 --sha-w- C:\windows\System32\dds_trash_log.cmd 2012-04-16 14:14:28 -------- d-----we C:\windows\system64 2012-04-16 14:10:00 300032 ---ha-w- C:\ProgramData\RgWtsvfNRFiS.exe 2012-04-16 14:07:59 86016 ---ha-w- C:\ProgramData\fdafebbfcbbecdct.exe 2012-04-16 07:27:38 20480 ---ha-w- C:\windows\svchost.exe 2012-04-14 13:59:46 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-04-14 13:59:45 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-04-14 13:59:45 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-04-12 13:13:18 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-04-12 13:13:17 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-04-12 13:13:17 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-04-12 13:13:17 5120 ----a-w- C:\windows\System32\wmi.dll 2012-04-12 13:13:17 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-04-12 13:13:17 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-04-12 13:13:17 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-04-08 15:47:19 -------- d--h--w- C:\Program Files (x86)\AT&T WorldNet Setup 2012-04-08 15:42:26 -------- d--h--w- C:\Sierra 2012-04-08 15:41:15 225280 ---h--w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-04-08 15:41:14 77824 ---ha-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-04-08 15:41:14 32768 ---h--w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-04-08 15:41:14 176128 ---h--w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-04-08 15:41:13 21840 ---hatw- C:\windows\SysWow64\SIntfNT.dll 2012-04-08 15:41:13 17212 ---hatw- C:\windows\SysWow64\SIntf32.dll 2012-04-08 15:41:13 12067 ---hatw- C:\windows\SysWow64\SIntf16.dll 2012-04-05 07:54:38 -------- d--h--w- C:\Program Files\iTunes 2012-04-05 07:54:38 -------- d--h--w- C:\Program Files\iPod 2012-04-05 07:54:38 -------- d--h--w- C:\Program Files (x86)\iTunes 2012-04-05 07:52:43 -------- d--h--w- C:\Program Files\Bonjour 2012-04-05 07:52:43 -------- d--h--w- C:\Program Files (x86)\Bonjour 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-04-05 03:36:15 -------- d--h--w- C:\Users\FIXED\AppData\Roaming\WildTangent 2012-04-05 03:33:21 -------- d--h--w- C:\Program Files (x86)\WildGames 2012-04-05 02:54:57 86528 ---ha-w- C:\windows\bnetunin.exe 2012-04-05 02:54:57 61440 ---ha-w- C:\windows\diabunin.exe 2012-04-05 02:54:52 -------- d--h--w- C:\Diablo 2012-04-03 22:19:33 912504 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symefa64.sys 2012-04-03 22:19:33 744568 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\srtsp64.sys 2012-04-03 22:19:33 450680 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symds64.sys 2012-04-03 22:19:33 40568 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\srtspx64.sys 2012-04-03 22:19:33 386168 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symnets.sys 2012-04-03 22:19:33 171128 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\ironx64.sys 2012-04-03 22:19:24 -------- d-----w- C:\windows\System32\drivers\NISx64\1207010.003 2012-03-29 14:05:05 8741536 ---ha-w- C:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-29 13:56:14 418464 ---ha-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-03-28 00:40:39 -------- d--h--w- C:\Users\FIXED\AppData\Local\Apple Computer 2012-03-28 00:40:29 34152 ---ha-w- C:\windows\System32\drivers\GEARAspiWDM.sys 2012-03-28 00:40:29 126312 ---ha-w- C:\windows\System32\GEARAspi64.dll 2012-03-28 00:40:29 107368 ---ha-w- C:\windows\SysWow64\GEARAspi.dll 2012-03-28 00:40:03 -------- d--h--w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-03-28 00:38:46 -------- d--h--w- C:\Users\FIXED\AppData\Local\Apple . ==================== Find3M ==================== . 2012-04-14 04:00:52 70304 ---ha-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 22:56:40 24904 ---ha-w- C:\windows\System32\drivers\mbam.sys 2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-02-15 18:01:50 52736 ---ha-w- C:\windows\System32\drivers\usbaapl64.sys 2012-02-15 18:01:50 4547944 ---ha-w- C:\windows\System32\usbaaplrc.dll 2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-02-07 02:30:21 525544 ---ha-w- C:\windows\System32\deployJava1.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe . ============= FINISH: 12:28:18.20 ===============
  10. Hi there, I recently had an infection which was sucessfully removed using a combination of AVG 2012 and Malwarebytes. However, in the past week some of my Google search results have been redirecting to websites of no relation to the link I originally clicked on. The webpages redirected to so far have just been advertising for various products. All of the recent scans I have carried out via AVG 2012 and Malwarebytes for any remnants have come back negative everytime. I have also monitored my resources using Task Manager and nothing seems to be out of the ordinary. I would be really greatful if somebody could take a quick look at my DDS and Attach logs for me and see if they can find anything I may have missed previously. Many thanks Richard DDS.txt Attach.txt
  11. My pc has been crashing the last few days and I'm now unable to visit certaion websites and getting either a timeout error or a: 404 Not Found nginx On websites like Google Calendar, Analytics, etc. I'm assuming this must be an attack since things were working fine up until now. Since I'm not tech savvy I did what I thought might work on my own (maybe not the best idea) and ran AVG free version along with Malware Bytes Free version, I used ccleaner, and also system restore to a point a few weeks back when things were fine. The problem still persists and I'm not sure what to do about it. I could really use some help and hope someone here is willing and able to do so...thanks in advance! I've attached the log dds created to this post Dustin . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29 Run by dustinrm at 20:03:51 on 2012-03-30 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2935.341 [GMT -4:00] . AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\dlbxcoms.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\conhost.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\dustinrm\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\TechSmith\Jing\Jing.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Memeo\AutoBackup\InstantBackup.exe c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe C:\Windows\system32\DllHost.exe c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe C:\Windows\system32\conhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\dustinrm\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\notepad.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://southfloridamls.com/ uSearch Bar = Preserve BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Google Update] "c:\users\dustinrm\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [sEnukeX] c:\users\dustinrm\appdata\local\senukex\senuke.exe uRun: [Jing] c:\program files\techsmith\jing\Jing.exe uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometer\FF_Protection.exe mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2 mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16 mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: daveramsey.com\mrc Trusted Zone: dustinrm.com\www Trusted Zone: sendoutcards.com\www DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://sef.mlxchange.com/5.1.01.9506/Control/FileCruiser.cab DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://sef.mlxchange.com/5.1.01.9506/Control/Specfile.cab DPF: {4A0106B5-AC06-4385-8005-2BD46BA7AA1D} - hxxp://vu.realbiz360.com/js/ImageUploader5.cab DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://sef.mlxchange.com/5.1.01.9506/Control/MLSClientUtils.cab DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://sef.mlxchange.com/5.1.01.9506/Control/LiteGrid.cab DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} - hxxp://sef.mlxchange.com/5.1.01.9506/Control/IRCWebPrint.cab DPF: {81CAFF02-900E-43A1-A10D-2CC8092403C5} - hxxp://vu.realbiz360.com/js/WebLaunch.cab DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://sef.mlxchange.com/5.1.01.9506/Control/IRCSharc.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://sef.mlxchange.com/5.1.01.9506/Control/WebDog.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://sef.mlxchange.com/5.1.01.9506/Control/AspCustomCtrls.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2BF51798-457E-47F4-A3CD-9A484A43EE1D} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2BF51798-457E-47F4-A3CD-9A484A43EE1D}\4444D4162776164756 : DhcpNameServer = 205.152.37.23 205.152.144.23 TCP: Interfaces\{2BF51798-457E-47F4-A3CD-9A484A43EE1D}\D69745F65736860243740284F6473707F647 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{D588D47D-1479-42A8-BD92-60DF1BA0132D} : DhcpNameServer = 192.168.1.254 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\dustinrm\appdata\roaming\mozilla\firefox\profiles\v7n32xau.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4ddc0a5d&i=23&tp=ab&nt=1&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\dustinrm\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\users\dustinrm\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\dustinrm\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2010-10-1 16176] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-10-1 81920] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometer\InstallFilterService.exe [2010-10-1 60928] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088] R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056] R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-11 230928] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-11 36368] R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-10-1 2320920] R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-10-1 41648] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-10-1 143968] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-10-1 132480] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-1 232960] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-1 277536] R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008] R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253600] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-10-1 29472] S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-10-1 134144] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-18 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-10-1 171520] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-4 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-03-30 23:17:57 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-12 13:47:08 -------- d-----w- c:\program files\Market Samurai 2012-03-06 22:24:23 162664 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10140.bin . ==================== Find3M ==================== . 2012-03-30 23:17:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-08 21:23:36 60304 ----a-w- c:\users\dustinrm\g2mdlhlpx.exe 2012-01-14 03:48:30 2340864 ----a-w- c:\windows\system32\win32k.sys 2012-01-04 09:03:07 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-03 05:44:24 478208 ----a-w- c:\windows\system32\timedate.cpl . ============= FINISH: 20:09:47.78 =============== DDS.txt Attach.txt
  12. Ok, I Am To Understand That MBAM Will Not Be Able To Remove This Infection From My PC. That's Not Too Big Of A Deal, Most Of My Media Is Backed Up Onto An External HD Of One Kind Or Another. My Only Concern Is That Most Is Not All. I Shoot Video Of Local Bands And Artists Here In Seattle, Just For Fun, And Between My Last Backup Session And The Worm.Parite Infection I Have Some New Video Projects In The Works. I Have Updated MBAM Everyday, Rescan, And Worm.Parite Will Either Have 1 File Or A Bunch (297 One Time). If I Remove As Many As Possible Before It Replicates, What Are The Chances That Plugging In My External And Backing Up The Last Of My Media Will Result In The External (Or My Reformatted PC) Being Infected Further? Any Information Is Appreciated! Cheers!
  13. Hi, I downloaded Codec-C while trying to stream a video and now I can't uninstall it. It's removed programs from my start-up menu and makes random words on webpages hyperlinks. I looked up Codec-c (after installing sadly) and found that it's 'high risk malware'. I've tried running norton scans and haven't been able to remove it, I'm really not that tech-savy so any help would be very appreciated. Thanks!!
  14. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:48:12, on 25/03/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Comodo\Dragon\dragon_updater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe C:\Program Files\KeyScrambler\KeyScrambler.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Shadow Defender\DefenderDaemon.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Process Hacker 2\ProcessHacker.exe C:\Users\AVERTCOM\Downloads\Compressed\CCE\KillSwitch.exe C:\Windows\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\AVERTCOM\Desktop\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [shadow Defender Daemon] "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /Auto O4 - HKUS\S-1-5-21-3635735338-2964006992-2461654254-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3635735338-2964006992-2461654254-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll C:\Windows\System32\guard32.dll O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 6678 bytes =================================================================== Internet Explorer 9.0.8112.16421 AVERTCOM :: AVERTCOM-PC [administrador] Proteção: Não permitir 25/03/2012 18:46:31 mbam-log-2012-03-25 (18-46-31).txt Tipo de Verificação: Verificação Completa Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 276767 Tempo decorrido: 59 minuto(s), 23 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim) ===================================================================== Norman Malware Cleaner v2.05.04 Copyright © 1990 - 2012, Norman ASA. Norman Scanner Engine Version: 6.08.03 nvcbin.def: Version: 6.08.00, Date: 2012/03/25 05:03:19, Variants: 14901583 nvcmacro.def: Version: 6.08.00, Date: 2011/12/19 08:20:35, Variants: 20465 Operating System: Windows 7 Service Pack 1 Switches: /iagree /verbose /noclean /cleanrootkit Scan started: 2012/03/25 18:03:09 Running pre-scan cleanup routine... Number of malicious objects found: 0 Number of malicious objects cleaned: 0 Scanning time: 1s Scanning system for active rootkit activity... Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Number of malicious objects found: 17 Number of malicious objects cleaned: 0 Number of malicious files found: 0 Number of malicious files cleaned: 0 Scanning time: 2s Scanning running processes and process memory... Number of objects found: 971 Number of objects scanned: 971 Number of objects not scanned: 0 Number of malicious memory objects found: 0 Number of malicious objects cleaned: 0 Number of malicious files found: 0 Number of malicious files cleaned: 0 Scanning time: 1m 59s Scan aborted by user Results: Total number of files found: 0 Total number of archives unpacked: 0 Total number of objects found: 971 Total number of objects scanned: 971 Total number of objects not scanned: 0 Total number of malicious objects found: 17 Total number of malicious objects cleaned: 0 Total number of malicious files found: 0 Total number of malicious files cleaned: 0 Total number of objects quarantined: 0 Total scanning time: 2m 2s OBS:longer scan times for 5 with 4 NORMAN malware cleaner to clean them but when you restart or shut down your PC malware back Attach.txtDDS.txt
  15. log hijackthis: http://pastebin.com/SLRt4dPU log Norman_Malware_Cleaner:http://pastebin.com/S6FgTCzN log combofix: http://pastebin.com/5m8Z6mce
  16. Well, I got here from the , "I'm infected, what do I do now?" Im really worried about what's going on, mainly because I'm scared that I might have to lose data, one time my laptop's webcam even turned on itself which creeped me out. Here's the DDS file DDS.txt And here's the attach txt Attach.txt I'll appreciate what ever help I can get, thank you. My virus keeps picking up that there's a virus or something here, but It's not removing it, thank you for reading this, and have a nice day.
  17. Hello. My name is Chris and I'm having a bit of trouble with a nasty infection. On the 23rd of February I seem to have "acquired" a trojan that has henceforth spread and infected other system files. I ran ESET Smart Security 5 and MBAM and yet they can't seem to help much in the matter. I performed registry cleaning tasks on a semi-daily basis with as much help as Tune-Up Utilities can provide. The infection has surprised me and I am yet to find a resolution. A possible cause would be that I've had 2 other people not so tech-savvy use my laptop for personal "business" for about 2 days. My system restore only has 1 file recognized from November last year, but I would rather have my system cleaned rather than replaced. I'm looking for any other alternatives than a drive C format and reinstalling OS as I quite like the way my system ran prior to this infection, and have worked a lot on customizing it with various programs. I've attached the logs requested below. I'll kindly await your reply. DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 01.09.2011 10:56:52 System Uptime: 04.03.2012 17:52:16 (1 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | N/A | 2001/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 289 GiB total, 132,931 GiB free. D: is CDROM () G: is CDROM () N: is FIXED (NTFS) - 288 GiB total, 128,894 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . ????? Windows Live ?????? Windows Live ??????? ??????????? ??? Windows Live ???????? ?????????? Windows Live ?????????? Windows Live ??????????? ?? Windows Live ???????????? Windows Live AC3Filter 1.63b Adobe AIR Adobe Community Help Adobe Creative Suite 5 Master Collection Adobe Flash Player 10 ActiveX Adobe Media Player Adobe Photoshop Elements 9 Adobe Premiere Elements 9 Adobe Reader X (10.1.2) MUI Adobe Shockwave Player 11.6 ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 4 Ask Toolbar Updater Assassin's Creed Brotherhood Assassin's Creed II Assassin's Creed Revelations Atheros WiFi Driver Installation µTorrent Bing Bar Corel WinDVD D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Disciples II Rise of the Elves Disciples III: Resurrection DivX Setup Elements 9 Organizer Elements STI Installer FotoSketcher 2.20 Galeria de Fotografias do Windows Live Galeria fotografii usługi Windows Live Galerie de photos Windows Live Galerie foto Windows Live GOM Player Google Chrome High-Definition Video Playback 10 IconPackager Intel® Management Engine Components Intel® Rapid Storage Technology IrfanView (remove only) Java Auto Updater Java™ 6 Update 22 Junk Mail filter update Malwarebytes Anti-Malware version 1.60.1.1000 Mass Effect Mass Effect 2 Mass Effect™ 3 Demo Matroska Pack Mesh Runtime Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 10.0.2 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack Basic Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero Burning ROM 10 Nero BurningROM 10 Help (CHM) Nero BurnRights 10 Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero CoverDesigner 10 Nero CoverDesigner 10 Help (CHM) Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Dolby Files 10 Nero Express 10 Nero Express 10 Help (CHM) Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero MediaHub 10 Nero MediaHub 10 Help (CHM) Nero Multimedia Suite 10 Nero Recode 10 Nero Recode 10 Help (CHM) Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero SoundTrax 10 Nero SoundTrax 10 Help (CHM) Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update Nero Vision 10 Nero Vision 10 Help (CHM) Nero WaveEditor 10 Nero WaveEditor 10 Help (CHM) NVIDIA 3D Vision Video Player NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Origin PDF Settings CS5 PMB VAIO Edition Guide PMB VAIO Edition Plug-in Poczta usługi Windows Live Podstawowe programy Windows Live PxMergeModule Qualcomm Atheros Direct Connect Quick Web Access QuickTime Raccolta foto di Windows Live Rainmeter Realtek High Definition Audio Driver Remote Keyboard Remote Play with PlayStation 3 Renesas Electronics USB 3.0 Host Controller Driver Security Update for ?????? ??????? ??? ?? ???????? ??? Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for ?????? ??????? ??? ?? ???????? ??? Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja (KB2478663) Security Update for A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile NOR Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile NOR Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile PTG Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile PTG Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Istemci Profili TRK Dil Paketi (KB2478663) Security Update for Microsoft .NET Framework 4 Istemci Profili TRK Dil Paketi (KB2518870) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870) Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Beyond the Sword Sid Meier's Civilization 4 - Warlords Sid Meier's Civilization IV: Realism:Invictus Skype™ 5.5 SmartSound Quicktracks for Premiere Elements 9.0 SSLx86 Star Wars: The Old Republic StarCraft II swMSM tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi V3DPX86 VAIO - Media Gallery VAIO - PMB VAIO Edition Guide VAIO - PMB VAIO Edition Plug-in VAIO - Remote Keyboard VAIO - Remote Play with PlayStation®3 VAIO 3D Portal VAIO Care VAIO Control Center VAIO Data Restore Tool VAIO Easy Connect VAIO Event Service VAIO F Series - Summer 2011 Screensaver VAIO Gate VAIO Gate Default VAIO Hardware Diagnostics VAIO Improvement VAIO Manual VAIO Sample Contents VAIO Smart Network VAIO Transfer Support VAIO Update VC80CRTRedist - 8.0.50727.6195 VCCx86 VESx86 VirtualCloneDrive VIx86 VLC media player 1.1.11 VMware Workstation VSNx86 VWSTx86 WebCam Recorder Winamp Winamp Detector Plug-in Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotogaléria Windows Live Fotograf Galerisi Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima Windows Media Player Firefox Plugin XSplit Xvid Plus Codec Pack Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 27.02.2012 22:19:37, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 27.02.2012 22:19:36, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress. 27.02.2012 22:19:28, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 27.02.2012 22:19:28, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure. 26.02.2012 17:35:18, Error: Service Control Manager [7034] - The VAIO Power Management service terminated unexpectedly. It has done this 1 time(s). 26.02.2012 17:35:04, Error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s). 26.02.2012 12:54:22, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). 26.02.2012 12:54:16, Error: Service Control Manager [7034] - The Nero Update service terminated unexpectedly. It has done this 1 time(s). 26.02.2012 12:54:10, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). 26.02.2012 12:54:00, Error: Service Control Manager [7034] - The Bing Bar Update Service service terminated unexpectedly. It has done this 1 time(s). 04.03.2012 17:58:47, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 04.03.2012 17:58:46, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 04.03.2012 17:55:02, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 04.03.2012 17:52:40, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed. 04.03.2012 17:52:40, Error: Service Control Manager [7003] - The McAfee Anti-Spam Service service depends the following service: MfeFire. This service might not be installed. 04.03.2012 17:52:40, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 04.03.2012 17:49:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 04.03.2012 17:48:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 04.03.2012 17:48:41, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 04.03.2012 17:48:25, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Program Files (x86)\Atheros WiFi Driver Installation\AthIhvWlanExt.dll Error Code: 21 04.03.2012 17:48:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 04.03.2012 17:48:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv ElbyCDIO spldr Wanarpv6 04.03.2012 17:47:01, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 04.03.2012 16:07:15, Error: Service Control Manager [7034] - The VUAgent service terminated unexpectedly. It has done this 1 time(s). 04.03.2012 13:06:07, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 04.03.2012 13:06:05, Error: Service Control Manager [7034] - The AtherosSvc service terminated unexpectedly. It has done this 1 time(s). 04.03.2012 01:18:37, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 03.03.2012 22:37:46, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 03.03.2012 22:36:49, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 01.03.2012 18:12:55, Error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s). 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by NINE at 18:00:07 on 2012-03-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.40.1033.18.6125.3763 [GMT 0:00] . AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\SysWOW64\vmnat.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Rainmeter\Rainmeter.exe N:\Downloads\Taskbar Eliminator\Taskbar Eliminator.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Sony\VAIO Smart Network\VSNService.exe C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k bthsvcs -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\msiexec.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Sony\VAIO Update Common\VUAgent.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wbengine.exe C:\Windows\System32\vds.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Sony\VAIO Care\listener.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Program Files\Sony\VAIO Care\VCAgent.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\splwow64.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sony.eu/vaioportal uInternet Settings,ProxyOverride = <local> BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\NINE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe StartupFolder: C:\Users\NINE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKBA~1.LNK - N:\Downloads\Taskbar Eliminator\Taskbar Eliminator.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: %SystemRoot%\system32\vsocklib.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{32877206-6FCB-4797-BF56-EE38C5FF321B} : DhcpNameServer = 138.37.6.1 138.37.7.1 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\05576696 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\149657270275966496 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\25332305F6775627 : DhcpNameServer = 213.154.124.1 193.231.252.1 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\37075636472757D6 : DhcpNameServer = 172.16.66.1 TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\75962756A7 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO-X64: IESpeakDoc - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\NINE\AppData\Roaming\Mozilla\Firefox\Profiles\p78u4anx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.co.uk FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\NINE\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - c3a6b478-ff98-4305-948d-6ca708dc3437 FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader,BestVideoDownloader, FF - user.js: extensions.autoDisableScopes - 14 . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-8 138400] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-8 73376] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-10 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-24 652360] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-29 2253120] R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?] R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?] R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsnxc64.sys --> C:\Windows\system32\drivers\risdsnxc64.sys [?] R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-9-1 259192] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-9-27 2027840] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-5-10 105024] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-10 2656280] R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-5-10 550080] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448] R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-9-15 971704] R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768] R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896] R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\drivers\btath_bus.sys --> C:\Windows\system32\drivers\btath_bus.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-7-8 11856] R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-9-1 44736] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-9-2 8192] S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\drivers\btath_hcrp.sys --> C:\Windows\system32\drivers\btath_hcrp.sys [?] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\drivers\btath_rcp.sys --> C:\Windows\system32\drivers\btath_rcp.sys [?] S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-9-15 104096] S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824] S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232] S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104] S3 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-1-18 11839488] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-03-03 13:32:39 -------- d-----w- C:\Users\NINE\AppData\Local\DDMSettings 2012-03-03 13:21:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E888B89F-AB71-4949-9AC7-F0A3F306F4C8}\offreg.dll 2012-03-02 11:09:34 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E888B89F-AB71-4949-9AC7-F0A3F306F4C8}\mpengine.dll 2012-02-27 20:04:14 20480 ----a-w- C:\Windows\svchost.exe 2012-02-26 11:40:39 -------- d-----w- C:\Users\NINE\AppData\Roaming\AusLogics 2012-02-24 10:26:48 -------- d-sh--w- C:\$RECYCLE.BIN 2012-02-24 09:57:45 98816 ----a-w- C:\Windows\sed.exe 2012-02-24 09:57:45 518144 ----a-w- C:\Windows\SWREG.exe 2012-02-24 09:57:45 256000 ----a-w- C:\Windows\PEV.exe 2012-02-24 09:57:45 208896 ----a-w- C:\Windows\MBR.exe 2012-02-24 09:44:02 -------- d-----w- C:\Users\NINE\AppData\Roaming\Malwarebytes 2012-02-24 09:43:56 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-24 09:43:55 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-24 09:43:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-24 09:38:36 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-23 20:06:46 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2012-02-23 20:06:46 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2012-02-23 20:06:45 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2012-02-15 14:51:17 -------- d-----w- C:\ProgramData\EA Logs 2012-02-15 13:51:27 -------- d-----w- C:\Program Files (x86)\Origin Games 2012-02-15 13:51:25 -------- d-----w- C:\Users\NINE\AppData\Roaming\Origin 2012-02-15 13:51:25 -------- d-----w- C:\Users\NINE\AppData\Local\Origin 2012-02-15 13:51:19 -------- d-----w- C:\ProgramData\Origin 2012-02-15 13:51:19 -------- d-----w- C:\ProgramData\Electronic Arts 2012-02-15 13:51:04 -------- d-----w- C:\Program Files (x86)\Origin 2012-02-14 21:57:29 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-02-14 21:57:29 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-02-14 21:57:28 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-02-14 21:57:28 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-02-14 21:57:27 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-02-14 21:57:27 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-02-14 21:57:22 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2012-02-14 21:57:21 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-02-10 16:07:13 -------- d-----w- C:\Users\NINE\AppData\Local\VMware 2012-02-10 15:52:58 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys 2012-02-10 15:52:35 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe 2012-02-10 15:52:31 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe 2012-02-10 15:52:31 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys 2012-02-10 15:52:28 942192 ----a-w- C:\Windows\System32\vnetlib64.dll 2012-02-10 15:51:39 32880 ----a-w- C:\Windows\System32\drivers\VMkbd.sys 2012-02-10 15:51:38 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys 2012-02-10 15:50:53 -------- d-----w- C:\Program Files (x86)\VMware 2012-02-10 15:50:53 -------- d-----w- C:\Program Files (x86)\Common Files\VMware 2012-02-10 15:50:20 -------- d-----w- C:\Program Files\Common Files\VMware 2012-02-08 19:28:11 -------- d-----w- C:\Windows\System32\embrace . ==================== Find3M ==================== . 2012-02-29 14:09:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-29 05:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-28 09:12:50 28056 ----a-w- C:\Windows\System32\xfcodec64.dll 2012-01-18 13:41:32 252016 ----a-w- C:\Windows\SysWow64\vmnc.dll 2012-01-18 13:06:00 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll 2012-01-18 13:06:00 48752 ----a-w- C:\Windows\System32\vnetinst.dll 2012-01-18 13:06:00 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys 2012-01-18 13:06:00 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys 2012-01-18 13:06:00 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys 2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 18:01:04,89 =============== DDS.txt Attach.txt
  18. Hi everyone, I have been struggling to get rid of a virus that seems to be affecting my internet as well as the speed of my computer. I ran a malware quick scan and got 2 hits. trojan.agent file C:\Windows\svchost.exe trojan.agent memory process c:\Windows\svchost.exe 5876 I tried to ask malware to remove it but it was unsuccessful so I followd the next step and here is what the dds and attach files are. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Chelsea at 11:19:44 on 2012-03-03 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8180.5651 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files\Alienware\Command Center\AlienFusionService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\OSD\OSD_Service.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\AlienRespawn\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\AlienRespawn\Toaster.exe C:\Windows\system32\UI0Detect.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Chelsea\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Chelsea\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\OSD\OSD.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe C:\Windows\system32\conhost.exe C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wuauclt.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.alienware.com/ uDefault_Page_URL = hxxp://www.alienware.com/ uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120302065857.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [Akamai NetSession Interface] "C:\Users\Chelsea\AppData\Local\Akamai\netsession_win.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe mRun: [FAStartup] mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun: [<NO NAME>] mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\24142524 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\35F646F6D697 : DhcpNameServer = 10.0.0.99 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\751405021343 : DhcpNameServer = 63.162.197.99 71.2.28.14 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\96E63796768647F577966696F503939323 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\C4F66756548707C6F63796F6E6 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\E4544574541425 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{897C26D5-C169-4C0C-8F17-92C39A4BAD81} : DhcpNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll LSA: Notification Packages = scecli FAPassSync BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120302065857.dll BHO-X64: scriptproxy - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll BHO-X64: SSOIEAddonBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe mRun-x64: [FAStartup] mRun-x64: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun-x64: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 ioatdma;Intel® QuickData Technology device;C:\Windows\system32\Drivers\ioatdma.sys --> C:\Windows\system32\Drivers\ioatdma.sys [?] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?] S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?] S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?] S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?] S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?] . =============== Created Last 30 ================ . 2012-03-03 16:03:57 20480 ----a-w- C:\Windows\svchost.exe 2012-03-03 15:49:50 -------- d-----w- C:\Users\Chelsea\AppData\Roaming\Malwarebytes 2012-03-03 15:49:04 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-03 15:48:56 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-03 15:48:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-02 11:59:13 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-03-02 11:59:12 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-03-02 11:59:07 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-03-02 11:59:06 460296 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-03-02 11:59:06 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-03-02 11:59:06 1446912 ----a-w- C:\Windows\System32\lsasrv.dll 2012-03-02 11:59:05 314368 ----a-w- C:\Windows\SysWow64\webio.dll 2012-03-02 11:59:04 395776 ----a-w- C:\Windows\System32\webio.dll 2012-03-02 11:59:04 136192 ----a-w- C:\Windows\System32\sspicli.dll 2012-03-02 11:59:03 28160 ----a-w- C:\Windows\System32\secur32.dll 2012-03-02 11:59:03 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-03-02 11:58:57 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll 2012-03-02 11:56:35 1739160 ----a-w- C:\Windows\System32\ntdll.dll 2012-03-02 11:56:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-03-02 02:05:09 -------- d-----w- C:\Program Files\WiseFixer 2012-03-02 01:04:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-03-02 01:04:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-02-04 16:33:40 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-02-04 16:33:38 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-02-04 16:30:18 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-02-04 16:30:18 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-02-04 16:30:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-02-04 16:30:17 31232 ----a-w- C:\Windows\System32\lsass.exe 2012-02-04 16:30:17 28672 ----a-w- C:\Windows\System32\sspisrv.dll . ==================== Find3M ==================== . . ============= FINISH: 11:22:49.30 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/1/2011 6:36:55 PM System Uptime: 3/3/2012 11:02:27 AM (0 hours ago) . Motherboard: Alienware | | Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | CPU 1 | 1730/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 816.404 GiB free. D: is CDROM () Y: is FIXED (NTFS) - 15 GiB total, 8.199 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: facap, FastAccess Video Capture Device ID: ROOT\IMAGE\0000 Manufacturer: Sensible Vision Name: facap, FastAccess Video Capture PNP Device ID: ROOT\IMAGE\0000 Service: FACAP . ==== System Restore Points =================== . RP70: 1/25/2012 7:39:06 PM - Windows Modules Installer RP71: 1/25/2012 7:39:55 PM - Windows Modules Installer RP72: 2/4/2012 12:08:34 PM - Windows Update RP73: 2/27/2012 7:37:18 AM - Windows Update RP74: 3/1/2012 7:38:54 PM - Windows Update RP75: 3/2/2012 6:52:23 AM - Windows Update RP76: 3/3/2012 8:05:04 AM - Windows Update . ==== Installed Programs ====================== . µTorrent Accelerometer Add or Remove Adobe Creative Suite 3 Production Premium Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe After Effects CS3 Template Projects & Footage Adobe After Effects CS3 Third Party Content Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Creative Suite 3 Production Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Encore CS3 Adobe Encore CS3 Codecs Adobe Encore CS3 Library Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash CS3 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Video Encoder Adobe Fonts All Adobe Glyphlet Creation Tool CS3 Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Premiere Pro CS3 Adobe Premiere Pro CS3 Functional Content Adobe Premiere Pro CS3 Third Party Content Adobe Reader 9.1.2 Adobe Setup Adobe Soundbooth CS3 Adobe Soundbooth CS3 Codecs Adobe Soundbooth CS3 Scores Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Advanced Audio FX Engine AHV content for Acrobat and Flash AIM 7 Akamai NetSession Interface Akamai NetSession Interface Service AlienRespawn AlienRespawn - Support Software Apple Application Support Apple Software Update Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Command Center CyberLink PowerDVD 9.5 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell InHome Service Agreement DirectX 9 Runtime Download Updater (AOL LLC) Integrated Webcam Live! Central Intel® Control Center Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 22 LoJack Factory Installer Malwarebytes Anti-Malware version 1.60.1.1000 McAfee SecurityCenter Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OSD Setup PDF Settings PhotoShowExpress QuickTime Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Skype Toolbars Skype™ 5.3 Sonic CinePlayer Decoder Pack Spybot - Search & Destroy Steam Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) . ==== Event Viewer Messages From Past Week ======== . 3/2/2012 7:11:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2640148). 3/2/2012 7:02:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2660075). 3/2/2012 6:58:21 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2660465). 3/2/2012 6:58:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2645640). 3/2/2012 6:57:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2654428). 3/2/2012 6:57:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2633879). 3/2/2012 6:57:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2647516). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2632503). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2644615). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2631813). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2585542). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656355). 3/2/2012 6:48:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect. 3/2/2012 6:48:23 AM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/1/2012 10:30:39 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. . ==== End Of File =========================== Please help!! My computer is only 1 years old and should not be so slow and sad. Thank you soo much in advance!!
  19. Someone has recently been hacking very personal things of mine and I think they might have some sort of keylogger or tracking virus or something, they are able to access very old things I don't even use anymore. I'm not sure if posting this log will show anything or not, I've never had this happen before, so I'm not really sure what to do. Any help would be very much appreciated. Thank you in advance, I hope I am doing this right. hijackthis.loghijackthis.log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:34:28 PM, on 2/19/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Justina\Downloads\HijackThis.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file) O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Download Energy - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file) O3 - Toolbar: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Justina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{171B4ECF-49E3-4292-B756-1DCC91814627}: NameServer = 192.168.15.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{171B4ECF-49E3-4292-B756-1DCC91814627}: NameServer = 192.168.15.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{171B4ECF-49E3-4292-B756-1DCC91814627}: NameServer = 192.168.15.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: T-Mobile Con App Svc (CATmobile) - Unknown owner - C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\STacSV64.exe O23 - Service: T-Mobile RcApp Svc (TMobileRcAppSvc) - Unknown owner - C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 9484 bytes
  20. Hi, Well I have this backdoor win32 fynloski.a virus thing, can anyone tell me how to remove it or what it is. Thanks.
  21. Hello, Malwarebyte has been popping up notifications that it has blocked outbound access to a potentially malicious website: 178.238.233.156. Sometimes it tries to go to: 141.136.16.78 Port is 40256, Process: svchost.exe Can you help me remove this virus? Please find attached the dds.txt and attach.txt files. Much appreciated. Connie DDS.txt Attach.txt
  22. After using Malwarebytes Anti-Malware to remove the malware on my computer, I cannot connect to the Internet. I have tried using IE, Firefox and even updating AVG, but nothing. I also tried resetting/repairing the winsock and IP stack, but this does not appear to have worked. What should I try next?
  23. Apparently, I am hit with some sort of spyware or rootkit. After only 2 minutes of scanning my laptop freezes/locks up. I am a System Engineer and I have a ton of admin utilities installed and configured. I can rebuild if necessary, but I would prefer to go through a little pain if we can clean this versus a total rebuild. If you have some suggestions I would be happy to try them. I have attached my last MalwareBytes log file that is several months old. I can't scan long enough now to generate a newer log. I will try to scan in Safe Mode too to see if that helps at all. Yesterday I ran the RootKit remover on your forumn but did not seem to resolve anything. Again any help is much appreciated! Thanks mbam-log-2011-11-28 (02-20-34).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.